|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
MSN messenger - brutal virus, can't get rid of
I clicked on a link someone sent me in msn messenger - to view pics or somehting,
immediatly I was infected with something. my computer is loaded with adware / spyware that keeps reinstalling itself I have removed each item about 10 times (ran bazooka / spybot / norton) I have even gone into safe mode to delete everything - and they still keep re-appearing once i go back into normal mode (elite toolbar, huntbar, IST, win-tools, click me, pop and the list goes on) I am one step away from reformatting, and I thought i would check here if someone can help me here is my hijack log PLEASE HELP someone Logfile of HijackThis v1.99.1 Scan saved at 8:03:55 AM, on 5/17/05 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\WINNT\system32\atiptaxx.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04. exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Instant Buzz\IBDaemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\msnxmsgrsc.exe C:\PROGRA~1\COMMON~1\wkww\wkwwm.exe C:\Documents and Settings\Administrator\Application Data\cdcc.exe C:\WINNT\system32\m?hta.exe C:\Program Files\Common Files\efax\Dllcmd32.exe C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINNT\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\mshta.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searching-4u.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04. exe O4 - HKLM\..\Run: [Monitor SynManager] dcvwed.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\canada.exe -N O4 - HKLM\..\Run: [qhgr] C:\WINNT\qhgr.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitejhx32.exe O4 - HKLM\..\Run: [ctsd] C:\WINNT\ctsd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [utotch] C:\WINNT\utotch.exe O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINNT\Temp\WTuninst.exe /remove O4 - HKLM\..\RunServices: [Monitor SynManager] dcvwed.exe O4 - HKLM\..\RunServices: [strmsnmgrs] msnxmsgrsc.exe O4 - HKCU\..\Run: [Monitor SynManager] dcvwed.exe O4 - HKCU\..\Run: [strmsnmgrs] msnxmsgrsc.exe O4 - HKCU\..\Run: [wkww] C:\PROGRA~1\COMMON~1\wkww\wkwwm.exe O4 - HKCU\..\Run: [Oerr] C:\Documents and Settings\Administrator\Application Data\cdcc.exe O4 - HKCU\..\Run: [Iyfk] C:\WINNT\system32\m?hta.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c6.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#2
|
|||
|
|||
Hi deevah
Welcome to CTH Uninstall from Add/Remove Programs: WinTools Instant Buzz ( unless you use it).......ignore the fixes for Instant Buzz below if you use the program. Create a new folder on C:\ drive and name the folder HijackThis. Move and save HijackThis.exe to the new folder. Your HijackThis is in a temp folder that should be emptied regularly. Download Purityscan Removal Dont run it , yet , run it later in Safe Mode. Download Elite Searchbar uninstaller and unzip it to a folder on your desktop. Dont run it , yet , run it later in Safe Mode. 1. C:\WINNT\system32\mshta.exe is a running process. mshta.exe is a running process....... Although a legitimate windows file, it is not a good to have it in running processes. Read htasploit article and then download HTAStop.....http://www.nsclean.com/htastop.html Use HTAStop to toggle this vulnerability to "Disabled". You will need to do this to stop similar exploits. 2. Close ALL Internet Explorer Windows, only have HijackThis running. In HijackThis, tick the boxes for the below entries, then click on "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searching-4u.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\canada.exe -N O4 - HKLM\..\Run: [qhgr] C:\WINNT\qhgr.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitejhx32.exe O4 - HKLM\..\Run: [ctsd] C:\WINNT\ctsd.exe O4 - HKLM\..\Run: [utotch] C:\WINNT\utotch.exe O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINNT\Temp\WTuninst.exe /remove O4 - HKLM\..\RunServices: [Monitor SynManager] dcvwed.exe O4 - HKLM\..\RunServices: [strmsnmgrs] msnxmsgrsc.exe O4 - HKCU\..\Run: [Monitor SynManager] dcvwed.exe O4 - HKCU\..\Run: [strmsnmgrs] msnxmsgrsc.exe O4 - HKCU\..\Run: [wkww] C:\PROGRA~1\COMMON~1\wkww\wkwwm.exe O4 - HKCU\..\Run: [Oerr] C:\Documents and Settings\Administrator\Application Data\cdcc.exe O4 - HKCU\..\Run: [Iyfk] C:\WINNT\system32\m?hta.exe O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c6.cab O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB 3. REBOOT INTO SAFE MODE...--> How to reboot to Safe Mode -->(reboot and tap F8 immediately after BIOS screen ( the Bios screen is the first black and white screen you see)....choose Safe Mode from menu) MAKE SURE YOU CAN SEE HIDDEN FILES and FOLDERS --> How to show Hidden Files and Folders Then delete the below files and folders: C:\WINNT\EliteToolBar <--- delete the EliteToolBar folder C:\Program Files\Instant Buzz <--- delete the Instant Buzz folder C:\WINNT\system32\canada.exe<--- delete the file C:\WINNT\qhgr.exe<--- delete the file C:\winnt\system32\elitejhx32.exe<--- delete the file C:\WINNT\ctsd.exe<--- delete the file C:\WINNT\utotch.exe<--- delete the file C:\WINNT\Temp <---- dlete all the files and sub-folders in the TEMP folder C:\WINNT\system32\msnxmsgrsc.exe<--- delete the file C:\PROGRAM FILES\COMMON FILES\wkww <--- delete the wkww folder C:\WINNT\system32\dcvwed.exe<--- delete the file Reboot computer and post back a new HJT log to this thread, please. Update antivirus and run a full scan. Cheers. Please read and install the programs in the link below, to stop it happening, and to clean out any other malware/adware. See HOW TO PREVENT RE-INFECTION for added protection with Adaware, Spybot S+D, SpywareBlaster, SpywareGuard, MVPS HOSTS file. |
#3
|
|||
|
|||
I think the adware / malware stuff is all gone - THANK YOU
something however I am still seeing is this, I cannot access my internet security settings when i am in internet explorer and click on internet options / security / internet. I cannot select custom level to change my activeX controls - it is greyed out I noticed this after I was infected with all of that adware - any ideas? here is the latest HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:33:01 PM, on 5/18/05 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\WINNT\system32\atiptaxx.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04. exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Instant Buzz\IBDaemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\efax\Dllcmd32.exe C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Norton AntiVirus\OPScan.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://google.com/ O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04. exe O4 - HKLM\..\Run: [Monitor SynManager] dcvwed.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=3655 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#4
|
|||
|
|||
i also notice that I am not accepting cookies, but i can't change that either
i am not able to download anything from anywhere and can't view a lot of web pages thanks |
#5
|
|||
|
|||
Hi deevah
Only this to FIX in HijackThis: O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTic....cab?refid=3655 What does InstanBuzz do...... 2. Backup any email, etc . Are you logged in as Administrator? Try logging in as Admin and see if you have the IE options. Repair IE: Open Control Panel -->Add/Remove Programs -->Microsoft Internet Explorer 6 and Internet Tools. Double-click this entry -->Repair Internet Explorer -->OK . When it is finished ,reboot your computer. Cheers |
#6
|
|||
|
|||
strangely - internet explorer is not showing up in add/remove programs, I can't see it in there?
Should I just reinstall IE6? |
#7
|
|||
|
|||
and to answer your questions...
I am logged in as administrator instant buzz is a traffic generating app tool bar |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
MSN messenger possible virus | casmaler | Malware Removal | 3 | August 5th, 2008 02:29 AM |
MSN Messenger virus | richardjsbaby | Malware Removal | 1 | April 8th, 2008 03:34 AM |
pls help! msn messenger virus??? | max07979 | Malware Removal | 3 | June 30th, 2006 01:17 AM |
Help for msn messenger 7.5 virus | royalace | Windows XP | 0 | February 18th, 2006 07:38 AM |
msn messenger virus | fatboythin | Malware Removal | 2 | June 26th, 2005 10:18 PM |
All times are GMT +1. The time now is 07:00 PM.