Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Browser Hijacking

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Browser Hijacking

Reply to Message Icon

Name: Freiberger
Date: September 2, 2003 at 15:20:16 Pacific
OS: Windows ME
CPU/Ram: Pentium 96meg
Comment:

I seem to be having a problem with a porn menu being added to the bottom of my screen whenever I use IE. Ad-Aware doesn't seem to be helping the problem. Neither does Norton anti virus. I used Hijack This to scan my computer, but I can't make heads or tales out of the log. The log is below. Can anyone help me out?

Bill


Logfile of HijackThis v1.96.4
Scan saved at 3:07:20 PM, on 9/2/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe
C:\WINDOWS\EXPLORER.exe
C:\OPLIMIT\OCRAWARE.exe
C:\OPLIMIT\OCRAWR32.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\IBMTOOLS\APTEZBTN\APTEZBP.exe
C:\CSAFE\AUTOCHK.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\APPLICATION DATA\LVGEEDRB.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.exe
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.exe
C:\WINDOWS\TEMP\XAUA380.TMP
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.exe
C:\WINDOWS\SYSTEM\HPOMLCH.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\AMERICA ONLINE 7.0\DOWNLOAD\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://h21003.ecpm.com/passthrough/index.html?http://www.google.com/
F1 - win.ini: load=c:\oplimit\ocraware.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2f11f467-b2bb-4bad-a74a-1586379ef974} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.exe
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\Run: [brprlyy] C:\WINDOWS\APPLIC~1\lvgeedrb.exe -QuieT
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.exe
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: NetShow PowerPoint Helper.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37866.4997453704
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - https://moviemixer.oddcast.com//hostClientIE.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe



Sponsored Link
Ads by Google

Response Number 1
Name: Tom41
Date: September 2, 2003 at 17:06:06 Pacific
Reply:

You have a LOP hijack. Run HT again and place a check in the box next to the following entries. Close all open browser windows and click fix checked. Reboot.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://h21003.ecpm.com/passthrough/index.html?http://www.google.com/
O3 - Toolbar: (no name) - {2f11f467-b2bb-4bad-a74a-1586379ef974} - (no file)
O4 - HKLM\..\Run: [brprlyy] C:\WINDOWS\APPLIC~1\lvgeedrb.exe -QuieT

After rebooting delete the following file:
C:\WINDOWS\APPLIC~1\lvgeedrb.exe

Then install, update and run Spybot-S&D. Have Spybot remove all entries listed that are red.

Spybot



0

Response Number 2
Name: Corbin
Date: September 3, 2003 at 18:07:34 Pacific
Reply:

serves u right


0

Response Number 3
Name: Freiberger
Date: September 3, 2003 at 18:28:59 Pacific
Reply:

Thanks. That seems to have done the trick.


0

Response Number 4
Name: Silver Surfer
Date: September 5, 2003 at 08:57:52 Pacific
Reply:

**anybody ever seen a hijack that makes explorer go all wonky when you start to type an address in? I got rid of it somehow, but I'd start to type and explorer would like shake, like when you hit the refresh button on your monitor. Anyone know exactly what this is called? I'm just curious so I can get rid of it quickly if I get it again, while I'm SEARCHING MY PORN :)**



0

Response Number 5
Name: stcc1
Date: September 11, 2003 at 08:42:36 Pacific
Reply:

I've been having the same problem and I've already tried scanning it with HT but its still not helping.. so heres my log file


Logfile of HijackThis v1.97.1
Scan saved at 9:34:05 AM, on 9/11/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\SYSTEM32\lexmvservice.exe
C:\WINNT\SYSTEM32\LexWebService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\WINNT\System32\MsgSys.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\AS20421\APPLIC~1\prglstre.exe
C:\Program Files\RCPrograms\RCSync.exe
C:\WINNT\System32\ctfmon.exe
C:\DOCUME~1\AS20421\LOCALS~1\Temp\Svf1.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\AS20421\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=37517
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=37517
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://l16715.ecpm.com/passthrough/index.html?http://www.southwest.tn.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=37517
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://L13870.ecpm.com/passthrough/index.html?http://www.southwest.tn.edu/
N1 - Netscape 4: user_pref("browser.startup.homepage", "sbjr.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.southwest.tn.edu/"); (C:\Documents and Settings\AS20421\Application Data\Mozilla\Profiles\default\wl9icxvi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\AS20421\Application Data\Mozilla\Profiles\default\wl9icxvi.slt\prefs.js)
O1 - Hosts: 207.44.240.65 ads.x10.com
O1 - Hosts: 207.44.240.65 images.x10.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
O1 - Hosts: 207.44.240.65 images.trafficmp.com
O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
O1 - Hosts: 207.44.240.65 ads.specificpop.com
O1 - Hosts: 207.44.240.65 ads.specificclick.com
O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 media1.fastclick.net
O1 - Hosts: 207.44.240.65 media19.fastclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media29.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
O1 - Hosts: 207.44.240.65 www.satellitepop.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 z1.adserver.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 servedfor.valuead.com
O1 - Hosts: 207.44.240.65 banners.valuead.com
O1 - Hosts: 207.44.240.65 img.mediaplex.com
O1 - Hosts: 207.44.240.65 ln.doubleclick.net
O1 - Hosts: 207.44.240.65 m2.doubleclick.net
O1 - Hosts: 207.44.240.65 m.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.doubleclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 popuptraffic.com
O1 - Hosts: 207.44.240.65 leader.linkexchange.com
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 iv.doubleclick.net
O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - (no file)
O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - (no file)
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\Program Files\POP\pop167.dll (file missing)
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - (no file)
O2 - BHO: (no name) - {b7ec35ab-d8b0-4d26-b0f5-3cee6b08fc61} - C:\DOCUME~1\AS20421\APPLIC~1\eawyzdllf.dll
O2 - BHO: (no name) - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: rglchbrzpre - {19c18588-3b41-4e76-b2d7-21b7bc246100} - C:\DOCUME~1\AS20421\APPLIC~1\eawyzdllf.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [adllw] C:\DOCUME~1\AS20421\APPLIC~1\prglstre.exe -QuieT
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8106/turbo.cab?id=3295169
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/111956.exe
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/4.1.1/Hiwire.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4EBD0320-3FA7-4234-9461-638469C74E25} - http://www.pinksandsmediagroup.com/external/cabs/packages/cab_4.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/254be8bfb0440f356f20/netzip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?1048608496422
O16 - DPF: {A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} - http://64.246.24.68/Aff_Installer_4.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/advertisers/hyundai/hyundairallychallenge/install.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FFFF0017-0002-101A-A3C9-08002B2F49FB} - http://www.desktoplife.net/23d25380.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = E80.ecpm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = E80.ecpm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = E80.ecpm.com



0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Browser Hijacking
Browser Hijack www.computing.net/answers/security/browser-hijack/13936.html

Browser hijacking www.computing.net/answers/security/browser-hijacking/8374.html

Browser Hijacking www.computing.net/answers/security/browser-hijacking/6714.html