martinruskell Posted October 9, 2005 Report Share Posted October 9, 2005 I have been infected by a trojan which continually changes the explorer home page to about:blank. Mcaffe gives avirus warning 'startpage-du.dll' and 'FXBMH.DLL'I tried using about:blaster but keep getting 'Run-time error 5 Invalid procedure call or argument' when I try to update or run about:blaster.My Hijack this log is:Logfile of HijackThis v1.99.1Scan saved at 23:57:08, on 09/10/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXEC:\WINDOWS\SYSTEM\IPWJ32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXEC:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXEC:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXEC:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXEC:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXEC:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXEC:\WINDOWS\D3OG.EXEC:\WINDOWS\TEMP\A033.TMP.EXEC:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTMR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet ExplorerR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\WINTE.DLL (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {EA24E122-57CE-2E4F-6D27-58AE8ECF4AA3} - C:\WINDOWS\SYSTEM\WINKE.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLLO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exeO4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\WINDOWS REGISTRY REPAIR PRO.exe -XO4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXEO4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exeO4 - HKLM\..\Run: [D3OG.EXE] C:\WINDOWS\D3OG.EXEO4 - HKLM\..\Run: [A033.TMP] C:\WINDOWS\TEMP\A033.TMP.exeO4 - HKLM\..\Run: [A033.TMP.EXE] C:\WINDOWS\TEMP\A033.TMP.EXEO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embeddingO4 - HKLM\..\RunServices: [iPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /sO4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exeO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.htmlO8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.htmlO8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.htmlO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://portal.plus.net/O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16b8a2adbd1acc...ip/RdxIE601.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.11.150,212.159.13.150O19 - User stylesheet: (file missing)O21 - SSODL: systemie - {A288F2E0-0D92-11D8-B026-0040F46A2018} - sysie.dll (file missing)grateful for any adviceMartin Link to post Share on other sites
therock247uk Posted October 10, 2005 Report Share Posted October 10, 2005 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.nz/help/0,,4155-1916458,00.html2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTMR3 - Default URLSearchHook is missingO2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\WINTE.DLL (file missing)O2 - BHO: Class - {EA24E122-57CE-2E4F-6D27-58AE8ECF4AA3} - C:\WINDOWS\SYSTEM\WINKE.DLLO4 - HKLM\..\Run: [D3OG.EXE] C:\WINDOWS\D3OG.EXEO4 - HKLM\..\Run: [A033.TMP] C:\WINDOWS\TEMP\A033.TMP.exeO4 - HKLM\..\Run: [A033.TMP.EXE] C:\WINDOWS\TEMP\A033.TMP.EXEO4 - HKLM\..\RunServices: [iPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /sO16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16b8a2adbd1acc...ip/RdxIE601.cabO19 - User stylesheet: (file missing)O21 - SSODL: systemie - {A288F2E0-0D92-11D8-B026-0040F46A2018} - sysie.dll (file missing)4. Delete the files. (if present)C:\WINDOWS\fxbmh.dllC:\WINDOWS\SYSTEM\WINKE.DLLC:\WINDOWS\D3OG.EXEC:\WINDOWS\TEMP\A033.TMP.exeC:\WINDOWS\TEMP\A033.TMP.EXEC:\WINDOWS\SYSTEM\IPWJ32.EXE5. Reboot and post a new Hijackthis log here in a reply. Link to post Share on other sites
martinruskell Posted October 10, 2005 Author Report Share Posted October 10, 2005 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.nz/help/0,,4155-1916458,00.html2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTMR3 - Default URLSearchHook is missingO2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\WINTE.DLL (file missing)O2 - BHO: Class - {EA24E122-57CE-2E4F-6D27-58AE8ECF4AA3} - C:\WINDOWS\SYSTEM\WINKE.DLLO4 - HKLM\..\Run: [D3OG.EXE] C:\WINDOWS\D3OG.EXEO4 - HKLM\..\Run: [A033.TMP] C:\WINDOWS\TEMP\A033.TMP.exeO4 - HKLM\..\Run: [A033.TMP.EXE] C:\WINDOWS\TEMP\A033.TMP.EXEO4 - HKLM\..\RunServices: [iPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /sO16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16b8a2adbd1acc...ip/RdxIE601.cabO19 - User stylesheet: (file missing)O21 - SSODL: systemie - {A288F2E0-0D92-11D8-B026-0040F46A2018} - sysie.dll (file missing)4. Delete the files. (if present)C:\WINDOWS\fxbmh.dllC:\WINDOWS\SYSTEM\WINKE.DLLC:\WINDOWS\D3OG.EXEC:\WINDOWS\TEMP\A033.TMP.exeC:\WINDOWS\TEMP\A033.TMP.EXEC:\WINDOWS\SYSTEM\IPWJ32.EXE5. Reboot and post a new Hijackthis log here in a reply.<{POST_SNAPBACK}>Carried out your instructionsProblem seems to have gone awayLog:Logfile of HijackThis v1.99.1Scan saved at 22:40:24, on 10/10/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXEC:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXEC:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXEC:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXEC:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXEC:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXEC:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXEC:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXEC:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet ExplorerR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLLO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exeO4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\WINDOWS REGISTRY REPAIR PRO.exe -XO4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXEO4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embeddingO4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exeO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.htmlO8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.htmlO8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.htmlO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://portal.plus.net/O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.11.150,212.159.13.150 Link to post Share on other sites
therock247uk Posted October 10, 2005 Report Share Posted October 10, 2005 Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. Link to post Share on other sites
sin Posted October 16, 2005 Report Share Posted October 16, 2005 This thread is being closed because it has been resolved. If you would like it to be reopened please contact me (sin) or another member of the Moderating team.Nic Link to post Share on other sites
Recommended Posts