Jump to content


Photo

CWS hijacked browser?


  • Please log in to reply
1 reply to this topic

#1 Reg

Reg

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 28 June 2004 - 11:11 AM

Thought I had successfully removed CWS with Ad-adware tweak as per earlier post here, but now IE shuts down at certain sites. Specifically, I tried to download critical patches at microsoft and IE shut down with illegal operation error. Also, my machine froze since my last HJT log and I had to reboot, so new log attached. Other programs seem to be messed up as well (everything fron Adapt CD Creator to the windows solitaire game). Please, please help. This is driving me crazy.
Logfile of HijackThis v1.97.7
Scan saved at 10:46:56 AM, on 6/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\netscape_profile\prefs.js)
O1 - Hosts: 204.46.198.11 r5imbnt1.r05res.epa.gov r5imbnt1 r5dev1
O1 - Hosts: 204.46.198.12 r5imbnt2.r05res.epa.gov r5imbnt2 r5dev2
O1 - Hosts: 204.46.177.44 r5notes2.r05tok.epa.gov r5notes2
O1 - Hosts: 204.46.180.38 r5imbnt3.r5gware.epa.gov r5imbnt3 r5notes3_nt
O1 - Hosts: 204.46.180.40 r5imbnt4.r5gware.epa.gov r5imbnt4 r5notes4_nt
O1 - Hosts: 204.46.177.72 r5imbnt5.r05tok.epa.gov r5imbnt5 r5notes5_nt
O1 - Hosts: 204.46.180.46 r5imbnt9.r5gware.epa.gov r5imbnt9 r5notes9
O1 - Hosts: 204.46.189.72 r5nt6.r5oig.epa.gov r5nt6 r5notes6_nt
O1 - Hosts: 204.46.177.57 r5nt6a.r05tok.epa.gov r5nt6a
O1 - Hosts: 204.46.180.37 r5nt6b.r05.epa.gov r5nt6b
O1 - Hosts: 204.46.189.71 r5ntdomfax1.r5oig.epa.gov r5ntdomfax1 r5notes7_fax
O1 - Hosts: 204.46.181.31 r5edont1.r5edo.epa.gov r5edont1 r5notes8_oh
O1 - Hosts: 204.46.189.70 r5ntbkup.r5oig.epa.gov r5ntbkup
O1 - Hosts: 204.46.180.39 r5imbnt3a.r5gware.epa.gov r5imbnt3a
O1 - Hosts: 204.46.198.85 r5ntora.r05res.epa.gov r5ntora
O1 - Hosts: 204.46.177.35 r5leg1.r05tok.epa.gov r5leg1
O1 - Hosts: 204.46.177.37 r5cubix1.r05tok.epa.gov r5cubix1
O1 - Hosts: 204.46.177.38 r5cubix2.r05tok.epa.gov r5cubix2
O1 - Hosts: 204.46.185.12 pm1.r5pmd.epa.gov pm1
O1 - Hosts: 204.46.185.13 pm2.r5pmd.epa.gov pm2
O1 - Hosts: 204.46.185.14 pm3.r5pmd.epa.gov pm3
O1 - Hosts: 204.46.185.15 pm4.r5pmd.epa.gov pm4
O1 - Hosts: 204.46.185.16 pm5.r5pmd.epa.gov pm5
O1 - Hosts: 204.46.185.17 pm6.r5pmd.epa.gov pm6
O1 - Hosts: 204.46.185.18 pm7.r5pmd.epa.gov pm7
O1 - Hosts: 204.46.185.11 r5pmd-ur.r5pmd.epa.gov r5pmd-ur
O1 - Hosts: 204.46.177.23 r5pmd-tbb.r05tok.epa.gov r5pmd-tbb
O1 - Hosts: 204.46.186.12 fm1.r5fms1.epa.gov fm1
O1 - Hosts: 204.46.186.13 fm2.r5fms1.epa.gov fm2
O1 - Hosts: 204.46.186.14 fm3.r5fms1.epa.gov fm3
O1 - Hosts: 204.46.186.15 fm4.r5fms1.epa.gov fm4
O1 - Hosts: 204.46.186.16 fm5.r5fms1.epa.gov fm5
O1 - Hosts: 204.46.186.17 fm6.r5fms1.epa.gov fm6
O1 - Hosts: 204.46.186.11 r5fms1-ur.r5fms1.epa.gov r5fms1-ur
O1 - Hosts: 204.46.177.24 r5fms1-tbb.r05tok.epa.gov r5fms1-tbb
O1 - Hosts: 204.46.187.12 rc1.r5rcra.epa.gov rc1
O1 - Hosts: 204.46.187.13 rc2.r5rcra.epa.gov rc2
O1 - Hosts: 204.46.187.14 rc3.r5rcra.epa.gov rc3
O1 - Hosts: 204.46.187.15 rc4.r5rcra.epa.gov rc4
O1 - Hosts: 204.46.187.16 rc5.r5rcra.epa.gov rc5
O1 - Hosts: 204.46.187.17 rc6.r5rcra.epa.gov rc6
O1 - Hosts: 204.46.187.18 rc7.r5rcra.epa.gov rc7
O1 - Hosts: 204.46.187.19 rc8.r5rcra.epa.gov rc8
O1 - Hosts: 204.46.187.20 rc9.r5rcra.epa.gov rc9
O1 - Hosts: 204.46.187.21 rc10.r5rcra.epa.gov rc10
O1 - Hosts: 204.46.187.22 rc11.r5rcra.epa.gov rc11
O1 - Hosts: 204.46.187.23 rc12.r5rcra.epa.gov rc12
O1 - Hosts: 204.46.190.24 rc13.r5rcra.epa.gov rc13
O1 - Hosts: 204.46.190.25 rc14.r5rcra.epa.gov rc14
O1 - Hosts: 204.46.187.11 r5rcra-ur.r5rcra.epa.gov r5rcra-ur
O1 - Hosts: 204.46.177.25 r5rcra-tbb.r05tok.epa.gov r5rcra-tbb
O1 - Hosts: 204.46.188.12 ar1.r5ard.epa.gov ar1
O1 - Hosts: 204.46.188.13 ar2.r5ard.epa.gov ar2
O1 - Hosts: 204.46.188.14 ar3.r5ard.epa.gov ar3
O1 - Hosts: 204.46.188.15 ar4.r5ard.epa.gov ar4
O1 - Hosts: 204.46.188.16 ar5.r5ard.epa.gov ar5
O1 - Hosts: 204.46.188.17 ar6.r5ard.epa.gov ar6
O1 - Hosts: 204.46.188.18 ar7.r5ard.epa.gov ar7
O1 - Hosts: 204.46.188.19 ar8.r5ard.epa.gov ar8
O1 - Hosts: 204.46.188.20 ar9.r5ard.epa.gov ar9
O1 - Hosts: 204.46.188.21 ar10.r5ard.epa.gov ar10
O1 - Hosts: 204.46.188.22 ar11.r5ard.epa.gov ar11
O1 - Hosts: 204.46.188.23 ar12.r5ard.epa.gov ar12
O1 - Hosts: 204.46.188.24 ar13.r5ard.epa.gov ar13
O1 - Hosts: 204.46.188.25 ar14.r5ard.epa.gov ar14
O1 - Hosts: 204.46.188.26 ar15.r5ard.epa.gov ar15
O1 - Hosts: 204.46.188.27 ar16.r5ard.epa.gov ar16
O1 - Hosts: 204.46.188.28 ar17.r5ard.epa.gov ar17
O1 - Hosts: 204.46.188.29 ar18.r5ard.epa.gov ar18
O1 - Hosts: 204.46.188.30 ar19.r5ard.epa.gov ar19
O1 - Hosts: 204.46.188.31 ar20.r5ard.epa.gov ar20
O1 - Hosts: 204.46.188.32 ar21.r5ard.epa.gov ar21
O1 - Hosts: 204.46.188.33 ar22.r5ard.epa.gov ar22
O1 - Hosts: 204.46.188.34 ar23.r5ard.epa.gov ar23
O1 - Hosts: 204.46.188.35 ar24.r5ard.epa.gov ar24
O1 - Hosts: 204.46.188.36 ar25.r5ard.epa.gov ar25
O1 - Hosts: 204.46.188.37 ar26.r5ard.epa.gov ar26
O1 - Hosts: 204.46.188.38 ar27.r5ard.epa.gov ar27
O1 - Hosts: 204.46.188.39 ar28.r5ard.epa.gov ar28
O1 - Hosts: 204.46.188.40 ar29.r5ard.epa.gov ar29
O1 - Hosts: 204.46.188.41 ar30.r5ard.epa.gov ar30
O1 - Hosts: 204.46.188.42 ar31.r5ard.epa.gov ar31
O1 - Hosts: 204.46.188.43 ar32.r5ard.epa.gov ar32
O1 - Hosts: 204.46.188.44 ar33.r5arb.epa.gov ar33
O1 - Hosts: 204.46.188.45 ar34.r5arb.epa.gov ar34
O1 - Hosts: 204.46.188.46 ar35.r5arb.epa.gov ar35
O1 - Hosts: 204.46.188.47 ar36.r5arb.epa.gov ar36
O1 - Hosts: 204.46.188.48 ar37.r5arb.epa.gov ar37
O1 - Hosts: 204.46.188.49 ar38.r5arb.epa.gov ar38
O1 - Hosts: 204.46.188.50 ar39.r5arb.epa.gov ar39
O1 - Hosts: 204.46.188.51 ar40.r5arb.epa.gov ar40
O1 - Hosts: 204.46.188.52 ar41.r5arb.epa.gov ar41
O1 - Hosts: 204.46.188.53 ar42.r5ard.epa.gov ar42
O1 - Hosts: 204.46.188.54 ar43.r5ard.epa.gov ar43
O1 - Hosts: 204.46.188.55 ar44.r5ard.epa.gov ar44
O1 - Hosts: 204.46.188.56 ar45.r5ard.epa.gov ar45
O1 - Hosts: 204.46.188.11 r5ard-ur.r5ard.epa.gov r5ard-ur
O1 - Hosts: 204.46.177.26 r5ard-tbb.r05tok.epa.gov r5ard-tbb
O1 - Hosts: 204.46.189.12 oi1.r5oig.epa.gov oi1
O1 - Hosts: 204.46.189.13 oi2.r5oig.epa.gov oi2
O1 - Hosts: 204.46.189.11 r5oig-ur.r5oig.epa.gov r5oig-ur
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {275636E4-A535-4668-9FF1-86DC0C62D446} - C:\WINDOWS\MADOPEW.DLL
O2 - BHO: (no name) - {3D9FC8C2-C86A-11D8-A1EC-001086B98B0B} - C:\WINDOWS\SYSTEM\BBLPGAA.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MSN (HKCU)
O12 - Plugin for .gov/FOTW23WebApp/servlet/StudentAccessServlet?dowhat=printsumpdf&phase=10&state=11&historyid=2&pageid=175&mode=0: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .MPG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab

#2 Reg

Reg

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 28 June 2004 - 01:28 PM

OK. I rebooted into safe mode and ran adaware and VX2 as per Phantom's new instructions above. Adaware found new registry entires related to CWS. VX2 said i was clean. Here is the new HJT log. (Sorry to keep rebooting, but you all are posting new instructions.) I have the adaware log if you want it. Also, should I remove the XoftSpy program (I think I got ripped off with them)? Thanks for any help.

Logfile of HijackThis v1.97.7
Scan saved at 1:26:06 PM, on 6/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\netscape_profile\prefs.js)
O1 - Hosts: 204.46.198.11 r5imbnt1.r05res.epa.gov r5imbnt1 r5dev1
O1 - Hosts: 204.46.198.12 r5imbnt2.r05res.epa.gov r5imbnt2 r5dev2
O1 - Hosts: 204.46.177.44 r5notes2.r05tok.epa.gov r5notes2
O1 - Hosts: 204.46.180.38 r5imbnt3.r5gware.epa.gov r5imbnt3 r5notes3_nt
O1 - Hosts: 204.46.180.40 r5imbnt4.r5gware.epa.gov r5imbnt4 r5notes4_nt
O1 - Hosts: 204.46.177.72 r5imbnt5.r05tok.epa.gov r5imbnt5 r5notes5_nt
O1 - Hosts: 204.46.180.46 r5imbnt9.r5gware.epa.gov r5imbnt9 r5notes9
O1 - Hosts: 204.46.189.72 r5nt6.r5oig.epa.gov r5nt6 r5notes6_nt
O1 - Hosts: 204.46.177.57 r5nt6a.r05tok.epa.gov r5nt6a
O1 - Hosts: 204.46.180.37 r5nt6b.r05.epa.gov r5nt6b
O1 - Hosts: 204.46.189.71 r5ntdomfax1.r5oig.epa.gov r5ntdomfax1 r5notes7_fax
O1 - Hosts: 204.46.181.31 r5edont1.r5edo.epa.gov r5edont1 r5notes8_oh
O1 - Hosts: 204.46.189.70 r5ntbkup.r5oig.epa.gov r5ntbkup
O1 - Hosts: 204.46.180.39 r5imbnt3a.r5gware.epa.gov r5imbnt3a
O1 - Hosts: 204.46.198.85 r5ntora.r05res.epa.gov r5ntora
O1 - Hosts: 204.46.177.35 r5leg1.r05tok.epa.gov r5leg1
O1 - Hosts: 204.46.177.37 r5cubix1.r05tok.epa.gov r5cubix1
O1 - Hosts: 204.46.177.38 r5cubix2.r05tok.epa.gov r5cubix2
O1 - Hosts: 204.46.185.12 pm1.r5pmd.epa.gov pm1
O1 - Hosts: 204.46.185.13 pm2.r5pmd.epa.gov pm2
O1 - Hosts: 204.46.185.14 pm3.r5pmd.epa.gov pm3
O1 - Hosts: 204.46.185.15 pm4.r5pmd.epa.gov pm4
O1 - Hosts: 204.46.185.16 pm5.r5pmd.epa.gov pm5
O1 - Hosts: 204.46.185.17 pm6.r5pmd.epa.gov pm6
O1 - Hosts: 204.46.185.18 pm7.r5pmd.epa.gov pm7
O1 - Hosts: 204.46.185.11 r5pmd-ur.r5pmd.epa.gov r5pmd-ur
O1 - Hosts: 204.46.177.23 r5pmd-tbb.r05tok.epa.gov r5pmd-tbb
O1 - Hosts: 204.46.186.12 fm1.r5fms1.epa.gov fm1
O1 - Hosts: 204.46.186.13 fm2.r5fms1.epa.gov fm2
O1 - Hosts: 204.46.186.14 fm3.r5fms1.epa.gov fm3
O1 - Hosts: 204.46.186.15 fm4.r5fms1.epa.gov fm4
O1 - Hosts: 204.46.186.16 fm5.r5fms1.epa.gov fm5
O1 - Hosts: 204.46.186.17 fm6.r5fms1.epa.gov fm6
O1 - Hosts: 204.46.186.11 r5fms1-ur.r5fms1.epa.gov r5fms1-ur
O1 - Hosts: 204.46.177.24 r5fms1-tbb.r05tok.epa.gov r5fms1-tbb
O1 - Hosts: 204.46.187.12 rc1.r5rcra.epa.gov rc1
O1 - Hosts: 204.46.187.13 rc2.r5rcra.epa.gov rc2
O1 - Hosts: 204.46.187.14 rc3.r5rcra.epa.gov rc3
O1 - Hosts: 204.46.187.15 rc4.r5rcra.epa.gov rc4
O1 - Hosts: 204.46.187.16 rc5.r5rcra.epa.gov rc5
O1 - Hosts: 204.46.187.17 rc6.r5rcra.epa.gov rc6
O1 - Hosts: 204.46.187.18 rc7.r5rcra.epa.gov rc7
O1 - Hosts: 204.46.187.19 rc8.r5rcra.epa.gov rc8
O1 - Hosts: 204.46.187.20 rc9.r5rcra.epa.gov rc9
O1 - Hosts: 204.46.187.21 rc10.r5rcra.epa.gov rc10
O1 - Hosts: 204.46.187.22 rc11.r5rcra.epa.gov rc11
O1 - Hosts: 204.46.187.23 rc12.r5rcra.epa.gov rc12
O1 - Hosts: 204.46.190.24 rc13.r5rcra.epa.gov rc13
O1 - Hosts: 204.46.190.25 rc14.r5rcra.epa.gov rc14
O1 - Hosts: 204.46.187.11 r5rcra-ur.r5rcra.epa.gov r5rcra-ur
O1 - Hosts: 204.46.177.25 r5rcra-tbb.r05tok.epa.gov r5rcra-tbb
O1 - Hosts: 204.46.188.12 ar1.r5ard.epa.gov ar1
O1 - Hosts: 204.46.188.13 ar2.r5ard.epa.gov ar2
O1 - Hosts: 204.46.188.14 ar3.r5ard.epa.gov ar3
O1 - Hosts: 204.46.188.15 ar4.r5ard.epa.gov ar4
O1 - Hosts: 204.46.188.16 ar5.r5ard.epa.gov ar5
O1 - Hosts: 204.46.188.17 ar6.r5ard.epa.gov ar6
O1 - Hosts: 204.46.188.18 ar7.r5ard.epa.gov ar7
O1 - Hosts: 204.46.188.19 ar8.r5ard.epa.gov ar8
O1 - Hosts: 204.46.188.20 ar9.r5ard.epa.gov ar9
O1 - Hosts: 204.46.188.21 ar10.r5ard.epa.gov ar10
O1 - Hosts: 204.46.188.22 ar11.r5ard.epa.gov ar11
O1 - Hosts: 204.46.188.23 ar12.r5ard.epa.gov ar12
O1 - Hosts: 204.46.188.24 ar13.r5ard.epa.gov ar13
O1 - Hosts: 204.46.188.25 ar14.r5ard.epa.gov ar14
O1 - Hosts: 204.46.188.26 ar15.r5ard.epa.gov ar15
O1 - Hosts: 204.46.188.27 ar16.r5ard.epa.gov ar16
O1 - Hosts: 204.46.188.28 ar17.r5ard.epa.gov ar17
O1 - Hosts: 204.46.188.29 ar18.r5ard.epa.gov ar18
O1 - Hosts: 204.46.188.30 ar19.r5ard.epa.gov ar19
O1 - Hosts: 204.46.188.31 ar20.r5ard.epa.gov ar20
O1 - Hosts: 204.46.188.32 ar21.r5ard.epa.gov ar21
O1 - Hosts: 204.46.188.33 ar22.r5ard.epa.gov ar22
O1 - Hosts: 204.46.188.34 ar23.r5ard.epa.gov ar23
O1 - Hosts: 204.46.188.35 ar24.r5ard.epa.gov ar24
O1 - Hosts: 204.46.188.36 ar25.r5ard.epa.gov ar25
O1 - Hosts: 204.46.188.37 ar26.r5ard.epa.gov ar26
O1 - Hosts: 204.46.188.38 ar27.r5ard.epa.gov ar27
O1 - Hosts: 204.46.188.39 ar28.r5ard.epa.gov ar28
O1 - Hosts: 204.46.188.40 ar29.r5ard.epa.gov ar29
O1 - Hosts: 204.46.188.41 ar30.r5ard.epa.gov ar30
O1 - Hosts: 204.46.188.42 ar31.r5ard.epa.gov ar31
O1 - Hosts: 204.46.188.43 ar32.r5ard.epa.gov ar32
O1 - Hosts: 204.46.188.44 ar33.r5arb.epa.gov ar33
O1 - Hosts: 204.46.188.45 ar34.r5arb.epa.gov ar34
O1 - Hosts: 204.46.188.46 ar35.r5arb.epa.gov ar35
O1 - Hosts: 204.46.188.47 ar36.r5arb.epa.gov ar36
O1 - Hosts: 204.46.188.48 ar37.r5arb.epa.gov ar37
O1 - Hosts: 204.46.188.49 ar38.r5arb.epa.gov ar38
O1 - Hosts: 204.46.188.50 ar39.r5arb.epa.gov ar39
O1 - Hosts: 204.46.188.51 ar40.r5arb.epa.gov ar40
O1 - Hosts: 204.46.188.52 ar41.r5arb.epa.gov ar41
O1 - Hosts: 204.46.188.53 ar42.r5ard.epa.gov ar42
O1 - Hosts: 204.46.188.54 ar43.r5ard.epa.gov ar43
O1 - Hosts: 204.46.188.55 ar44.r5ard.epa.gov ar44
O1 - Hosts: 204.46.188.56 ar45.r5ard.epa.gov ar45
O1 - Hosts: 204.46.188.11 r5ard-ur.r5ard.epa.gov r5ard-ur
O1 - Hosts: 204.46.177.26 r5ard-tbb.r05tok.epa.gov r5ard-tbb
O1 - Hosts: 204.46.189.12 oi1.r5oig.epa.gov oi1
O1 - Hosts: 204.46.189.13 oi2.r5oig.epa.gov oi2
O1 - Hosts: 204.46.189.11 r5oig-ur.r5oig.epa.gov r5oig-ur
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {275636E4-A535-4668-9FF1-86DC0C62D446} - C:\WINDOWS\MADOPEW.DLL
O2 - BHO: (no name) - {81078902-C8FF-11D8-A1EC-0010B8E6A557} - C:\WINDOWS\SYSTEM\BPEAAEA.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MSN (HKCU)
O12 - Plugin for .gov/FOTW23WebApp/servlet/StudentAccessServlet?dowhat=printsumpdf&phase=10&state=11&historyid=2&pageid=175&mode=0: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .MPG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button