afonofa
Journeyman
1. Uninstall Symantec's Antivirus/Suite. It's "protection" is just not worth the resource drain on your comp. If you want to, you can always reinstall it after you cleanup the malware.
2. Install Kaspersky Antivirus v7.0.1.325 trial, with its self defense enabled during and after installation. Set KAV's settings to max. It will barely hurt your comp's performance. Activate the trial > update it > disconnect from the internet > do a full system scan in normal mode and if it can't quarantine/delete any infected files even on reboot, then scan in safe mode. At max settings the scan can take a long time to complete. So you may want to exit all other programs before starting the scan. (also before a HJT scan, exit all programs other than your antivirus + antispyware + firewall, so that it reduces the length of the HJT log)
3. Turn off System Restore.
4. Clean out your Temp files and folders. I have never used it, but many forum members recommend using CCleaner.
5. Definitely upgrade to Internet Explorer 7
6. Install all the critical updates through windows automatic updates or SP3.
7. Check your comp with Windows Malicious Software Removal Tool.
I have never tried Avast, but my friend used to have Avast home on his comp, and his comp would be infected with malware often. His comp's been malware free for a long time now, since I got him to switch to Eset Nod32 Antivirus + ZA Pro + Spybot S&D + Sandboxie. But to cleanup an already infected system, I would pick KAV over EAV any day(coupled with HJT of course).
I don't think those two dll files are supposed to load at startup. A google search brings up no info on them. Do a search(include hidden files) on your comp for ejtcyvp*.* and migrrvw*.*
1. If you find any .exe's in your search, then quarantine them alongwith the .dll's.
2. Select(tick mark) the entries for those two dll's in HJT > Fix checked.
3. I'm not sure about those entries in your hosts file. So I leave that to you to decide whether they are required or not. If you are unsure, then note them down, remove them with HJT and check if there's any problem without those entries. If there are, then its simple to add them back.
If you have no open windows (add/remove programs, windows firewall settings etc.) and you see rundll32.exe running in your Task Manager processes, end it immediately, until the time your comp is free of malware.
For your comp to work properly, the above programs are not required to load at startup. It depends on your preferences but turning them off will speed up your startup. Turn them off from within the programs themselves, for those that you can't, use Spybot S&D to disable them from startup(don't use msconfig). This has nothing to do with the browser hijack problem that you are having.
2. Install Kaspersky Antivirus v7.0.1.325 trial, with its self defense enabled during and after installation. Set KAV's settings to max. It will barely hurt your comp's performance. Activate the trial > update it > disconnect from the internet > do a full system scan in normal mode and if it can't quarantine/delete any infected files even on reboot, then scan in safe mode. At max settings the scan can take a long time to complete. So you may want to exit all other programs before starting the scan. (also before a HJT scan, exit all programs other than your antivirus + antispyware + firewall, so that it reduces the length of the HJT log)
3. Turn off System Restore.
4. Clean out your Temp files and folders. I have never used it, but many forum members recommend using CCleaner.
5. Definitely upgrade to Internet Explorer 7
6. Install all the critical updates through windows automatic updates or SP3.
7. Check your comp with Windows Malicious Software Removal Tool.
I have never tried Avast, but my friend used to have Avast home on his comp, and his comp would be infected with malware often. His comp's been malware free for a long time now, since I got him to switch to Eset Nod32 Antivirus + ZA Pro + Spybot S&D + Sandboxie. But to cleanup an already infected system, I would pick KAV over EAV any day(coupled with HJT of course).
I don't think those two dll files are supposed to load at startup. A google search brings up no info on them. Do a search(include hidden files) on your comp for ejtcyvp*.* and migrrvw*.*
1. If you find any .exe's in your search, then quarantine them alongwith the .dll's.
2. Select(tick mark) the entries for those two dll's in HJT > Fix checked.
3. I'm not sure about those entries in your hosts file. So I leave that to you to decide whether they are required or not. If you are unsure, then note them down, remove them with HJT and check if there's any problem without those entries. If there are, then its simple to add them back.
If you have no open windows (add/remove programs, windows firewall settings etc.) and you see rundll32.exe running in your Task Manager processes, end it immediately, until the time your comp is free of malware.
For your comp to work properly, the above programs are not required to load at startup. It depends on your preferences but turning them off will speed up your startup. Turn them off from within the programs themselves, for those that you can't, use Spybot S&D to disable them from startup(don't use msconfig). This has nothing to do with the browser hijack problem that you are having.
