• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Circuit Breaker

PLS HELP ME

24 posts in this topic

Hi .....i have been having this problem wif the browser hijacker...it first affected one of my pc's which is totally ruined and now its got another...i need to savethis one....

 

it isn't as big as the other problems i've read here....i think its a lot less....but pls SOME ONE HAS TO HELP ME i'm furstrated and tried everything.......and i have no clue how the pc gets infected........ :scratchhead:

 

i have adaware and spy bot...i ran it when i first noticed the http://find4u.net/index.htm appearing hen i tried to use IE.....it only finds 5 objects.

whcih is ok...............after the reoval and quarantation process.......i restart the pc.....but then the END PROGRAM comes up and tries to shut down a prgram called WIN MIN.i have no idea what this is...as the pc tries to shut it down it says the application is not responding...........and hence the changes made cannot be saved...

 

Here r the locations in the registry

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagefind4u.net

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "http://find4u.net/index.htm"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "http://find4u.net/index.htm"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagefind4u.net

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "http://find4u.net/index.htm"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://find4u.net/index.htm"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barfind4u.net

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "http://find4u.net/sp.htm"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://find4u.net/sp.htm"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchURLfind4u.net

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "http://find4u.net/index.htm"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://find4u.net/index.htm"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantfind4u.net

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "http://find4u.net/sp.htm"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://find4u.net/sp.htm"

 

PLEASE HELP ME PLEASE I CAN'T GET IT OUT!!!!!!!!!!...

Share this post


Link to post
Share on other sites

Hi there,

 

As you have a variety of issues, I suggest you proceed as follows:

Download the latest version of CWShredder Here by Merijn Bellekom, the creator of Hijack This. Check for updates!!

Run it, press 'Fix', and allow it to fix all it finds.

 

 

Next;

 

Please do this,

 

Download 'Hijack This!'. Here

Save it to a convenient permanent folder like this C:\HJT\HijackThis.exe, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Here is the log u requested....................after i scanned with HijackThis and The Shredder

 

Logfile of HijackThis v1.98.0

Scan saved at 8:51:33 PM, on 7/13/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SymTray.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Internet Explorer\IEeng.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

C:\WINNT\system32\ntvdm.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Software\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler

O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O20 - AppInit_DLLs: apitrap.dll

Share this post


Link to post
Share on other sites

Hi there,

 

Restart your computer in

Safe Mode Also make sure you show hidden files

 

Delete this file

 

C:\Program Files\Internet Explorer\IEeng.exe<<<<File

 

After you have done that your log will be clean, do this to help keep it that way,

 

To provide future protection - I would advise you to download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

 

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

 

 

 

You also need to Update Windows and InternetExplorer, to get all the Latest Security Patches that Protects Your Computer.

 

This can be accessed by going Here and following the prompts.

Edited by 12g

Share this post


Link to post
Share on other sites

fisr tof all let me thank u for taking the time to help solve my problem...........Well i seem to have gotten rid of the WIN MIN thing. but the browser is still hijacked..........what do i do???

 

btw what tipped u off about that IENG.exe????????????????

Share this post


Link to post
Share on other sites
fisr tof all let me thank u for taking the time to help solve my problem...........Well i seem to have gotten rid of the WIN MIN thing. but the browser is still hijacked..........what do i do???

 

btw what tipped u off about that IENG.exe????????????????

Hi there,

 

You are very welcome :wave:

 

Repost a fresh logfile please.

 

 

IENG.exe.......that is a file extension that should not be in that folder!!.

Share this post


Link to post
Share on other sites

hi.......................What did u mean by not supposed to be in that folder??...could u elaborate pls....and the find4u has disappeared........................its no longer there.....i think we killed it............. :lol::D:bounce:

Share this post


Link to post
Share on other sites
hi.......................What did u mean by not supposed to be in that folder??...could u elaborate pls....and the find4u has disappeared........................its no longer there.....i think we killed it............. :lol:  :D  :bounce:

Hi there,

 

You have Microsoft’s Internet Explorer running ! if the full path showing is C:\Program Files\Internet Explorer\Iexplore.exe then we are happy. Anything else is suspicious!!

 

C:\Program Files\Internet Explorer\IEeng.exe

 

I hope that helps :wave:

 

Are you trouble free now?

Share this post


Link to post
Share on other sites

Hi .thanx again for helping me wif my pc.............we have killed the parasite..no if u could help em with my other Pc..........its infected wif theSearch for.....the IE gives me an About Blank

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Thursday, July 15, 2004 12:22:53 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R328 06.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R328 06.07.2004

Internal build : 260

File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

Total size : 1289414 Bytes

Signature data size : 1268789 Bytes

Reference data size : 20561 Bytes

Signatures total : 28175

Target categories : 10

Target families : 512

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:30 %

Total physical memory:228848 kb

Available physical memory:68340 kb

Total page file size:551220 kb

Available on page file:326932 kb

Total virtual memory:2097024 kb

Available virtual memory:2046436 kb

OS:Windows 2000

 

 

7-15-2004 12:22:53 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 7-15-2004 4:07:41 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:44 PM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:46 PM

BasePriority : Normal

FileSize : 87 KB

FileVersion : 5.00.2195.6700

ProductVersion : 5.00.2195.6700

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:4 [lsass.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:46 PM

BasePriority : Normal

FileSize : 32 KB

FileVersion : 5.00.2195.6695

ProductVersion : 5.00.2195.6695

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : LSA Executable and Server DLL (Export Version)

InternalName : lsasrv.dll and lsass.exe

OriginalFilename : lsasrv.dll and lsass.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:5 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:48 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:6 [spoolsv.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:49 PM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 5.00.2195.6659

ProductVersion : 5.00.2195.6659

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolss.exe

OriginalFilename : spoolss.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 11/18/2003 12:47:58 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:7 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-15-2004 4:07:49 PM

BasePriority : Normal

FileSize : 309 KB

FileVersion : 1.03.4

ProductVersion : 1.03.4

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Event Manager

Created on : 6/23/2004 5:32:26 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 7/17/2003 3:16:38 PM

 

#:8 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:51 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:9 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 7-15-2004 4:07:54 PM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 6/23/2004 5:32:00 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 11/14/2002 11:41:26 PM

 

#:10 [nprotect.exe]

FilePath : C:\Program Files\Norton AntiVirus\AdvTools\

ThreadCreationTime : 7-15-2004 4:07:55 PM

BasePriority : Normal

FileSize : 132 KB

FileVersion : 16.00.0.22

ProductVersion : 16.00.0.22

Copyright : Copyright © 2003 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

OriginalFilename : NPROTECT.EXE

ProductName : Norton Utilities

Created on : 5/24/2004 2:37:10 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 8/14/2002 10:03:00 AM

 

#:11 [pppoeservice.exe]

FilePath : C:\PROGRA~1\EFFICI~1\ENTERN~1\app\

ThreadCreationTime : 7-15-2004 4:07:55 PM

BasePriority : Normal

FileSize : 48 KB

Created on : 11/18/2003 5:46:53 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 7/11/2000 2:48:36 PM

 

#:12 [regsvc.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:55 PM

BasePriority : Normal

FileSize : 66 KB

FileVersion : 5.00.2195.6701

ProductVersion : 5.00.2195.6701

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Remote Registry Service

InternalName : regsvc

OriginalFilename : REGSVC.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:13 [mstask.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:56 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 4.71.2195.6704

ProductVersion : 4.71.2195.6704

Copyright : Copyright © Microsoft Corp. 1997

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 11/18/2003 12:55:43 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:14 [slserv.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:57 PM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 2.80.00(24Apr2000)

ProductVersion : 2.80.00

Copyright : Copyright

FileDescription : User-Level Modem Service

InternalName : slserv

OriginalFilename : slserv.exe

ProductName : Modem

Created on : 11/29/2001 10:39:14 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 11/29/2001 10:39:14 PM

 

#:15 [winmgmt.exe]

FilePath : C:\WINNT\System32\WBEM\

ThreadCreationTime : 7-15-2004 4:07:57 PM

BasePriority : Normal

FileSize : 192 KB

FileVersion : 1.50.1085.0100

ProductVersion : 1.50.1085.0100

Copyright : Copyright © Microsoft Corp. 1995-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Management Instrumentation

InternalName : WINMGMT

ProductName : Windows Management Instrumentation

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:16 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 7-15-2004 4:07:57 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:17 [explorer.exe]

FilePath : C:\WINNT\

ThreadCreationTime : 7-15-2004 4:08:10 PM

BasePriority : Normal

FileSize : 237 KB

FileVersion : 5.00.3700.6690

ProductVersion : 5.00.3700.6690

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/1/1980 4:00:00 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 6/20/2003 4:00:00 PM

 

#:18 [bsclip.exe]

FilePath : C:\PROGRA~1\B'SCLI~1\Win2K\

ThreadCreationTime : 7-15-2004 4:08:16 PM

BasePriority : Normal

FileSize : 1276 KB

Created on : 11/18/2003 1:55:09 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 5/15/2003 9:28:00 AM

 

#:19 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_02\bin\

ThreadCreationTime : 7-15-2004 4:08:16 PM

BasePriority : Normal

FileSize : 32 KB

Created on : 9/16/2003 11:01:18 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 9/16/2003 11:01:14 PM

 

#:20 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-15-2004 4:08:17 PM

BasePriority : Normal

FileSize : 53 KB

FileVersion : 1.0.10.006

ProductVersion : 1.0.10.006

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client CC App

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 7/6/2004 4:43:00 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 12/2/2003 8:11:04 PM

 

#:21 [pscomp.exe]

FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\

ThreadCreationTime : 7-15-2004 4:08:18 PM

BasePriority : Normal

FileSize : 512 KB

FileVersion : 4, 0, 0, 1000

ProductVersion : 1, 0, 0, 1

Copyright : Copyright © 2001-2003

CompanyName : Panicware, Inc.

FileDescription : Pop-Up Stopper Companion

InternalName : Pop-Up Stopper Companion

OriginalFilename : PSComp.exe

ProductName : Pop-Up Stopper Companion

Created on : 11/18/2003 1:18:44 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 7/21/2003 7:19:56 PM

 

#:22 [msnmsgr.exe]

FilePath : C:\Program Files\MSN Messenger\

ThreadCreationTime : 7-15-2004 4:08:19 PM

BasePriority : Normal

FileSize : 4572 KB

FileVersion : 6.1.0211

ProductVersion : Version 6.1

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msnmsgr

OriginalFilename : msnmsgr.exe

ProductName : Messenger

Created on : 3/4/2004 7:01:00 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 3/4/2004 7:01:00 PM

 

#:23 [wzqkpick.exe]

FilePath : C:\Program Files\WinZip\

ThreadCreationTime : 7-15-2004 4:08:22 PM

BasePriority : Normal

FileSize : 104 KB

FileVersion : 1.0 (32-bit)

ProductVersion : 8.1 (4319)

Copyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

OriginalFilename : WZQKPICK.EXE

ProductName : WinZip

Created on : 3/13/2004 7:12:31 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 2/11/2003 12:10:00 PM

 

#:24 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 7-15-2004 4:18:27 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 8/29/2002 11:14:40 AM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 8/29/2002 11:14:40 AM

 

#:25 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 7-15-2004 4:22:44 PM

BasePriority : Idle

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 5/12/2004 11:26:45 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 7/13/2003 2:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html"

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\winnt\system32\ijkmkea.dll

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{6E7E25D0-F182-45FC-B4EC-71C009F2A67F}

 

 

CoolWebSearch Object recognized!

Type : File

Data : ijkmkea.dll

Category : Malware

Comment :

Object : c:\winnt\system32\

FileSize : 30 KB

Created on : 7/6/2004 6:19:45 PM

Last accessed : 7/15/2004 4:00:00 AM

Last modified : 7/6/2004 6:19:46 PM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\winnt\system32\ijkmkea.dll

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{DBD982B7-F8DE-4776-8C4C-4A7FB0472C6B}

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\winnt\system32\ijkmkea.dll

Rootkey : HKEY_CLASSES_ROOT

Object : PROTOCOLS\Filter\text/html

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\winnt\system32\ijkmkea.dll

Rootkey : HKEY_CLASSES_ROOT

Object : PROTOCOLS\Filter\text/plain

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\winnt\system32\ijkmkea.dll

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E7E25D0-F182-45FC-B4EC-71C009F2A67F}

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 13

Objects found so far: 14

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 14

 

Reanalyzing scan result

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

No objects have been removed from the result list.

 

 

12:31:48 PM Scan stopped by user.

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:08:54:709

Objects scanned :73584

Objects identified :14

Objects ignored :0

New objects :14

Share this post


Link to post
Share on other sites

Hi there,

 

Please post a HJT logfile from that PC

Share this post


Link to post
Share on other sites

hi..here the HJT log for the infected pc....

 

Logfile of HijackThis v1.98.0

Scan saved at 10:03:05 PM, on 7/16/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll (disabled by BHODemon)

O2 - BHO: (no name) - {6E7E25D0-F182-45FC-B4EC-71C009F2A67F} - C:\WINNT\system32\ijkmkea.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...367/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Filter: text/html - {DBD982B7-F8DE-4776-8C4C-4A7FB0472C6B} - C:\WINNT\system32\ijkmkea.dll

O18 - Filter: text/plain - {DBD982B7-F8DE-4776-8C4C-4A7FB0472C6B} - C:\WINNT\system32\ijkmkea.dll

Share this post


Link to post
Share on other sites

Hi there,

 

I need you to do this first;

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

NOTE THE OPTIONAL FIX

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

 

O2 - BHO: (no name) - {6E7E25D0-F182-45FC-B4EC-71C009F2A67F} - C:\WINNT\system32\ijkmkea.dll

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

 

O18 - Filter: text/html - {DBD982B7-F8DE-4776-8C4C-4A7FB0472C6B} - C:\WINNT\system32\ijkmkea.dll

O18 - Filter: text/plain - {DBD982B7-F8DE-4776-8C4C-4A7FB0472C6B} - C:\WINNT\system32\ijkmkea.dll

 

 

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

Not all or any of these may still show,

 

C:\WINNT\system32\ijkmkea.dll<<<<File

 

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

Here is the log after i did what u told me to do....

 

Logfile of HijackThis v1.98.0

Scan saved at 11:47:14 AM, on 7/18/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll (disabled by BHODemon)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EB66BB47-E949-45FE-A06D-DFB389EF0A0C} - C:\WINNT\system32\ijkmkea.dll (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...367/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Filter: text/html - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

O18 - Filter: text/plain - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

Share this post


Link to post
Share on other sites

Hi there,

 

This is going to need a special fix. I am in the process of digging it up, please bear with me :wave:

Share this post


Link to post
Share on other sites

No problem sir.....but just xplain to me by what u mean special fix.??i 'm really interested.........??wanna know as much as possible if its not a problem.....

Share this post


Link to post
Share on other sites

Hi there,

 

but just xplain to me by what u mean special fix.??i 'm really interested.........??wanna know as much as possible if its not a problem.....

 

Fixing these problems with HJT is not a solution. Hopefully this might work.

 

Ok I need you to go here and run the scan, note any files detected as TROJ_STRTPAGE.IS. Then post the file names here if any. There will be more to do.

Share this post


Link to post
Share on other sites

Hi ..i can't scan my pc.. i get an Internet Explorer error and have to restart the whole application over and over again.is there anythign else u can suggest.......right after i click yes...to the install and run ..i get an error and Ie shuts down.....

Share this post


Link to post
Share on other sites

Hi there,

 

Ok do this,

 

Removing malware entries from the registry prevents the malware from executing at startup.

 

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

In the left panel, double-click the following:

HKEY_CURRENT_USER\Software\Microsoft\

Internet Explorer\Main

 

In the right panel, locate and delete the following entries:

HOMEOldSP = "about:blank"

Search Bar = "file://%Temp%\sp.html"

Use Search Asst = "no"

Use Custom Search URL = dword:00000001

 

In the left panel, double-click the following:

HKEY_CURRENT_USER\Software\Microsoft\

Internet Explorer\Search

 

In the right panel, locate and delete the entry:

SearchAssistant = "file://%Temp%\sp.html"

In the left panel, double-click the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\

Internet Explorer\Main

 

In the right panel, locate and delete the following entries:

HOMEOldSP = "about:blank"

Search Bar = "file://%Temp%\sp.html"

Use Search Asst = "no"

Use Custom Search URL = dword:00000001

(Note: %Temp% refers to the Windows temporary folder.)

Close Registry Editor.

Resetting Internet Explorer Homepage and Search Page

 

This procedure restores the Internet Explorer home page and search page to the default settings.

 

Close all Internet Explorer windows.

Open Control Panel. Click Start>Settings>Control Panel

Double-click the Internet Options icon.

In the Internet Properties window, click the Programs tab.

Click the “Reset Web Settings…” button.

Select “Also reset my home page.” Click Yes.

Click OK.

Deleting Malware File

 

Right-click Start then click Search… or Find…, depending on the version of Windows you are running.

In the Named input box, type:

SP.HTML

In the Look In drop-down list, select the drive that contains Windows, then press Enter.

Once located, select the file then press Delete.

 

 

Repost a fresh logfile here.

Share this post


Link to post
Share on other sites

Here is the fresh log after i deletedall the keys in the registry....

 

Logfile of HijackThis v1.98.0

Scan saved at 12:26:54 PM, on 7/21/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll (disabled by BHODemon)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EB66BB47-E949-45FE-A06D-DFB389EF0A0C} - C:\WINNT\system32\ijkmkea.dll (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...367/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Filter: text/html - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

O18 - Filter: text/plain - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

Share this post


Link to post
Share on other sites

Hi there,

 

Looks like we got somewhere!!

 

Please do this now;

 

 

You are running hijackthis out of a temporary directory. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\My Documents\hjt\HijackThis. Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis cannot create the backup files that you may need whilst it is being run from a temporary folder

 

When you have done this, then make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

 

O2 - BHO: (no name) - {EB66BB47-E949-45FE-A06D-DFB389EF0A0C} - C:\WINNT\system32\ijkmkea.dll (file missing)

 

O18 - Filter: text/html - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

O18 - Filter: text/plain - {5AFB10EA-0BD3-4F8E-873C-758F7741B413} - C:\WINNT\system32\ijkmkea.dll

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

Not all or any of these may still show,

 

 

C:\WINNT\system32\ijkmkea.dll<<<<File

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

here is the log after the changes made.......

 

Logfile of HijackThis v1.98.0

Scan saved at 1:12:47 PM, on 7/22/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Software\hijack\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll (disabled by BHODemon)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSCOMP.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...367/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Share this post


Link to post
Share on other sites

Hi there,

 

 

Your log is clean now, to help keep it that way do this:

 

To provide future protection - I would advise you to download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

 

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Hi 12g........thanx for helping me fix my pc.....and having the patience to do so........in the future...i hope i can contact u when ever i have problems with my pc..... :wave::thumbsup:

 

regards

 

circuit breaker

Share this post


Link to post
Share on other sites

You are very welcome :wave:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0