Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Greetings All,

I had an older version of McAfee Virus software (which I received from the army), their contract expired unbeknownst to me September 16th. When Comcast notified me that I could download free the McAfee virus software I jumped at it. However, my computer cannot access mcafee.com, symantec.com or it appears any other security site. It appears from reading other sites and yours that there could be a fix. Here is my hijack this log, I have Windows ME...I have Registry First Aid and Spyware Blaster. Any thoughts are appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 10:34:35 PM, on 11/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\CABS\7510447\USB\WIN ME\PRELOAD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IIEVTE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\RFA\RFAGENT.EXE
C:\PROGRAM FILES\RFA\REG1AID.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8XQJGLIR\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.2.5 www.symantec.com
O1 - Hosts: 127.0.2.5 symantec.com
O1 - Hosts: 127.0.2.5 securityresponse.symantec.com
O1 - Hosts: 127.0.2.5 sarc.com
O1 - Hosts: 127.0.2.5 www.sarc.com
O1 - Hosts: 127.0.2.5 www.sophos.com
O1 - Hosts: 127.0.2.5 sophos.com
O1 - Hosts: 127.0.2.5 www.mcafee.com
O1 - Hosts: 127.0.2.5 mcafee.com
O1 - Hosts: 127.0.2.5 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.2.5 www.viruslist.com
O1 - Hosts: 127.0.2.5 viruslist.com
O1 - Hosts: 127.0.2.5 f-secure.com
O1 - Hosts: 127.0.2.5 www.f-secure.com
O1 - Hosts: 127.0.2.5 f-prot.com
O1 - Hosts: 127.0.2.5 www.f-prot.com
O1 - Hosts: 127.0.2.5 kaspersky.com
O1 - Hosts: 127.0.2.5 kaspersky-labs.com
O1 - Hosts: 127.0.2.5 www.avp.com
O1 - Hosts: 127.0.2.5 avp.com
O1 - Hosts: 127.0.2.5 www.kaspersky.com
O1 - Hosts: 127.0.2.5 www.networkassociates.com
O1 - Hosts: 127.0.2.5 networkassociates.com
O1 - Hosts: 127.0.2.5 www.ca.com
O1 - Hosts: 127.0.2.5 ca.com
O1 - Hosts: 127.0.2.5 mast.mcafee.com
O1 - Hosts: 127.0.2.5 my-etrust.com
O1 - Hosts: 127.0.2.5 www.my-etrust.com
O1 - Hosts: 127.0.2.5 download.mcafee.com
O1 - Hosts: 127.0.2.5 dispatch.mcafee.com
O1 - Hosts: 127.0.2.5 secure.nai.com
O1 - Hosts: 127.0.2.5 nai.com
O1 - Hosts: 127.0.2.5 www.nai.com
O1 - Hosts: 127.0.2.5 vil.nai.com
O1 - Hosts: 127.0.2.5 update.symantec.com
O1 - Hosts: 127.0.2.5 updates.symantec.com
O1 - Hosts: 127.0.2.5 us.mcafee.com
O1 - Hosts: 127.0.2.5 liveupdate.symantec.com
O1 - Hosts: 127.0.2.5 customer.symantec.com
O1 - Hosts: 127.0.2.5 rads.mcafee.com
O1 - Hosts: 127.0.2.5 trendmicro.com
O1 - Hosts: 127.0.2.5 www.trendmicro.com
O1 - Hosts: 127.0.2.5 housecall.trendmicro.com
O1 - Hosts: 127.0.2.5 pandasoftware.com
O1 - Hosts: 127.0.2.5 www.pandasoftware.com
O1 - Hosts: 127.0.2.5 www.trendmicro.com
O1 - Hosts: 127.0.2.5 free.grisoft.com
O1 - Hosts: 127.0.2.5 www.grisoft.com
O1 - Hosts: 127.0.2.5 grisoft.com
O1 - Hosts: 127.0.2.5 clamav.net
O1 - Hosts: 127.0.2.5 www.clamav.net
O1 - Hosts: 127.0.2.5 free-av.com
O1 - Hosts: 127.0.2.5 www.free-av.com
O1 - Hosts: 127.0.2.5 www.avast.com
O1 - Hosts: 127.0.2.5 avast.com
O1 - Hosts: 127.0.2.5 cert.org
O1 - Hosts: 127.0.2.5 www.cert.org
O1 - Hosts: 127.0.2.5 www.microsoft.com
O1 - Hosts: 127.0.2.5 microsoft.com
O1 - Hosts: 127.0.2.5 www.virustotal.com
O1 - Hosts: 127.0.2.5 virustotal.com
O1 - Hosts: 127.0.2.5 update.microsoft.com
O1 - Hosts: 127.0.2.5 windowsupdate.microsoft.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] c:\cabs\7510447\USB\Win Me\Preload.exe /DEVID:*PNP0320 /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kjnkbaiuycd] C:\WINDOWS\SYSTEM\iievte.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [rfagent] "C:\PROGRAM FILES\RFA\rfagent.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/120f554f2cb73318ba17/netzip/RdxIE601.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: JavaConnect - http://www.collaborate.jagcnet.army.mil/sametime/javaconnect/JavaConnect.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/earthlink/polarbowler/install.cab
O16 - DPF: dbp_600 - http://www.dmwarehouse.com/rele/user/dbp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.militarylife.com/ScriptX/smsx.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab


Todd
 

·
Bearded Tech Monkey
Joined
·
1,058 Posts
Hi Todd, and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back to address your problem A.S.A.P.

Please Subscribe to this thread, (Thread Tools->Subscribe to this Thread) so that you are notified when a reply has been made.

Please be patient with me during this time.

Thanks,

RavenMind
 

·
Bearded Tech Monkey
Joined
·
1,058 Posts
Hi Todd. Thank you for being patient while I reviewed your log!


Important: Copy this page into Notepad & save it. You may also want to print out a copy of these instructions in case you are unable to access Notepad during the fix. Please remember to do the downloads prior to logging off the internet.


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
This entry is usually present if an administrator has set this computer up with other accounts and has restricted access to certain Windows/IE functions. I need to know if you are, or have, an administrator for this computer, and if so – did you set these restrictions? If not then please include this entry in the list of things to fix with HJT.



BEFORE YOU PROCEED: You are running HijackThis from a temporary directory. The program creates backup files that we may need to use later, and are at risk of being deleted if in a temporary folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT, or another name of your choice.



  1. Enable the viewing of hidden files/folders:

    Go to My Computer > View > Folder Options > “View” tab, and make sure that “Show all files” is checked under the “Hidden Files” section. Also make sure there is no checkmark beside “Hide file extensions for known file types”.



  2. Downloads:

    CleanUp!:

    The Temp folders are a popular place for malware to hide out, plus installation programs tend to leave a lot of junk in there. Download and install CleanUp! to clean out your temps, but do not run it yet.



    hosts.zip:

    It looks like the reason you’re not able to access McAfee’s & Symantec’s sites is because your host file has been hijacked. This means when you try to access the hijacked sites your browser is automatically redirected to another location.

    Please download the file from the link above. Extract it & place it in the C:\Windows directory. It should ask if you want to replace the existing file; choose YES.



  3. Reboot into Safe Mode.

    Restart the computer. While it’s booting up, tap the F8 key until a numbered menu appears. Choose “Safe Mode”, press Enter, and Windows will continue to load.



  4. Program Removals:

    Uninstall the following via “Add/Remove”, if they still exist. (Start > Settings > Control Panel > Add/Remove Programs)

    Ebates Money Maker
    Wild Tangent (If it exists):
    This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't good at all. They collect information about you and your usage. We recommend uninstalling it.
    Viewpoint Manager


  5. HiJackThis Entries:

    Run a scan in HijackThis. Place a check mark next to the following entries if they still exist:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
    O4 - HKLM\..\Run: [kjnkbaiuycd] C:\WINDOWS\SYSTEM\iievte.exe
    O4 - HKLM\..\Run: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\RunServices: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
    O4 - HKCU\..\Run: [OpenGL Drivers] C:\WINDOWS\SYSTEM\0PENGLD.EXE
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/120f554f2cb733...ip/RdxIE601.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...ler/install.cab

    Please make sure to close all open windows & browsers, then click Fix Checked.



  6. File Deletions:

    Delete the following FILES indicated in RED and FOLDERS indicated in BLUE, if they still exist.
    • NOTE: If the full path to the file is not listed, then you should do a Search. (”Start” > “Search” > “For files or folders…” > “All files & folders”)

    C:\WINDOWS\SYSTEM\iievte.exe
    C:\WINDOWS\SYSTEM\0PENGLD.EXE
    C:\Program Files\Viewpoint
    C:\WINDOWS\D1rectX.exe (If present)



  7. WeatherBug:

    Weatherbug has a history of delivering adware & malware. I suggest you uninstall it. If you installed it yourself & are okay with what it does, then you may keep it. However I would suggest at least considering an alternative such as WeatherWatcherhttp://www.singerscreations.com/Software.asp[/url, or TheWeatherChannel.com's Desktop Weather.

    If you choose to remove it, do the following:
    • Go into Add/Remove Programs and uninstall WeatherBug

    • Fix the following entry in HJT:
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    • Delete the following FOLDER: (if it still exists)
      C:\Program Files\AWS



  8. Run Cleanup!

    Configure the program as follows:
    1. Click Options...
    2. Move the arrow down to Custom CleanUp!
    3. Put a check next to the following:
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
    4. Click OK
    5. Press the CleanUp! button to start the program. Reboot when prompted.
    * CleanUp! will delete all the files in your temp folders without making a backup!



  9. Reboot into Normal Mode.



  10. Online Scan:

    Be sure to turn off the real-time scanner of any existing antivirus program while performing the online scan. (e.g., Norton, McAfee, etc.)

    Using Internet Explorer, perform an online scan with Kaspersky WebScanner:

    • Click on “Launch Kaspersky Anti-Virus Web Scanner
    • Click Yes when prompted to install an ActiveX component.

      The program will launch, and begin downloading the definitions.

    • Click “NEXT” once the files have been downloaded.
    • Now click on Scan Settings:

    • Select the following under Scan Settings:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
          Scan Mail Bases
    • Click OK
    • Now, under Select a Target to Scan:
      • Select My Computer

      This will start the system scan. (It may take a while, so please be patient)

    Once the scan is complete it will tell you if your system has been infected.
    • Click on the Save as Text button.
    • Save the file to your desktop. (We will need it later)


Please post the following items in your next reply:
  1. Fresh HJT log, run in Normal Mode
  2. Results from the Kaspersky scan
  3. What you decided to do with the O6 entry listed at the top
  4. If you are still experiencing problems
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top