Jump to content


Photo

thesearchmall problems


  • Please log in to reply
5 replies to this topic

#1 Lewi

Lewi

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 21 July 2004 - 04:47 AM

I have read the FAQ's.

Thesearchmall has been consistently hijacking my home page and bringing pop ups (sometimes Porn =/) whenever i open/run IE. It also hi-jacks and GIFs that are resonabaly large that appear on any web pages and advertises stuff on it.

It also highlights words on the page, i just looked at someone elses thread and they had EXACTLY the same probs with something called 'begin2search'. I looked into his HJT file and it's also linked to thesearchmall.com sooo, yeah, if that helps :)

Now I have run SpyBot S&D, Spy Sweeper and numerous other progs many many times and i stil haven't been able to rid myself of it, here's my log just after a S&D scan. Please help, it would be VERY greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 7:15:37 PM, on 21/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\DeltTray.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\WINDOWS\System32\rundll32.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\wuauclt.exe
E:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\WinMX\WinMX.exe
E:\Program Files\Sony\SonicStage\omgjbox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Harpas\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.internode.on.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - E:\WINDOWS\System32\winsrm32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - E:\WINDOWS\System32\winsrm32.dll
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Corel DESIGNER 1011] E:\Program Files\Corel\Corel DESIGNER 10\Register\registration.exe /title="Corel DESIGNER 10" /date=062203 serial=DE10WTD-0000001-PKA
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpyKiller] E:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab


Edited by Lewi, 21 July 2004 - 05:21 AM.


#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 21 July 2004 - 01:43 PM

Hi there,

Please do this first;

You are running hijackthis out of a temporary directory. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\My Documents\hjt\HijackThis. Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis cannot create the backup files that you may need whilst it is being run from a temporary folder.


Next

Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.


#3 Lewi

Lewi

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 22 July 2004 - 04:02 AM

Thanks, did what you said. Here's the revised proper log

BTW: I run XP home and Use ZoneAlarm firewall, if that helps :lol:


Logfile of HijackThis v1.98.0
Scan saved at 6:31:25 PM, on 22/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\DeltTray.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Harpas\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.internode.on.net/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - E:\WINDOWS\System32\winsrm32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - E:\WINDOWS\System32\winsrm32.dll
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Corel DESIGNER 1011] E:\Program Files\Corel\Corel DESIGNER 10\Register\registration.exe /title="Corel DESIGNER 10" /date=062203 serial=DE10WTD-0000001-PKA
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpyKiller] E:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab


Edited by Lewi, 22 July 2004 - 05:26 AM.


#4 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 11:27 AM

Hi there,


Do this first,

Go Start>Control Panel>Add/Remove Programs, Remove any instance of;

Spykiller <<<I strongly recommend removing this, see note below.


Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - Default URLSearchHook is missing

O2 - BHO: ohb - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - E:\WINDOWS\System32\winsrm32.dll

O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - E:\WINDOWS\System32\winsrm32.dll



O4 - HKCU\..\Run: [SpyKiller] E:\Program Files\SpyKiller\spykiller.exe /startup<<<<You are running SpyHunter (or Spykiller). This is a program that advertises itself as removing spyware, but it apparently gives false positives to get you to buy it and then does a miserable job. Some even think that it may install malware. I recommend that you remove it in Add/Remove Programs. See this post for details about these programs:
http://www.safer-net...tail=2004-02-05


O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE<<<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...


O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.5.cab

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx


Restart your computer in
Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,

E:\WINDOWS\System32\winsrm32.dll<<<<File
E:\Program Files\SpyKiller\spykiller.exe<<<<Folder


Reboot, then post a fresh logfile so that I can check to see if it is clean.

#5 Lewi

Lewi

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 23 July 2004 - 07:35 AM

you are my god, I worship you, lol. Thank you SOOOOOO mcuh, i'm pretty sure that fised the prob. I really appreciate ur time, effort and help. I am in your debt.

Heres the final HJT scan log, after changes were made. I decided to keep "O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE" cos i dunno what deleting it actually does, i'd like to keep the OS intact like new.

Logfile of HijackThis v1.98.0
Scan saved at 10:02:06 PM, on 23/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\DeltTray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\Documents and Settings\Harpas\My Documents\HJT\HijackThis.exe
E:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.internode.on.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Corel DESIGNER 1011] E:\Program Files\Corel\Corel DESIGNER 10\Register\registration.exe /title="Corel DESIGNER 10" /date=062203 serial=DE10WTD-0000001-PKA
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab



#6 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 23 July 2004 - 10:14 AM

Heres the final HJT scan log, after changes were made. I decided to keep "O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE" cos i dunno what deleting it actually does, i'd like to keep the OS intact like new.

Hi there,

In fact you are not deleting the prgram, all you do is stop it from running on startup, hogging your resources. You would still be able to start it manually.

Your log is clean now, to help keep it that way do this;

To provide future protection - I would advise you to download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download
Here

Both are very small free programs that you run once, and then just weekly to check for updates.

And also see
So how did I get infected in the first place?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button