|
| ||
| Hijackthis log file my ie 6 homepage was recently hijacked, and i got all sorts of popups.. i checked out this board and got cwshredder as well as adaware... ran them both and the homepage stopped getting hijacked, however, for some reason the majority of the time i cannot close explorer with the red x or going file-close... i have to do it manually ctrl-alt-delete style, which is quite annoying... Im also pretty sure i followed the right steps by updating to windows xp servicepack 1a and stuff.. heres the hijack this log... thanks in advance for your help Logfile of HijackThis v1.97.7 Scan saved at 6:09:16 PM, on 30/03/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\fast.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\Fast.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\SVA Player\SVAPLAYER.EXE C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ezSP_Px.exe D:\Program Files\Winamp\winampa.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Documents and Settings\Logan\Desktop\CWShredder.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Logan\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_10.dll O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - c:\windows\system32\iexplorr26.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Logan\Application Data\winrc\mssearch.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\System32\WinServices.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install O4 - Startup: Gangsters2Setup.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: ICQ (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03f539b7...p/RdxIE601.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab |
| ||
| Re: Hijackthis log file Quote:
Let's go over them: O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_10.dll O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - c:\windows\system32\iexplorr26.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Logan\Application Data\winrc\mssearch.dll O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe Once you remove these, reboot and remove the files that they point to, then remove the directory C:\Program Files\NewDotNet O4 - Startup: Gangsters2Setup.lnk = ? O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net That's the worst of it. These are optional, but removing them is a good idea. O4 - HKLM\..\Run: [BackgroundSwitcher] O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe These are part of the WinXP PowerToys. Older versions slow the system down--all versions use resources big-time. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime There's no need for QuickTime in the System Tray. O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot RealPlayer can be updated on your schedule, right? O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe Not needed. O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE Resource hog. O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Mahe sure that you are running version 9.0 as earlier versions are a security risk per the vendor. O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03f539b...ip/RdxIE601.cab Utterly worthless. You may have a problem connecting once everything is removed. if so, one of your bits of malware replaced part of your Winsock chain with its own stuff. When you removed it, it may have "broken the chain". Here is the link to LSPFix, which should help. musemaker then responded with: It worked! And here's the process order: * Run LSPfix. * Delete all Dial-up adapters and network protcols. * Delete all Winsock and Winsock2 registry keys. * Under Add/Remove programs uncheck all of the listings under Communications. * Reboot and then add back ALL the Communications items (although netmeeting and chat weren't necessary). It didn't work for me the first time as I have no need for a dial-up adapter, but it is the only way to get Windows to add back winsock2. * Reinstall network protocol settings. |
| ||
| Re: Hijackthis log file there is also a removal tool for it here; Newdotnet removal instructions here http://www.newdotnet.com/#remove Messenger Plus should be uninstalled as it comes bundled with Lop.com. Is this scan B4 or after you ran CWShredder? image.dll install is a CoolWebSearch variant. Make sure you have the latest version of CWShredder & run it again. |
| ||
| Re: Hijackthis log file thanks alot guys.. 24 hours gone by, so far so good thanks for your help Logan |
| ||
| Re: Hijackthis log file this is my hijackthis log. i need to know what to delete... someone please help me out. thanks Logfile of HijackThis v1.97.7 Scan saved at 7:34:46 PM, on 3/31/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\WINH.EXE C:\WINDOWS\OLEHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\TEMP\RAR$EX01.898\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best.omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best.omega-search.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best.omega-search.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hdfxqd.t.muxa.cc/h.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best.omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://best.omega-search.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://hdfxqd.t.muxa.cc/h.php?aid=35 (obfuscated) R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O1 - Hosts: 66.250.171.167 auto.search.msn.com O1 - Hosts: 66.250.171.167 sitefinder.verisign.com O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com O1 - Hosts: 66.250.57.9 view.atdmt.com O1 - Hosts: 66.250.57.9 click.atdmt.com O1 - Hosts: 66.250.57.9 leader.linkexchange.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL O2 - BHO: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\Run: [Winhost] C:\WINDOWS\winh.exe O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Run DAP (HKLM) O9 - Extra 'Tools' menuitem: IMI (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...036.1454513889 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/hdesk_off...eskSetup_A.exe O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} - http://www.popmonster.com/control/src/iefeatures.ocx O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://www.clubphoto.com/_img/uploader/atl_uploader.cab O19 - User stylesheet: c:\windows\my.css |
| ||
| Re: Hijackthis log file Quote:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best.omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best.omega-search.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best.omega-search.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hdfxqd.t.muxa.cc/h.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hdfxqd.t.muxa.cc/s.php?aid=35 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best.omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://best.omega-search.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://hdfxqd.t.muxa.cc/h.php?aid=35 (obfuscated) R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O1 - Hosts: 66.250.171.167 auto.search.msn.com O1 - Hosts: 66.250.171.167 sitefinder.verisign.com O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com O1 - Hosts: 66.250.57.9 view.atdmt.com O1 - Hosts: 66.250.57.9 click.atdmt.com O1 - Hosts: 66.250.57.9 leader.linkexchange.com O2 - BHO: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL O4 - HKLM\..\Run: [Winhost] C:\WINDOWS\winh.exe O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe O19 - User stylesheet: c:\windows\my.css Search your system for a file called Hosts and use the utility to check it out and (probably) delete it. That's about it. |
| All times are GMT -4. The time now is 10:59 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC