• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
logic123

res:// Highjacker Problem

6 posts in this topic

I have so far removed 4 viruses and one trojan from the system. I have used all updated spyware removal tools that the forum has recommended in the FAQs. I have also installed Spyware Guard & Aluria's Spy Eliminator. I have used Highjack This four times and the only thing keeping my systrem from being overtaken is the Spy Guard resident in memory. Right now, Spy Guard comes up every 30-60 seconds warning me of an attempted hijack.

 

I already have all the files recommended to fix this problem. All I need now is the guidence to have a successful recovery. Here is my Startuplist Log file from Highjack This:

 

StartupList report, 7/23/2004, 5:52:20 PM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\default\Desktop\HijackThis.EXE

Detected: Windows XP (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 (6.00.2600.0000)

* Using default options

==================================================

 

Running processes:

 

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\d3cx.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\America Online 9.0b\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Documents and Settings\default\Desktop\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\default\Start Menu\Programs\Startup]

SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe

AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINNT\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

THGuard = "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

MSConfig = C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

d3cx.exe = C:\WINNT\d3cx.exe

sysol32.exe = C:\WINNT\system32\sysol32.exe

javatq32.exe = C:\WINNT\system32\javatq32.exe

d3rs32.exe = C:\WINNT\system32\d3rs32.exe

netpg.exe = C:\WINNT\netpg.exe

mseq.exe = C:\WINNT\system32\mseq.exe

apiym.exe = C:\WINNT\apiym.exe

apifv32.exe = C:\WINNT\system32\apifv32.exe

ipre32.exe = C:\WINNT\ipre32.exe

sdkjo.exe = C:\WINNT\system32\sdkjo.exe

netkd32.exe = C:\WINNT\netkd32.exe

appiv.exe = C:\WINNT\appiv.exe

apiiw32.exe = C:\WINNT\system32\apiiw32.exe

systm32.exe = C:\WINNT\system32\systm32.exe

mfcex.exe = C:\WINNT\system32\mfcex.exe

addpj.exe = C:\WINNT\system32\addpj.exe

mfczw32.exe = C:\WINNT\system32\mfczw32.exe

sdkxm.exe = C:\WINNT\system32\sdkxm.exe

atleo32.exe = C:\WINNT\system32\atleo32.exe

d3bx32.exe = C:\WINNT\system32\d3bx32.exe

ipkp32.exe = C:\WINNT\system32\ipkp32.exe

appbp.exe = C:\WINNT\system32\appbp.exe

sdknj.exe = C:\WINNT\system32\sdknj.exe

atljr32.exe = C:\WINNT\atljr32.exe

atlip32.exe = C:\WINNT\system32\atlip32.exe

winag32.exe = C:\WINNT\winag32.exe

winye.exe = C:\WINNT\system32\winye.exe

iets.exe = C:\WINNT\system32\iets.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINNT\System32\PICTUR~1.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Task Scheduler jobs:

 

FRU Task #Hewlett-Packard#hp officejet 6100 series#1066711768.job

WebReg 20031025105829.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[QDiagAOLCCUpdateObj Class]

InProcServer32 = C:\WINNT\System32\qdiagcc.ocx

CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

 

[{556DDE35-E955-11D0-A707-000000521957}]

CODEBASE = http://www.xblock.com/download/xclean_micro.exe

 

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[iMCv1 Control]

InProcServer32 = C:\WINNT\DOWNLO~1\imcv1.dll

CODEBASE = http://81.29.75.60/talk.cab

 

[HouseCall Control]

InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

 

[update Class]

InProcServer32 = C:\WINNT\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8061.3205902778

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINNT\System32\webcheck.dll

SysTray: C:\WINNT\System32\stobject.dll

PostBootReminder: C:\WINNT\system32\SHELL32.dll

CDBurn: C:\WINNT\system32\SHELL32.dll

 

--------------------------------------------------

End of report, 6,631 bytes

Report generated in 0.160 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Hi there,

 

Please do this first;

 

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

 

 

Next;

 

It is the logfile I need to analyse. Also to make sure it is the latest version 1.98 do this.

 

Update HijackThis to version 1.98

• run HijackThis

select config> misc tools and select "update online". then yes.

Run a scan and post a new Hijackthis log after you are done.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 10:15:36 AM, on 7/24/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\d3cx.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ymcwp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R3 - Default URLSearchHook is missing

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [d3cx.exe] C:\WINNT\d3cx.exe

O4 - HKLM\..\RunOnce: [sysol32.exe] C:\WINNT\system32\sysol32.exe

O4 - HKLM\..\RunOnce: [javatq32.exe] C:\WINNT\system32\javatq32.exe

O4 - HKLM\..\RunOnce: [d3rs32.exe] C:\WINNT\system32\d3rs32.exe

O4 - HKLM\..\RunOnce: [netpg.exe] C:\WINNT\netpg.exe

O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINNT\system32\mseq.exe

O4 - HKLM\..\RunOnce: [apiym.exe] C:\WINNT\apiym.exe

O4 - HKLM\..\RunOnce: [apifv32.exe] C:\WINNT\system32\apifv32.exe

O4 - HKLM\..\RunOnce: [ipre32.exe] C:\WINNT\ipre32.exe

O4 - HKLM\..\RunOnce: [sdkjo.exe] C:\WINNT\system32\sdkjo.exe

O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINNT\netkd32.exe

O4 - HKLM\..\RunOnce: [appiv.exe] C:\WINNT\appiv.exe

O4 - HKLM\..\RunOnce: [apiiw32.exe] C:\WINNT\system32\apiiw32.exe

O4 - HKLM\..\RunOnce: [systm32.exe] C:\WINNT\system32\systm32.exe

O4 - HKLM\..\RunOnce: [mfcex.exe] C:\WINNT\system32\mfcex.exe

O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINNT\system32\addpj.exe

O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINNT\system32\mfczw32.exe

O4 - HKLM\..\RunOnce: [sdkxm.exe] C:\WINNT\system32\sdkxm.exe

O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINNT\system32\atleo32.exe

O4 - HKLM\..\RunOnce: [d3bx32.exe] C:\WINNT\system32\d3bx32.exe

O4 - HKLM\..\RunOnce: [ipkp32.exe] C:\WINNT\system32\ipkp32.exe

O4 - HKLM\..\RunOnce: [appbp.exe] C:\WINNT\system32\appbp.exe

O4 - HKLM\..\RunOnce: [sdknj.exe] C:\WINNT\system32\sdknj.exe

O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINNT\atljr32.exe

O4 - HKLM\..\RunOnce: [atlip32.exe] C:\WINNT\system32\atlip32.exe

O4 - HKLM\..\RunOnce: [winag32.exe] C:\WINNT\winag32.exe

O4 - HKLM\..\RunOnce: [winye.exe] C:\WINNT\system32\winye.exe

O4 - HKLM\..\RunOnce: [iets.exe] C:\WINNT\system32\iets.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://wwwmsn.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://wwwmsn.com

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://81.29.75.60/talk.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

Hi there,

 

Download About:Buster;

 

Here

 

Unzip it to your desktop. DO NOT RUN IT YET!!

 

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

O4 - HKLM\..\RunOnce: [d3cx.exe] C:\WINNT\d3cx.exe

O4 - HKLM\..\RunOnce: [sysol32.exe] C:\WINNT\system32\sysol32.exe

O4 - HKLM\..\RunOnce: [javatq32.exe] C:\WINNT\system32\javatq32.exe

O4 - HKLM\..\RunOnce: [d3rs32.exe] C:\WINNT\system32\d3rs32.exe

O4 - HKLM\..\RunOnce: [netpg.exe] C:\WINNT\netpg.exe

O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINNT\system32\mseq.exe

O4 - HKLM\..\RunOnce: [apiym.exe] C:\WINNT\apiym.exe

O4 - HKLM\..\RunOnce: [apifv32.exe] C:\WINNT\system32\apifv32.exe

O4 - HKLM\..\RunOnce: [ipre32.exe] C:\WINNT\ipre32.exe

O4 - HKLM\..\RunOnce: [sdkjo.exe] C:\WINNT\system32\sdkjo.exe

O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINNT\netkd32.exe

O4 - HKLM\..\RunOnce: [appiv.exe] C:\WINNT\appiv.exe

O4 - HKLM\..\RunOnce: [apiiw32.exe] C:\WINNT\system32\apiiw32.exe

O4 - HKLM\..\RunOnce: [systm32.exe] C:\WINNT\system32\systm32.exe

O4 - HKLM\..\RunOnce: [mfcex.exe] C:\WINNT\system32\mfcex.exe

O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINNT\system32\addpj.exe

O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINNT\system32\mfczw32.exe

O4 - HKLM\..\RunOnce: [sdkxm.exe] C:\WINNT\system32\sdkxm.exe

O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINNT\system32\atleo32.exe

O4 - HKLM\..\RunOnce: [d3bx32.exe] C:\WINNT\system32\d3bx32.exe

O4 - HKLM\..\RunOnce: [ipkp32.exe] C:\WINNT\system32\ipkp32.exe

O4 - HKLM\..\RunOnce: [appbp.exe] C:\WINNT\system32\appbp.exe

O4 - HKLM\..\RunOnce: [sdknj.exe] C:\WINNT\system32\sdknj.exe

O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINNT\atljr32.exe

O4 - HKLM\..\RunOnce: [atlip32.exe] C:\WINNT\system32\atlip32.exe

O4 - HKLM\..\RunOnce: [winag32.exe] C:\WINNT\winag32.exe

O4 - HKLM\..\RunOnce: [winye.exe] C:\WINNT\system32\winye.exe

O4 - HKLM\..\RunOnce: [iets.exe] C:\WINNT\system32\iets.exe

 

Close HijackThis

 

Reboot into safe mode

 

Open About:Buster

 

Hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Post the report and a new HijackThis log here.

Share this post


Link to post
Share on other sites

I forgot to save the About Buster log, but during the scan it removed all the .dat & .dll files that it found to be bad. Below is the HJT log file after the reboot. If there is anything alse you see wrong, please advise.

 

Currently, I have yet to experience any hijacking attempts as stated in my original post. The system appears to be clean.

 

Logfile of HijackThis v1.98.0

Scan saved at 11:50:58 AM, on 7/24/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\America Online 9.0b\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\WINNT\wanmpsvc.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\HJT\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://wwwmsn.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://wwwmsn.com

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://81.29.75.60/talk.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

Hi there,

 

 

Fix this line too, other than that your log is clean.

 

 

R3 - Default URLSearchHook is missing

 

 

 

I would also advise you to Update Windows and InternetExplorer, to get all the Latest Security Patches that Protects Your Computer.

 

This can be accessed by going Here and following the prompts.

 

Also do this;

 

To provide future protection - I would advise you to download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

 

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0