Hjt Log

aspall

By aspall,
in Malware Removal

 Share Followers 0

Recommended Posts

aspall

aspall

Posted
Posted

I appear to be infected with a virus that causes numerous popus, usually to questionable anti-virus sites but occasionally to R-rated sites as well. It has also replaced my desktop background with a full-screen linking image to some bogus anti-virus website.

Thanks in advance.

LOGS:

I have now removed the C:\windows\ddesupport.dll item using HiJack This. Now this thing has taken over my desktop background with a fullscreen link to its dumb website. It stores this image in a folder titled privacy_danger. Whenever I delete this folder it just re-appears.

HiJack This log:

Logfile of HijackThis v1.99.1

Scan saved at 12:09:17 AM, on 6/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\windows\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

C:\WINDOWS\SYSTEM32\Brmfrmps.exe

C:\WINDOWS\CDProxyServ.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\windows\System32\svchost.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe

C:\windows\system32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\windows\SOUNDMAN.EXE

C:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

c:\program files\mcafee\msc\mcuimgr.exe

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

c:\program files\mcafee\msc\mcshell.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.retrosheet.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.198.71.187:3128

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Andy\Application Data\Mozilla\Profiles\default\86z88414.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Andy\Application Data\Mozilla\Profiles\default\86z88414.slt\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\windows\ddesupport.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe

O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "C:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe" -min

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.air-source.us

O15 - Trusted Zone: www.casebookforum.org

O15 - Trusted Zone: my.ebay.com

O15 - Trusted Zone: *.ebay.com

O15 - Trusted Zone: *.fspainter

O15 - Trusted Zone: www.mostrealisticai.com

O15 - Trusted Zone: www7.freebmd.org.uk

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168151525515

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx

O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: msole - {BB35535F-AFB3-4BCF-A263-3ADC9DF204FF} - C:\windows\msole.dll

O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

COMBOFIX log:

ComboFix 07-06-18.2 - C:\Documents and Settings\Andy\My Documents\ComboFix.exe

"Andy" - 2007-06-26 22:02:42 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\windows\system32\drivers\fad.sys

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-26 22:02 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-26 20:18 <DIR> d-------- C:\VundoFix Backups

2007-06-26 18:25 <DIR> d-------- C:\DOCUME~1\Andy\APPLIC~1\DriveCleaner Free

2007-06-26 17:10 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

2007-06-26 14:16 83,456 --a------ C:\WINDOWS\msdde.dll

2007-06-26 14:16 76,800 --a------ C:\WINDOWS\msole.dll

2007-06-26 14:16 30,720 --a------ C:\WINDOWS\main_uninstaller.exe

2007-06-26 14:16 270,336 --a------ C:\WINDOWS\ddesupport.dll

2007-06-26 12:14 <DIR> d-------- C:\Program Files\NewMediaCodec

2007-06-02 11:02 <DIR> d-------- C:\DOCUME~1\Ginger\WINDOWS

2007-06-01 22:32 <DIR> d-------- C:\Program Files\SimTheme Park

2007-06-01 22:30 <DIR> d-------- C:\Program Files\Bullfrog

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 23:42:58 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-26 23:30:01 -------- d-----w C:\Program Files\SpywareBlaster

2007-06-26 01:25:26 -------- d-----w C:\Program Files\McAfee

2007-06-24 22:50:51 -------- d-----w C:\Program Files\John Deere American Farmer

2007-06-24 01:25:19 -------- d-----w C:\Program Files\Addit! Pro FS 2004

2007-06-22 23:18:32 -------- d-----w C:\Program Files\TTools

2007-06-19 18:28:29 -------- d-----w C:\Program Files\JetFighter IV

2007-06-09 00:23:03 -------- d-----w C:\Program Files\Napster

2007-06-04 03:59:02 98,304 ----a-w C:\windows\system32\CmdLineExt.dll

2007-06-02 19:10:05 285 ----a-w C:\windows\EReg072.dat

2007-05-31 16:36:33 -------- d-----w C:\Program Files\Kuma Games

2007-05-16 15:12:02 683,520 ----a-w C:\windows\system32\inetcomm.dll

2007-05-14 03:49:40 1,328 ----a-w C:\FSUIPC_reg.bin

2007-04-25 14:21:15 144,896 ----a-w C:\windows\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\windows\system32\msi.dll

2007-04-17 03:47:36 33,624 ----a-w C:\windows\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\windows\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\windows\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\windows\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\windows\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\windows\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\windows\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\windows\system32\wups2.dll

2007-04-17 03:44:20 271,224 ----a-w C:\windows\system32\mucltui.dll

2007-04-17 03:44:18 208,248 ----a-w C:\windows\system32\muweb.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]

{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\windows\ddesupport.dll [2007-06-26 13:20]

{4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]

"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 10:33]

"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 11:07]

"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 16:31]

"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]

"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-08 21:27 C:\WINDOWS\SYSTEM32\sbusbdll.dll]

"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 22:21]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 03:22 C:\WINDOWS\SOUNDMAN.EXE]

"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoffeeCup Spam Blocker"="C:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe" [2004-04-22 14:17]

"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 10:21]

"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 11:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]

"washindex"=C:\Program Files\Washer\washidx.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{BB35535F-AFB3-4BCF-A263-3ADC9DF204FF}"="C:\windows\msole.dll" [2007-06-26 13:20]

Contents of the 'Scheduled Tasks' folder

2007-06-15 06:00:01 C:\windows\tasks\McDefragTask.job

2007-06-01 06:00:01 C:\windows\tasks\McQcTask.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-26 22:12:11

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$cor]

"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$crater]

"ImagePath"="\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$DRMServer]

"ImagePath"="C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"

Completion time: 2007-06-26 22:12:56

C:\ComboFix-quarantined-files.txt ... 2007-06-26 22:12

--- E O F ---

Link to post
Share on other sites
jwbirdsong

jwbirdsong

Posted
Posted

You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.

Open HijackThis and click on Do a system scan only. Place a check mark next to the following:

O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\windows\ddesupport.dll

O21 - SSODL: msole - {BB35535F-AFB3-4BCF-A263-3ADC9DF204FF} - C:\windows\msole.dll

Close ALL other open windows and programs and click Fix checked.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh HijackThis log

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing