Jump to content


Photo

Spyware/Adware/Trojan Problems


  • Please log in to reply
1 reply to this topic

#1 ferrari360

ferrari360

    Member

  • New Member
  • Pip
  • 2 posts

Posted 18 July 2004 - 08:39 PM

i have had popups for a month or so now. for the past 3 or 4 months my browser (IE 6.0) has changed my home page everytime i start it between 2 different sites. also it has added pages to my favorites menu. when i type a url i have to type the entire thing or it redirects me to a different site. also a side bar pops up searching for whatever i type in sometimes. lastly when i search on google a new window opens with links to supposed spyware removal sites. i did scans in hijackthis and cwshredder. it suggested that i post them for an expert to see and tell me which and which not to remove. here are the scans:

***** HIJACKTHIS LOG *****

Logfile of HijackThis v1.97.7
Scan saved at 1:18:06 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\mska.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netba.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Doug Bug\My Documents\Spyware Removal\SpyWare\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-online.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?seojz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?seojz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?seojz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jugob.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-online.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?seojz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?seojz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {957C1A3C-B7C2-EB4C-D25A-8485425652AA} - C:\WINDOWS\wincj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\System32\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [netba.exe] C:\WINDOWS\system32\netba.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [crdc32.exe] C:\WINDOWS\system32\crdc32.exe
O4 - HKLM\..\RunOnce: [addln.exe] C:\WINDOWS\addln.exe
O4 - HKLM\..\RunOnce: [sdkhk32.exe] C:\WINDOWS\sdkhk32.exe
O4 - HKLM\..\RunOnce: [apifk.exe] C:\WINDOWS\system32\apifk.exe
O4 - HKLM\..\RunOnce: [sdkdf.exe] C:\WINDOWS\system32\sdkdf.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://ehttp.cc/?
O13 - WWW Prefix: http://ehttp.cc/?
O13 - WWW. Prefix: http://ehttp.cc/?
O15 - Trusted Zone: *.coolwwwsearch.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolba...s/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://connect.onlin...m/MaConnect.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:...80/dexUS534.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8108.6627314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17584370-F96D-45B3-A0FD-1BD226C1CB54}: NameServer = 206.13.28.12 206.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{17584370-F96D-45B3-A0FD-1BD226C1CB54}: NameServer = 206.13.28.12 206.13.31.12
O19 - User stylesheet: C:\WINDOWS\Web\win.def
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

***** HERE IS CWSHREDDER REPORT *****

CWShredder v1.57.0 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.or.../hijackthis.zip
http://www.spywarein.../hijackthis.zip

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system32
AppData folder: C:\Documents and Settings\Doug Bug\Application Data
Username: Doug Bug

Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer,Search
Infected data: http://acc.count-all.com/--/?seojz (obfuscated)
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer,SearchURL
Infected data: http://webcoolsearch.com/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer,Search
Infected data: http://acc.count-all.com/--/?seojz (obfuscated)
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer,SearchURL
Infected data: http://awebfind.biz/sp.htm
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
Infected data: http://acc.count-all.com/-/?seojz (obfuscated)
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
Infected data: http://acc.count-all.com/--/?seojz (obfuscated)
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: http://www.find-online.net/sp.htm
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: http://t.rack.cc/s.php?aid=35
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
Infected data: http://webcoolsearch.com/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
Infected data: http://acc.count-all.com/--/?seojz (obfuscated)
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL
Infected data: http://www.searchv.com/w/search.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Infected data: http://www.find-online.net/sp.htm
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL
Infected data: http://www.find-online.net/sp.htm
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP
Infected data: http://t.rack.cc/h.php?aid=35
Infected Registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,www,http://
Infected data: http://ehttp.cc/?
Infected Registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,www.
Infected data: http://ehttp.cc/?
Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (55 bytes, R)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Found CWS.Bootconf file: c:\bootconf.exe (57344 bytes, A)
Found CWS.Bootconf file: C:\bootconf.exe (57344 bytes, A)
Found CWS.Bootconf file: C:\bootconf.exe (57344 bytes, A)
Found CWS.Addclass file: C:\WINDOWS\addclass.exe (7680 bytes, A)
Found CWS.Therealsearch file: C:\WINDOWS\editpad.rsf (816 bytes, A)
Found CWS.Alfasearch file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winlogon.exe (276 bytes, A)
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:2
CWS.Oslogo (if value is 2) Registry value: Domains: *.msn.com [*] dword:2
Registry value: Stylesheet (HKLM) [User Stylesheet] C:\WINDOWS\hh.htt
Registry value: Stylesheet (HKCU) [User Stylesheet] C:\WINDOWS\Web\win.def
Found file: C:\WINDOWS\hh.htt (492 bytes, RH)
Found file: C:\WINDOWS\Web\win.def (1282 bytes, RHS)
Registry value: DefaultPrefix (should be http://) [] http://ehttp.cc/?
Registry value: WWW Prefix (should be http://) [www] http://ehttp.cc/?
Registry value: WWW. Prefix (should not be there) [www.] http://ehttp.cc/?
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (1009 bytes, A)
Found line in Win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
Found System.ini file: C:\WINDOWS\system.ini (337 bytes, A)
CWS.Aff.Winshow Registry key: HKCU\Software\WinShow
Found CWS.Smartfinder file: C:\WINDOWS\system32\mtwcnl32.dll (187 bytes, A)

***** END OF REPORT *****

thank you. any help would be much appreciated.
:techsupport:

#2 ferrari360

ferrari360

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 July 2004 - 03:08 PM

heres an update. i ran spybot and removed everything i could. i also ran cwshredder but i had some questions. it says that the following files could be part of CWS.Control.3 which generates random filenames. i wasn't sure which are random because the most random were things like a7fj38fjhl3.exe, etc. i already deleted ones like that because im sure they were random. here are the questionable filenames:

ABRPNDARXO.exe
KWVTRONOVORN.exe
new.exe
NPBSO.exe
PNUWWJDT.exe
TRVJOUN.exe
TVSPQR.exe
WPSVQSNDPVQ.exe

also here is a new hjt log if that helps.

***** HIJACK THIS LOG *****

Logfile of HijackThis v1.97.7
Scan saved at 12:48:56 PM, on 7/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\mska.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mska.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netba.exe
C:\Program Files\MacOpener\MacName.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Doug Bug\My Documents\Spyware Removal\SpyWare\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jugob.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jugob.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jugob.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {957C1A3C-B7C2-EB4C-D25A-8485425652AA} - C:\WINDOWS\wincj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [netba.exe] C:\WINDOWS\system32\netba.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [crdc32.exe] C:\WINDOWS\system32\crdc32.exe
O4 - HKLM\..\RunOnce: [addln.exe] C:\WINDOWS\addln.exe
O4 - HKLM\..\RunOnce: [sdkhk32.exe] C:\WINDOWS\sdkhk32.exe
O4 - HKLM\..\RunOnce: [apifk.exe] C:\WINDOWS\system32\apifk.exe
O4 - HKLM\..\RunOnce: [sdkdf.exe] C:\WINDOWS\system32\sdkdf.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8108.6627314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

***** END OF LOG *****

Thank you so much. :weep:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button