• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hinarei

Spyware infection and Internet connection broken?

10 posts in this topic

Hi! I'm new!

 

Like to know if anyone can help, please. I clicked on a link this morning, and afterwards received firewall messages (I use Norton 2003) saying about several programs wanting to access the internet. These included, optmize.exe, and wast.exe. I ran doxdesk's parasite checker and it said I had 'webhancer' parasite. I also recognised optimize being from another parasite/problem prog, Intenet Optimizer. So I started up Ad-Aware, scanned and removed what it found. After a reboot it finished removing reg entires and other processes it couldn't remove first time, as usual.

 

After it finished, I tried to connect to the internet, content that I had removed the problem.

 

Symantec Email Proxy came up with a message saying that "Symantec Email Proxy cannot scan your email messages because your network is not properly configured" error 1003,13. It had worked fine before I got the software on the comp.

 

Every time I run IE now I get a DNS error, not found page, with address "www.errorplace.com/red.php?c={86F78809-3B4B-41F68E8B-54BC8B09CC39}&aff=0catch&q=symantec", symantec if I try to click the link in the Symantec error message, or "q=hotmail" if I go to Hotmail, etc.

 

I ran a HJT check, and the error 10 looks rather ominous... :blink:

 

HJT Log

 

Logfile of HijackThis v1.97.7

Scan saved at 07:54:12, on 20/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\gsicon.exe

C:\WINDOWS\System32\dslagent.exe

C:\WINDOWS\hdixlxq.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Wacom\TabUserW.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\PROGRA~1\NORTON~1\navw32.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animemusicvideos.org/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.animemusicvideos.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.freeserve.com/

O1 - Hosts: 100.50.50.70 "WHITBY_BIRD \0x1b" #PRE

O1 - Hosts: 100.50.50.70 ATHENA #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.30 ZEUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.250 TITAN #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.140 DELPHI #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.180 PANDORA #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.10 DIONYSUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.20 APOLLO #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.150 CEREBERUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.59.1 POLLUX #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.59.2 CASTOR #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.52.102 ROMULUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.52.103 REMUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.200 ARES #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 192.60.60.30 "BATH \0x1b" #PRE

O1 - Hosts: 192.60.60.30 SATURN #PRE #DOM:BATH

O1 - Hosts: 192.60.60.60 MORPHEUS #PRE #DOM:BATH

O1 - Hosts: 192.60.60.70 JUPITER #PRE #DOM:BATH

O1 - Hosts: 99.50.50.10 "MANCHESTER \0x1b" #PRE

O1 - Hosts: 99.50.50.10 VENUS #PRE #DOM:MANCHESTER

O1 - Hosts: 99.50.50.20 JANUS #PRE #DOM:MANCHESTER

O1 - Hosts: 102.50.50.10 "CAMBRIDGE \0x1b" #PRE

O1 - Hosts: 102.50.50.10 EROS #PRE #DOM:CAMBRIDGE

O1 - Hosts: 105.50.50.10 "GLASGOW \0x1b" #PRE

O1 - Hosts: 105.50.50.10 GAIA #PRE #DOM:GLASGOW

O1 - Hosts: 106.50.50.10 "WINCHESTER \0x1b" #PRE

O1 - Hosts: 106.50.50.10 HESTIA #PRE #DOM:WINCHESTER

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {384F1DAE-B446-4929-B7EB-453AD32F9C06} - C:\WINDOWS\muftc.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [amzlv] C:\WINDOWS\hdixlxq.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Kev\Application Data\urpo.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'c:\windows\webhdll.dll' missing

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com

O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://access.gamesplayground.com/output/0...s/fullgames.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {78156E2A-B98E-423F-942D-3925F2BC0B0A} (JobListControls4.JobSuffixFinder) - http://100.50.50.140/jms2000_444/JobListControls4.CAB

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37962.569525463

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://pv2fd.pav2.hotmail.msn.com/activex/HMAtchmt.ocx

 

any help would be appreciated!

Share this post


Link to post
Share on other sites

I think I've posted this in the right place, as I have scanned my machine with an up-to-date Ad-Aware before posting it here... That's right, isn't it?

Share this post


Link to post
Share on other sites

I think when I removed the webhancer with AdAware, its killed my connection, I just like to know how to repair it please, if anyone's ever had this before...

Share this post


Link to post
Share on other sites

You do have a few things that need to be removed, o fellow Su-fan. (I'm more partial to Shinobu myself, but Su would be right at home here at SWI.)

 

Tap Ctrl+Alt+Delete, click the Processes tab, and end the following process:

 

hdixlxq.exe

 

Close all programs, tick the following for removal in HJT, and click "Fix Checked:"

 

O2 - BHO: (no name) - {384F1DAE-B446-4929-B7EB-453AD32F9C06} - C:\WINDOWS\muftc.dll

 

O4 - HKLM\..\Run: [amzlv] C:\WINDOWS\hdixlxq.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Kev\Application Data\urpo.exe

 

Next, get a copy of LSPFix from the link below.

 

http://www.cexx.org/lspfix.htm

 

Run it.

 

Select all instances of "webhdll.dll" in it, then click "I Know What I'm Doing," then click "Fix."

 

Reboot.

 

Find and delete the following files/folders:

 

C:\Documents and Settings\Kev\Application Data\urpo.exe

C:\Program Files\webHancer\

C:\WINDOWS\hdixlxq.exe

 

Scan with HJT again and post the new log into a reply to this thread.

 

"Spyware? Is it delicious?"

 

And if memory serves, that avatar of yours is from the Love Hina manga where Motoko went off to her kendo training camp and Keitaro ended up being Su's playmate... thus ruining his back in the process and becoming the victim of a few Naru-punches.

Edited by Tuxedo Jack

Share this post


Link to post
Share on other sites

Thanks! Su would fit right in here, little hacker that she is! Not that any of us are hackers...

 

I'll go through this and see if I can get online to post back here.

 

Your memory has not failed you. That's the right scene. Funny as heck!

 

"CWS? Can I eat it?"

Edited by hinarei

Share this post


Link to post
Share on other sites

Bah. The true definition of hacker is one who can make machines do cool things. Su most certainly fits that definition, as do most of the Helpers and everyone in the Experts, Mods, and Admin groups.

 

Except for what she did in episode 13 with her Cherry-kun robot.

Share this post


Link to post
Share on other sites

Hi my name is Darrick >fhaspeaker> the same thing happened to me and I cabt get online at all. when i reboot I get an error message fash.exe and that Symantec Email Proxy came up with a message saying that "Symantec Email Proxy cannot scan your email messages because your network is not properly configured.

 

The only software I have on that computer is adware and thats it. whats the first step you took to get that report from hj

Share this post


Link to post
Share on other sites

FHASpeaker, you can download HijackThis from the link in my signature. Save it to a new folder, then run it, click "Scan," then click "Save Log." Copy and paste the text of that log into a new thread in the Malware Removal forum. Please do not post your log into this thread, as it will make the thread harder to follow.

Share this post


Link to post
Share on other sites

The cherry-kun robot was strange, but a good idea. Practice makes perfect, and no-one's gonna kiss you if you're no good at it, right ? ;)

 

I appear to be online! Hooray! Here's my new log:

 

HJT Log - after LSPFix

 

Logfile of HijackThis v1.97.7

Scan saved at 20:27:29, on 20/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\gsicon.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Wacom\TabUserW.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animemusicvideos.org/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.animemusicvideos.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.freeserve.com/

O1 - Hosts: 100.50.50.70 "WHITBY_BIRD \0x1b" #PRE

O1 - Hosts: 100.50.50.70 ATHENA #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.30 ZEUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.250 TITAN #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.140 DELPHI #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.180 PANDORA #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.10 DIONYSUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.20 APOLLO #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.150 CEREBERUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.59.1 POLLUX #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.59.2 CASTOR #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.52.102 ROMULUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.52.103 REMUS #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 100.50.50.200 ARES #PRE #DOM:WHITBY_BIRD

O1 - Hosts: 192.60.60.30 "BATH \0x1b" #PRE

O1 - Hosts: 192.60.60.30 SATURN #PRE #DOM:BATH

O1 - Hosts: 192.60.60.60 MORPHEUS #PRE #DOM:BATH

O1 - Hosts: 192.60.60.70 JUPITER #PRE #DOM:BATH

O1 - Hosts: 99.50.50.10 "MANCHESTER \0x1b" #PRE

O1 - Hosts: 99.50.50.10 VENUS #PRE #DOM:MANCHESTER

O1 - Hosts: 99.50.50.20 JANUS #PRE #DOM:MANCHESTER

O1 - Hosts: 102.50.50.10 "CAMBRIDGE \0x1b" #PRE

O1 - Hosts: 102.50.50.10 EROS #PRE #DOM:CAMBRIDGE

O1 - Hosts: 105.50.50.10 "GLASGOW \0x1b" #PRE

O1 - Hosts: 105.50.50.10 GAIA #PRE #DOM:GLASGOW

O1 - Hosts: 106.50.50.10 "WINCHESTER \0x1b" #PRE

O1 - Hosts: 106.50.50.10 HESTIA #PRE #DOM:WINCHESTER

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com

O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://access.gamesplayground.com/output/0...s/fullgames.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {78156E2A-B98E-423F-942D-3925F2BC0B0A} (JobListControls4.JobSuffixFinder) - http://100.50.50.140/jms2000_444/JobListControls4.CAB

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37962.569525463

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://pv2fd.pav2.hotmail.msn.com/activex/HMAtchmt.ocx

Edited by hinarei

Share this post


Link to post
Share on other sites

You are indeed clean.

 

 

Clear your Temporary Internet Files immediately. To do this, go to the Internet Controls control panel, then click "Delete Files." Tick the checkbox there, then click "OK.'

 

You may wish to look at Mozilla Firefox instead of IE. It has no security holes, doesn't integrate into the Windows shell (which is a bad thing due to the shell's control over the system), doesn't download anything without your approval, and doesn't get hijacked.

 

It also takes up less resources and uses tabs or new windows (tabs save desktop and taskbar space and make closing windows easier). It also comes with a built-in popup blocker as well as the ability to block images from servers (i.e. advertisements) with a right-click.

 

Firefox is immune to CWS in all its forms. You will _never_ get hijacked by CWS or any of its affiliates ever again if you use Firefox.

 

There's a link to it in my signature.

 

IE-SPYAD places over 4,000 known evil sites into the Restricted Sites zone in Internet Explorer so they can't execute ActiveX, Java, or place cookies on your machine. It's a rather nice thing to have. There's a link to it in my signature.

 

SpywareBlaster can prevent spyware from installing itself on your computer. It does require updating every now and again, but it's rather easy to operate. Just install, run, update, click "Protect," and you're done. Update once every month or so. There's a link in my signature.

 

Don't forget to use Windows Update once a week.

 

Also, just for kicks and giggles, you may want to check out my Love Hina/Sailormoon fusion story, "Over-Violent Student Double Hail Hina." It's both on tuxedojack.com and fanfiction.net. I've also got a chapter of Andrew Talon's "Love Hina Fanboy War: The Bonds of Time" that'll be up soon, and there's a screwy Love Hina/Weiß Kreuz fusion that I have in the pipe.

 

Happy computing, and yes, it is delicious!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0