• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ferrari360

Spyware/Adware/Trojan Problems

2 posts in this topic

i have had popups for a month or so now. for the past 3 or 4 months my browser (IE 6.0) has changed my home page everytime i start it between 2 different sites. also it has added pages to my favorites menu. when i type a url i have to type the entire thing or it redirects me to a different site. also a side bar pops up searching for whatever i type in sometimes. lastly when i search on google a new window opens with links to supposed spyware removal sites. i did scans in hijackthis and cwshredder. it suggested that i post them for an expert to see and tell me which and which not to remove. here are the scans:

 

***** HIJACKTHIS LOG *****

 

Logfile of HijackThis v1.97.7

Scan saved at 1:18:06 PM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\GEARSEC.EXE

C:\Program Files\MacOpener\FORMATM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\mska.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\DownloadWare\dw.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\netba.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\MacOpener\MacName.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Documents and Settings\Doug Bug\My Documents\Spyware Removal\SpyWare\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://webcoolsearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-online.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?seojz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?seojz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webcoolsearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?seojz (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jugob.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-online.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=35

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?seojz (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?seojz (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/

O1 - Hosts: 205.177.124.66 auto.search.msn.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {957C1A3C-B7C2-EB4C-D25A-8485425652AA} - C:\WINDOWS\wincj.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"

O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe

O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\System32\ctrlpan.dll,Restore ControlPanel

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [netba.exe] C:\WINDOWS\system32\netba.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe

O4 - HKLM\..\RunOnce: [crdc32.exe] C:\WINDOWS\system32\crdc32.exe

O4 - HKLM\..\RunOnce: [addln.exe] C:\WINDOWS\addln.exe

O4 - HKLM\..\RunOnce: [sdkhk32.exe] C:\WINDOWS\sdkhk32.exe

O4 - HKLM\..\RunOnce: [apifk.exe] C:\WINDOWS\system32\apifk.exe

O4 - HKLM\..\RunOnce: [sdkdf.exe] C:\WINDOWS\system32\sdkdf.exe

O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: winlogon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix: http://ehttp.cc/?

O13 - WWW Prefix: http://ehttp.cc/?

O13 - WWW. Prefix: http://ehttp.cc/?

O15 - Trusted Zone: *.coolwwwsearch.com

O15 - Trusted Zone: *.msn.com

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://connect.online-dialer.com/MaConnect.cab

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?xdat=415&url=http://66.117.38.54:80/dexUS534.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8108.6627314815

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17584370-F96D-45B3-A0FD-1BD226C1CB54}: NameServer = 206.13.28.12 206.13.31.12

O17 - HKLM\System\CS1\Services\Tcpip\..\{17584370-F96D-45B3-A0FD-1BD226C1CB54}: NameServer = 206.13.28.12 206.13.31.12

O19 - User stylesheet: C:\WINDOWS\Web\win.def

O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

 

***** HERE IS CWSHREDDER REPORT *****

 

CWShredder v1.57.0 scan only report

Please understand that a CWShredder 'Scan only' report

might not be sufficient to troubleshoot an infected system.

You can use HijackThis for that:

http://www.merijn.org/files/hijackthis.zip

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Windows XP (5.01.2600 SP1)

Windows dir: C:\WINDOWS

Windows system dir: C:\WINDOWS\system32

AppData folder: C:\Documents and Settings\Doug Bug\Application Data

Username: Doug Bug

 

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer,Search

Infected data: http://acc.count-all.com/--/?seojz (obfuscated)

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer,SearchURL

Infected data: http://webcoolsearch.com/

Infected Registry value:

HKLM\Software\Microsoft\Internet Explorer,Search

Infected data: http://acc.count-all.com/--/?seojz (obfuscated)

Infected Registry value:

HKLM\Software\Microsoft\Internet Explorer,SearchURL

Infected data: http://awebfind.biz/sp.htm

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

Infected data: http://acc.count-all.com/-/?seojz (obfuscated)

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

Infected data: http://acc.count-all.com/--/?seojz (obfuscated)

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar

Infected data: http://www.find-online.net/sp.htm

Infected Registry value:

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar

Infected data: http://t.rack.cc/s.php?aid=35

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant

Infected data: http://webcoolsearch.com/

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

Infected data: http://acc.count-all.com/--/?seojz (obfuscated)

Infected Registry value:

HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL

Infected data: http://www.searchv.com/w/search.html

Infected Registry value:

HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

Infected data: http://www.find-online.net/sp.htm

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL

Infected data: http://www.find-online.net/sp.htm

Infected Registry value:

HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP

Infected data: http://t.rack.cc/h.php?aid=35

Infected Registry value:

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,www,http://

Infected data: http://ehttp.cc/?

Infected Registry value:

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,www.

Infected data: http://ehttp.cc/?

Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (55 bytes, R)

Shell Registry value: HKLM\..\WinLogon [shell] Explorer.exe

UserInit Registry value: HKLM\..\WinLogon [userInit] C:\WINDOWS\system32\userinit.exe,

Found CWS.Bootconf file: c:\bootconf.exe (57344 bytes, A)

Found CWS.Bootconf file: C:\bootconf.exe (57344 bytes, A)

Found CWS.Bootconf file: C:\bootconf.exe (57344 bytes, A)

Found CWS.Addclass file: C:\WINDOWS\addclass.exe (7680 bytes, A)

Found CWS.Therealsearch file: C:\WINDOWS\editpad.rsf (816 bytes, A)

Found CWS.Alfasearch file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winlogon.exe (276 bytes, A)

CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:2

CWS.Oslogo (if value is 2) Registry value: Domains: *.msn.com [*] dword:2

Registry value: Stylesheet (HKLM) [user Stylesheet] C:\WINDOWS\hh.htt

Registry value: Stylesheet (HKCU) [user Stylesheet] C:\WINDOWS\Web\win.def

Found file: C:\WINDOWS\hh.htt (492 bytes, RH)

Found file: C:\WINDOWS\Web\win.def (1282 bytes, RHS)

Registry value: DefaultPrefix (should be http://) [] http://ehttp.cc/?

Registry value: WWW Prefix (should be http://) [www] http://ehttp.cc/?

Registry value: WWW. Prefix (should not be there) [www.] http://ehttp.cc/?

Registry value: Mosaic Prefix (should be http://) [mosaic] http://

Registry value: Home Prefix (should be http://) [home] http://

Found Win.ini file: C:\WINDOWS\win.ini (1009 bytes, A)

Found line in Win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe

Found System.ini file: C:\WINDOWS\system.ini (337 bytes, A)

CWS.Aff.Winshow Registry key: HKCU\Software\WinShow

Found CWS.Smartfinder file: C:\WINDOWS\system32\mtwcnl32.dll (187 bytes, A)

 

***** END OF REPORT *****

 

thank you. any help would be much appreciated.

:techsupport:

Share this post


Link to post
Share on other sites

heres an update. i ran spybot and removed everything i could. i also ran cwshredder but i had some questions. it says that the following files could be part of CWS.Control.3 which generates random filenames. i wasn't sure which are random because the most random were things like a7fj38fjhl3.exe, etc. i already deleted ones like that because im sure they were random. here are the questionable filenames:

 

ABRPNDARXO.exe

KWVTRONOVORN.exe

new.exe

NPBSO.exe

PNUWWJDT.exe

TRVJOUN.exe

TVSPQR.exe

WPSVQSNDPVQ.exe

 

also here is a new hjt log if that helps.

 

***** HIJACK THIS LOG *****

 

Logfile of HijackThis v1.97.7

Scan saved at 12:48:56 PM, on 7/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\GEARSEC.EXE

C:\Program Files\MacOpener\FORMATM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\mska.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mska.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\netba.exe

C:\Program Files\MacOpener\MacName.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Doug Bug\My Documents\Spyware Removal\SpyWare\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jugob.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {957C1A3C-B7C2-EB4C-D25A-8485425652AA} - C:\WINDOWS\wincj.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"

O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [netba.exe] C:\WINDOWS\system32\netba.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe

O4 - HKLM\..\RunOnce: [crdc32.exe] C:\WINDOWS\system32\crdc32.exe

O4 - HKLM\..\RunOnce: [addln.exe] C:\WINDOWS\addln.exe

O4 - HKLM\..\RunOnce: [sdkhk32.exe] C:\WINDOWS\sdkhk32.exe

O4 - HKLM\..\RunOnce: [apifk.exe] C:\WINDOWS\system32\apifk.exe

O4 - HKLM\..\RunOnce: [sdkdf.exe] C:\WINDOWS\system32\sdkdf.exe

O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix:

O13 - WWW Prefix:

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8108.6627314815

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

***** END OF LOG *****

 

Thank you so much. :weep:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0