Jump to content


Photo

res:// Highjacker Problem


  • Please log in to reply
5 replies to this topic

#1 logic123

logic123

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 July 2004 - 06:16 PM

I have so far removed 4 viruses and one trojan from the system. I have used all updated spyware removal tools that the forum has recommended in the FAQs. I have also installed Spyware Guard & Aluria's Spy Eliminator. I have used Highjack This four times and the only thing keeping my systrem from being overtaken is the Spy Guard resident in memory. Right now, Spy Guard comes up every 30-60 seconds warning me of an attempted hijack.

I already have all the files recommended to fix this problem. All I need now is the guidence to have a successful recovery. Here is my Startuplist Log file from Highjack This:

StartupList report, 7/23/2004, 5:52:20 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\default\Desktop\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\d3cx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\default\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
THGuard = "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
MSConfig = C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

d3cx.exe = C:\WINNT\d3cx.exe
sysol32.exe = C:\WINNT\system32\sysol32.exe
javatq32.exe = C:\WINNT\system32\javatq32.exe
d3rs32.exe = C:\WINNT\system32\d3rs32.exe
netpg.exe = C:\WINNT\netpg.exe
mseq.exe = C:\WINNT\system32\mseq.exe
apiym.exe = C:\WINNT\apiym.exe
apifv32.exe = C:\WINNT\system32\apifv32.exe
ipre32.exe = C:\WINNT\ipre32.exe
sdkjo.exe = C:\WINNT\system32\sdkjo.exe
netkd32.exe = C:\WINNT\netkd32.exe
appiv.exe = C:\WINNT\appiv.exe
apiiw32.exe = C:\WINNT\system32\apiiw32.exe
systm32.exe = C:\WINNT\system32\systm32.exe
mfcex.exe = C:\WINNT\system32\mfcex.exe
addpj.exe = C:\WINNT\system32\addpj.exe
mfczw32.exe = C:\WINNT\system32\mfczw32.exe
sdkxm.exe = C:\WINNT\system32\sdkxm.exe
atleo32.exe = C:\WINNT\system32\atleo32.exe
d3bx32.exe = C:\WINNT\system32\d3bx32.exe
ipkp32.exe = C:\WINNT\system32\ipkp32.exe
appbp.exe = C:\WINNT\system32\appbp.exe
sdknj.exe = C:\WINNT\system32\sdknj.exe
atljr32.exe = C:\WINNT\atljr32.exe
atlip32.exe = C:\WINNT\system32\atlip32.exe
winag32.exe = C:\WINNT\winag32.exe
winye.exe = C:\WINNT\system32\winye.exe
iets.exe = C:\WINNT\system32\iets.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\PICTUR~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

FRU Task #Hewlett-Packard#hp officejet 6100 series#1066711768.job
WebReg 20031025105829.job

--------------------------------------------------

Enumerating Download Program Files:

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINNT\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.com...kup/qdiagcc.cab

[{556DDE35-E955-11D0-A707-000000521957}]
CODEBASE = http://www.xblock.co...clean_micro.exe

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[IMCv1 Control]
InProcServer32 = C:\WINNT\DOWNLO~1\imcv1.dll
CODEBASE = http://81.29.75.60/talk.cab

[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft.../as5/asinst.cab

[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE = http://v4.windowsupd...8061.3205902778

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll

--------------------------------------------------
End of report, 6,631 bytes
Report generated in 0.160 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 24 July 2004 - 06:10 AM

Hi there,

Please do this first;

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.


Next;

It is the logfile I need to analyse. Also to make sure it is the latest version 1.98 do this.

Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.


#3 logic123

logic123

    Member

  • New Member
  • Pip
  • 3 posts

Posted 24 July 2004 - 10:23 AM

Logfile of HijackThis v1.98.0
Scan saved at 10:15:36 AM, on 7/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\d3cx.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ymcwp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [d3cx.exe] C:\WINNT\d3cx.exe
O4 - HKLM\..\RunOnce: [sysol32.exe] C:\WINNT\system32\sysol32.exe
O4 - HKLM\..\RunOnce: [javatq32.exe] C:\WINNT\system32\javatq32.exe
O4 - HKLM\..\RunOnce: [d3rs32.exe] C:\WINNT\system32\d3rs32.exe
O4 - HKLM\..\RunOnce: [netpg.exe] C:\WINNT\netpg.exe
O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINNT\system32\mseq.exe
O4 - HKLM\..\RunOnce: [apiym.exe] C:\WINNT\apiym.exe
O4 - HKLM\..\RunOnce: [apifv32.exe] C:\WINNT\system32\apifv32.exe
O4 - HKLM\..\RunOnce: [ipre32.exe] C:\WINNT\ipre32.exe
O4 - HKLM\..\RunOnce: [sdkjo.exe] C:\WINNT\system32\sdkjo.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINNT\netkd32.exe
O4 - HKLM\..\RunOnce: [appiv.exe] C:\WINNT\appiv.exe
O4 - HKLM\..\RunOnce: [apiiw32.exe] C:\WINNT\system32\apiiw32.exe
O4 - HKLM\..\RunOnce: [systm32.exe] C:\WINNT\system32\systm32.exe
O4 - HKLM\..\RunOnce: [mfcex.exe] C:\WINNT\system32\mfcex.exe
O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINNT\system32\addpj.exe
O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINNT\system32\mfczw32.exe
O4 - HKLM\..\RunOnce: [sdkxm.exe] C:\WINNT\system32\sdkxm.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINNT\system32\atleo32.exe
O4 - HKLM\..\RunOnce: [d3bx32.exe] C:\WINNT\system32\d3bx32.exe
O4 - HKLM\..\RunOnce: [ipkp32.exe] C:\WINNT\system32\ipkp32.exe
O4 - HKLM\..\RunOnce: [appbp.exe] C:\WINNT\system32\appbp.exe
O4 - HKLM\..\RunOnce: [sdknj.exe] C:\WINNT\system32\sdknj.exe
O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINNT\atljr32.exe
O4 - HKLM\..\RunOnce: [atlip32.exe] C:\WINNT\system32\atlip32.exe
O4 - HKLM\..\RunOnce: [winag32.exe] C:\WINNT\winag32.exe
O4 - HKLM\..\RunOnce: [winye.exe] C:\WINNT\system32\winye.exe
O4 - HKLM\..\RunOnce: [iets.exe] C:\WINNT\system32\iets.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://wwwmsn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://wwwmsn.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://81.29.75.60/talk.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#4 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 24 July 2004 - 10:31 AM

Hi there,

Download About:Buster;

Here

Unzip it to your desktop. DO NOT RUN IT YET!!


Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';


O4 - HKLM\..\RunOnce: [d3cx.exe] C:\WINNT\d3cx.exe
O4 - HKLM\..\RunOnce: [sysol32.exe] C:\WINNT\system32\sysol32.exe
O4 - HKLM\..\RunOnce: [javatq32.exe] C:\WINNT\system32\javatq32.exe
O4 - HKLM\..\RunOnce: [d3rs32.exe] C:\WINNT\system32\d3rs32.exe
O4 - HKLM\..\RunOnce: [netpg.exe] C:\WINNT\netpg.exe
O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINNT\system32\mseq.exe
O4 - HKLM\..\RunOnce: [apiym.exe] C:\WINNT\apiym.exe
O4 - HKLM\..\RunOnce: [apifv32.exe] C:\WINNT\system32\apifv32.exe
O4 - HKLM\..\RunOnce: [ipre32.exe] C:\WINNT\ipre32.exe
O4 - HKLM\..\RunOnce: [sdkjo.exe] C:\WINNT\system32\sdkjo.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINNT\netkd32.exe
O4 - HKLM\..\RunOnce: [appiv.exe] C:\WINNT\appiv.exe
O4 - HKLM\..\RunOnce: [apiiw32.exe] C:\WINNT\system32\apiiw32.exe
O4 - HKLM\..\RunOnce: [systm32.exe] C:\WINNT\system32\systm32.exe
O4 - HKLM\..\RunOnce: [mfcex.exe] C:\WINNT\system32\mfcex.exe
O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINNT\system32\addpj.exe
O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINNT\system32\mfczw32.exe
O4 - HKLM\..\RunOnce: [sdkxm.exe] C:\WINNT\system32\sdkxm.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINNT\system32\atleo32.exe
O4 - HKLM\..\RunOnce: [d3bx32.exe] C:\WINNT\system32\d3bx32.exe
O4 - HKLM\..\RunOnce: [ipkp32.exe] C:\WINNT\system32\ipkp32.exe
O4 - HKLM\..\RunOnce: [appbp.exe] C:\WINNT\system32\appbp.exe
O4 - HKLM\..\RunOnce: [sdknj.exe] C:\WINNT\system32\sdknj.exe
O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINNT\atljr32.exe
O4 - HKLM\..\RunOnce: [atlip32.exe] C:\WINNT\system32\atlip32.exe
O4 - HKLM\..\RunOnce: [winag32.exe] C:\WINNT\winag32.exe
O4 - HKLM\..\RunOnce: [winye.exe] C:\WINNT\system32\winye.exe
O4 - HKLM\..\RunOnce: [iets.exe] C:\WINNT\system32\iets.exe

Close HijackThis

Reboot into safe mode

Open About:Buster

Hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Post the report and a new HijackThis log here.

#5 logic123

logic123

    Member

  • New Member
  • Pip
  • 3 posts

Posted 24 July 2004 - 12:01 PM

I forgot to save the About Buster log, but during the scan it removed all the .dat & .dll files that it found to be bad. Below is the HJT log file after the reboot. If there is anything alse you see wrong, please advise.

Currently, I have yet to experience any hijacking attempts as stated in my original post. The system appears to be clean.

Logfile of HijackThis v1.98.0
Scan saved at 11:50:58 AM, on 7/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://wwwmsn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://wwwmsn.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://81.29.75.60/talk.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#6 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 24 July 2004 - 12:09 PM

Hi there,


Fix this line too, other than that your log is clean.


R3 - Default URLSearchHook is missing



I would also advise you to Update Windows and InternetExplorer, to get all the Latest Security Patches that Protects Your Computer.

This can be accessed by going Here and following the prompts.

Also do this;

To provide future protection - I would advise you to download and install:


SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download
Here

Both are very small free programs that you run once, and then just weekly to check for updates.

And also see
So how did I get infected in the first place?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button