• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jazz

about:blank stinks

12 posts in this topic

I have been trying to rid my computer of About:blank for two weeks. I have downloaded Adaware, Spybot, cwshredder, highjack this. I can get rid of it for a day but then it takes over. I read about shadowwar’s PV.ZIP file which I have also downloaded but don’t know what to look for. Please help I beg you. Thank you

 

 

Windows xp

:grrr:

Share this post


Link to post
Share on other sites

here is the highjack this log:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:21:39 PM, on 6/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\QuickTime\qttask.exe

F:\iTunesHelper.exe

C:\WINDOWS\System32\hphmon04.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Nikon\NkView5\NkvMon.exe

C:\WINDOWS\System32\HPHipm11.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\darrin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bnoie.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\darrin\Application Data\Mozilla\Profiles\default\2dg7s0qr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E76E693-DE17-4701-8475-40A334395122} - C:\WINDOWS\System32\lhidca.dll (file missing)

O2 - BHO: (no name) - {823448BE-5A5C-4936-8294-99720E75CD6F} - C:\WINDOWS\System32\bnoie.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PostCopy] C:\WINDOWS\System32\BELKIN\F5D5050\PostCopy.exe

O4 - HKLM\..\Run: [iTunesHelper] F:\iTunesHelper.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe

O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O9 - Extra button: Boxtop (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members17.clubphoto.com/_img/upload...tl_uploader.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {BC01A402-4730-11D2-B36C-0000E8DF722B} - http://www.digitalworkshop.co.uk/ilm450.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab

Share this post


Link to post
Share on other sites

Thank you !!!

 

 

--==***@@@ 'FIND-ALL' »»*Original*»» VERSION 8.8 -6/01 @@@***==--

 

 

Tue Jun 01 22:08:07 2004 -- ++Results:

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

'Find-All' is running from Drive:

C: "" (3CCA:738E) - FS:NTFS clusters:4k

Total: 39 983 083 520 [37G] - Free: 17 408 040 960 [16G]

 

 

»»IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

--a-- W32i APP ENU 6.0.2800.1106 shp 91,136 08-29-2002 iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q818529;Q330994;Q822925;Q828750;Q824145;Q837009;Q831167;Q832894;

 

»»Google:

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

8.0.0.4490 C:\Program Files\Windows Media Player\wmplayer.exe

--a-- W32i APP ENU 8.0.0.4490 shp 520,192 04-11-2003 wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

--a-- W32i APP ENU 6.4.9.1125 shp 4,639 08-29-2002 mplayer2.exe

 

»»M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

--a-- W32i DLL ENU 5.0.3810.0 shp 947,472 02-28-2003 msjava.dll

 

»»NotePad(s) version(s)... added Tnx to shadoWWWW ;)

5.1.2600.0 C:\WINDOWS\notepad.exe

--a-- W32i APP ENU 5.1.2600.0 shp 66,048 08-18-2001 notepad.exe

5.1.2600.0 C:\WINDOWS\System32\notepad.exe

--a-- W32i APP ENU 5.1.2600.0 shp 66,048 08-18-2001 notepad.exe

 

»» Regedit* version(s):

5.1.2600.1106 C:\WINDOWS\regedit.exe

--a-- W32i APP ENU 5.1.2600.1106 shp 134,144 08-29-2002 regedit.exe

5.1.2600.0 C:\WINDOWS\System32\regedt32.exe

--a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe

 

 

»»PC uptime:

10:08pm up 0 days, 1:13

 

»»Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\HLPIOP.DLL +++ File read error

\\?\C:\WINDOWS\System32\HLPIOP.DLL +++ File read error

 

 

»»Tasks (services):

0 System Process

4 System

528 smss.exe

616 CSRSS.EXE Title:

640 winlogon.exe Title: NetDDE Agent

720 SERVICES.EXE Svcs: Eventlog,PlugPlay

732 lsass.exe Svcs: ProtectedStorage,SamSs

988 SVCHOST.EXE Svcs: RpcSs

1180 SVCHOST.EXE Svcs: AudioSrv,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,

anmanserver,Netman,Nla,RasMan,Schedule,seclogon,SENS,ShellHWDetection,srservice,

apiSrv,TermService,Themes,TrkWks,uploadmgr,w32time,winmgmt,wuauserv,WZCSVC

1324 SVCHOST.EXE Svcs: Dnscache

1372 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1672 SPOOLSV.EXE Svcs: Spooler

1716 devldr32.exe Title: DEVLDR

1752 ccEvtMgr.exe Svcs: ccEvtMgr

1760 explorer.exe Title: Program Manager

1828 NISUM.EXE Svcs: NISUM

664 Nhksrv.exe Svcs: Nhksrv

1020 acsd.exe Svcs: AOL ACS

1336 CCPXYSVC.EXE Svcs: ccPxySvc

1360 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

1468 gearsec.exe Svcs: GEARSecurity

1580 Navapsvc.exe Svcs: navapsvc

2012 hpgs2wnd.exe Title: HPGS2WND_WINDOW

2020 qttask.exe Title: QTPlayer Tray Icon

2036 iTunesHelper.exeiTunes HelperTitle: iTunes Helper

148 hphmon04.exe Title: HP Photosmart Printer Series

172 hpztsb07.exe Title:

184 ccApp.exe Title:

244 Directcd.exe Title: DirectCD

256 nvsvc32.exe Svcs: NVSvc

344 RuLaunch.exe Title:

384 msmsgs.exe Title: MSBLNetConn

1076 WkCalRem.exe Title: HOMESUITE:ADVSVR

1228 NkvMon.exe Title: Nikon Monitor

1176 wanmpsvc.exe Svcs: WANMiniportService

2184 hpgs2wnf.exe Title: OleMainThreadWndName

2200 MsPMSPSv.exe Svcs: WMDM PMSP Service

2628 iPodService.exe Svcs: iPodService

2736 SVCHOST.EXE Svcs: stisvc

2900 hphipm11.exe Svcs: Pml Driver HPH11

3176 iexplore.exe Title: SWI Forums -> about:blank stinks - Microsoft Internet Explorer

996 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

1144 ntvdm.exe

3956 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

 

 

»»Size of 'Windows' key: (Defaults *450)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs

 

»»Group/user settings:

 

 

User: [LAURA\darrin], is a member of:

 

BUILTIN\Administrators

\Everyone

 

User is a member of group LAURA\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»ACLs list:

C:\junkxxx BUILTIN\Administrators:F

BUILTIN\Administrators:(OI)(CI)(IO)F

NT AUTHORITY\SYSTEM:F

NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

LAURA\darrin:F

CREATOR OWNER:(OI)(CI)(IO)F

BUILTIN\Users:R

BUILTIN\Users:(OI)(CI)(IO)(special access:)

 

GENERIC_READ

GENERIC_EXECUTE

 

BUILTIN\Users:(CI)(special access:)

 

FILE_APPEND_DATA

 

BUILTIN\Users:(CI)(special access:)

 

FILE_WRITE_DATA

 

 

ERROR: There are no more files.

 

 

»»Contents of file(s) in 'junkxxx' folder:

 

»»Md5sums

 

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+

Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/

 

 

0 bytes, 0 ms = 0.00 MB/sec

------

»»Rehash:

 

Tue Jun 01 22:08:24 2004 -- ++Find-All backups created:

A C:\Find-All\Find-All\winBackup.hiv

A C:\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 2.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

You have the 'classic' version! ;)

 

Next,

Your Windows registry is set to open this key directly:

*My Computer\HKEY_LOCAL_MACHINE\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows*

 

--Go to Start/run/type:

regedit

The registry should open with the Windows Subfolder

hilited.

(*compare and be sure the path on the status

bar is same as indicated above!)

 

--RightClick on the Windows Subfolder,

And rename Windows as Windows1

 

--Locate "AppInit_DLLs" value on the right

pane, RightClick it and select -> 'delete'

 

--Select the Windows1 on the left pane

again and rename it back to it's

original name, Windows

 

--Use top regedit's menu view->refresh once

and be sure the "AppInit_DLLs"

value is 'officially' gone from the right pane.

 

--Close regedit, *restart computer!

 

--Navigate to System32 folder, Search

for System32\ HLPIOP.DLL file, hilite

and use the folder's top menu

option : "Edit-> Move to folder..."

Browse to and select: C:\junkxxx folder.

(It was created during first 'Find-All' run)

'ok' it.

 

---Re-run 'Find-All.cmd' and post new log!

Share this post


Link to post
Share on other sites

Here you go !!!

 

 

--==***@@@ 'FIND-ALL' »»*Original*»» VERSION 8.8 -6/01 @@@***==--

 

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

'Find-All' is running from Drive:

 

 

»»IE version and Service packs:

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q818529;Q330994;Q822925;Q828750;Q824145;Q837009;Q831167;Q832894;

 

»»Google:

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

 

»»M$Java version:

 

»»NotePad(s) version(s)... added Tnx to shadoWWWW ;)

 

»» Regedit* version(s):

 

 

»»PC uptime:

 

»»Locked or 'Suspect' file(s) found...

'Xfind' is not recognized as an internal or external command,

operable program or batch file.

'Xfind' is not recognized as an internal or external command,

operable program or batch file.

'Xfind' is not recognized as an internal or external command,

operable program or batch file.

 

 

»»Tasks (services):

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

»»Security settings for 'Windows' key:

 

 

 

»»Size of 'Windows' key: (Defaults *450)

 

 

»»Group/user settings:

 

 

»»ACLs list:

'xcacls' is not recognized as an internal or external command,

operable program or batch file.

'xcacls' is not recognized as an internal or external command,

operable program or batch file.

 

»»Contents of file(s) in 'junkxxx' folder:

hlpiop.dll

 

»»Md5sums

------

»»Rehash:

A C:\Program Files\Common Files\System\MAPI\1033\winBackup.hiv

A C:\Program Files\Common Files\System\MAPI\1033\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

What on earth? :mellow:

 

I have no idea what you did, but be sure

the Find-all folder is where it was before, including all it's parts

 

Currenly it is here for some reason:

:\Program Files\Common Files\System\

MAPI\1033\winBackup.hiv

 

In your first log it was here:

C:\Find-All\Find-All\winBackup.hiv

 

It didn't run properly.

All original parts should be located here:

C:\Find-All\Find-All...

 

Run it again and post the log.

Share this post


Link to post
Share on other sites

sorry, I went back to the link and ran the wrong one. I'm just waiting for the scan to finish :huh: here is the new one. Thanks ofr all your help.

 

 

 

--==***@@@ 'FIND-ALL' »»*Original*»» VERSION 8.8 -6/01 @@@***==--

 

 

Tue Jun 01 23:33:17 2004 -- ++Results:

»»System Info:

 

Microsoft Windows XP [Version 5.1.2600]

'Find-All' is running from Drive:

C: "" (3CCA:738E) - FS:NTFS clusters:4k

Total: 39 983 083 520 [37G] - Free: 17 404 174 336 [16G]

 

 

»»IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

--a-- W32i APP ENU 6.0.2800.1106 shp 91,136 08-29-2002 iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q818529;Q330994;Q822925;Q828750;Q824145;Q837009;Q831167;Q832894;

 

»»Google:

 

»»UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

»»Wmplayer version:

8.0.0.4490 C:\Program Files\Windows Media Player\wmplayer.exe

--a-- W32i APP ENU 8.0.0.4490 shp 520,192 04-11-2003 wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

--a-- W32i APP ENU 6.4.9.1125 shp 4,639 08-29-2002 mplayer2.exe

 

»»M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

--a-- W32i DLL ENU 5.0.3810.0 shp 947,472 02-28-2003 msjava.dll

 

»»NotePad(s) version(s)... added Tnx to shadoWWWW ;)

5.1.2600.0 C:\WINDOWS\notepad.exe

--a-- W32i APP ENU 5.1.2600.0 shp 66,048 08-18-2001 notepad.exe

5.1.2600.0 C:\WINDOWS\System32\notepad.exe

--a-- W32i APP ENU 5.1.2600.0 shp 66,048 08-18-2001 notepad.exe

 

»» Regedit* version(s):

5.1.2600.1106 C:\WINDOWS\regedit.exe

--a-- W32i APP ENU 5.1.2600.1106 shp 134,144 08-29-2002 regedit.exe

5.1.2600.0 C:\WINDOWS\System32\regedt32.exe

--a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe

 

 

»»PC uptime:

11:33pm up 0 days, 0:34

 

»»Locked or 'Suspect' file(s) found...

* result\\?\C:\junkxxx\HLPIOP.DLL

 

 

»»Tasks (services):

0 System Process

4 System

388 smss.exe

604 CSRSS.EXE Title:

632 winlogon.exe Title: NetDDE Agent

676 SERVICES.EXE Svcs: Eventlog,PlugPlay

688 lsass.exe Svcs: ProtectedStorage,SamSs

848 SVCHOST.EXE Svcs: RpcSs

932 SVCHOST.EXE Svcs: AudioSrv,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,

anmanserver,Netman,Nla,RasMan,Schedule,seclogon,SENS,ShellHWDetection,srservice,

apiSrv,TermService,Themes,TrkWks,uploadmgr,w32time,winmgmt,wuauserv,WZCSVC

1608 SVCHOST.EXE Svcs: Dnscache

1640 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient

1776 SPOOLSV.EXE Svcs: Spooler

1804 ccEvtMgr.exe Svcs: ccEvtMgr

1824 NISUM.EXE Svcs: NISUM

1976 Nhksrv.exe Svcs: Nhksrv

1992 acsd.exe Svcs: AOL ACS

2044 CCPXYSVC.EXE Svcs: ccPxySvc

128 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access

192 gearsec.exe Svcs: GEARSecurity

216 Navapsvc.exe Svcs: navapsvc

556 nvsvc32.exe Svcs: NVSvc

924 explorer.exe Title: Program Manager

1176 wanmpsvc.exe Svcs: WANMiniportService

1288 MsPMSPSv.exe Svcs: WMDM PMSP Service

1464 hpgs2wnd.exe Title: HPGS2WND_WINDOW

1472 qttask.exe Title: QTPlayer Tray Icon

1508 iTunesHelper.exeiTunes HelperTitle: iTunes Helper

1564 hphmon04.exe Title: HP Photosmart Printer Series

1584 hpztsb07.exe Title:

1720 ccApp.exe Title: Norton AntiVirus

188 devldr32.exe Title: DEVLDR

264 hpgs2wnf.exe Title: OleMainThreadWndName

412 iPodService.exe Svcs: iPodService

748 Directcd.exe Title: DirectCD

1044 RuLaunch.exe Title:

1348 msmsgs.exe Title: MSNMSGRPassportLogin

2172 WkCalRem.exe Title: HOMESUITE:ADVSVR

2248 NkvMon.exe Title: Nikon Monitor

2496 SVCHOST.EXE Svcs: stisvc

2640 hphipm11.exe Svcs: Pml Driver HPH11

2240 iexplore.exe Title: SWI Forums -> about:blank stinks - Microsoft Internet Explorer

2060 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe

1540 ntvdm.exe

1676 tlist.exe

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access LAURA\darrin

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access LAURA\darrin

 

 

 

 

»»Size of 'Windows' key: (Defaults *450)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 398

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs

 

»»Group/user settings:

 

 

User: [LAURA\darrin], is a member of:

 

BUILTIN\Administrators

\Everyone

 

User is a member of group LAURA\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»ACLs list:

C:\junkxxx BUILTIN\Administrators:F

BUILTIN\Administrators:(OI)(CI)(IO)F

NT AUTHORITY\SYSTEM:F

NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

LAURA\darrin:F

CREATOR OWNER:(OI)(CI)(IO)F

BUILTIN\Users:R

BUILTIN\Users:(OI)(CI)(IO)(special access:)

 

GENERIC_READ

GENERIC_EXECUTE

 

BUILTIN\Users:(CI)(special access:)

 

FILE_APPEND_DATA

 

BUILTIN\Users:(CI)(special access:)

 

FILE_WRITE_DATA

 

 

C:\junkxxx\hlpiop.dll BUILTIN\Administrators:F

NT AUTHORITY\SYSTEM:F

LAURA\darrin:F

BUILTIN\Users:R

 

 

»»Contents of file(s) in 'junkxxx' folder:

hlpiop.dll

 

»»Md5sums

 

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+

Copyright © 2001-2002 Jem Berkes - http://www.pc-tools.net/

 

1de9a8e24c8260067a479b09577d9cae hlpiop.dll

 

35840 bytes, 0 ms = 0.00 MB/sec

------

»»Rehash:

File: <C:\junkxxx\hlpiop.dll>

 

CRC-32 : 33081C8B

 

GOST-Hash : E2E94E7D 1BC1DDED 1B89317C 7BAA86AB 12E14E88 B1D954D0

 

FDA50489 E2973770

 

HAVAL-5-256 : 88FA9B6A 6BC606E5 26E7B90E 292F64B4 69B1F46A 9C849234

 

99CF38D9 B39FBAEC

 

MD5 : 1DE9A8E2 4C826006 7A479B09 577D9CAE

 

SHA-512 : 83B7279E 511C7BAA 5F944BE9 01741043 993E0DF9 93F33A90

 

777A8230 9E5CDD62 80BC3ED8 EC8EF392 843850D6 0D6234A5

 

88739810 5109A279 00DBF027 04F4CC11

 

 

 

 

Tue Jun 01 23:33:30 2004 -- ++Find-All backups created:

A C:\Find-All\Find-All\winBackup.hiv

A C:\Find-All\Find-All\windows.txt

A C:\FindallwinBackup.hiv

A C:\findallappinit.reg

 

***Next Registry run should open this key directly:

 

! REG.EXE VERSION 2.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Share this post


Link to post
Share on other sites

Better! ;)

We can wrap up the hijacker following these steps:

 

--Open the 'Find-All'\Tools Subfolder.

DoubleClick once on: "ZIPZAP.bat" file!

 

It will quickly/Silently do this:

*Restore your key &Security

back to defaults

*Reset permissions on the junkxxx\*.dll moved file

*Create zipped copy in the same folder: "junkxxx.zip"

*Open your email client with given addresses for submission!

 

--Drag the 'junkxxx.zip' and submit the

attachment to the specified addresses, ! , thanks

 

*Note: It is extremply important to mail the file!

Be sure to drag the "junkxxx.zip" file onto your

email window and send out asap!

You have a different variant than our "known" database!

 

When done, Delete the "junkxxx.zip"

as well as the "junkxxx" folder in C:\ And the 'Find-All' folder(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next, you need to clear all the elements the hijacker downloaded!

Run these tools again, as they should work properly now.

have them fix all problems:

*Ad-Aware 6 Build 181:

http://www.lavasoftusa.com/software/adaware/

 

*Latest reference file : 01R313 02.06.2004

http://www.lavasoftsupport.com/index.php?showtopic=28310

 

How To: Perform a "Full Scan" With Ad-aware 6 Build 181

http://www.lavahelp.com/howto/fullscan/index.html

 

http://www.spywareinfo.com/~merijn/files/CWShredder.exe

 

Feel free to post follow up hijackthis log when done!

Good luck :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0