Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Ok, I have this little spyware program or whatever it is, it isn't good. And I don't want it in my computer. I have downloaded, installed, updated, and ran the following with no luck:
Ad Aware (this finds it when I open IE, but it only stops the popup, it doesn't delete what is causeing it)
SpyBot
Norton AntiVirus
Norton Firewall
I have scanned the computer religiously with the anti spyware programs, which don't return results. What should I do to remove this thing?
You have somehow identified it is there, but it keeps coming back. Is this assumption correct? Do you have "system restore" enabled? Have you tried turning "system restore" off(My Computer>Properties>System Restore>turn it off), restarting the computer and then running your scans for the problem? Have you emtied all yout temp internet files, off line content, and possibly your cookies?
0 
Hi
Let's see what's happening..
Download "hijackThis" save it to disk, make a seperate folder for it..eg: c:\hijack\hijackthis.exe
D. click hijackthis.exe, click "scan", the scan button changes to "save log" button, click "save log", copy and past the whole log in reply to this thread.
Don't fix anything yet as most of what you see in the log is safe or even essential. We will help you sort it out.
0
I didn't start the thread but am experiencing the same problem. any assistance would be appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 10:50:09 AM, on 1/29/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\RpcSs.exe
c:\program files\orl\vnc\WinVNC.exe
C:\WINNT\System32\NMSSvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.exe
C:\WINNT\System32\MAPISP32.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\Program Files\Microsoft Office\Office\outlook.exe
C:\WINNT\System32\ddhelp.exe
C:\Program Files\AcceleRater\Tltx3-48.000\AcceleRater.exe
C:\transport programs\shared\ZMN32.exe
C:\Transport Programs\Test\NSA-TX Policy Underwriting\NAUSTX30.exe
C:\hijack\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/Default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server224.smartbotpro.net/7search/?003-nhp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.0.1.30:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe
O4 - Global Startup: infinity.bat
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: ChatSpace Java Client 2.0.0.66 - http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50029/QDow.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F946A1-6E7A-D03B-71FF-666ACCFD91A0} (DownloadUL Class) - http://public.searchbarcash.com/cab/024/ffteogys.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a63b79c326f6ddce15/netzip/RdxIE601.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.0.1.6 10.48.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.0.1.6 10.48.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.0.1.6 10.48.0.1
0
broz
You have cool web search hijack
Download CWShredder.exe, save it to disk, close all browser windows and windows explorer windows.
D. click cwshredder.exe to run, click "fix", allow the tool to remove what it finds.
Reboot the machine and run the tool again to ensure all has been removed.CWShredder.exe Direct Download
Start hijackthis.exe and place a check in front of the following, close all open windows except hijack and click "fix checked"
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O13 - WWW. Prefix: http://
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50029/QDow.cab
O16 - DPF: {47F946A1-6E7A-D03B-71FF-666ACCFD91A0} (DownloadUL Class) - http://public.searchbarcash.com/cab/024/ffteogys.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a63b79c326f6ddce15/netzip/RdxIE601.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
Reboot the machine again and delete the following:c:\winnt\belt.exe <- this file
If you havn't already Download Spybot Search and Destroy, check for and install all updates, run the scan and let it remove all items in Red
To prevent conflicts during it's scan; temporarily disable your antivirus.
Reboot the machine once more and post new hijack log.
0
Thank you so much for your prompt assistance. This appears to have fixed it!
You have been bookmarked and I will certainly use you again if needed.
Thanks Again!
Logfile of HijackThis v1.97.7
Scan saved at 2:00:33 PM, on 1/29/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\RpcSs.exe
c:\program files\orl\vnc\WinVNC.exe
C:\WINNT\System32\NMSSvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.exe
C:\hijack\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/Default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.0.1.30:80
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe
O4 - Global Startup: infinity.bat
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: ChatSpace Java Client 2.0.0.66 - http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.0.1.6 10.48.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.0.1.6 10.48.0.1
0
broz
Glad to hear it worked out ok..
I would soon visit Windows update and download all the critical updates listed including sp1...it will help prevent alot of these issues from happening again.
Good luck and all the best!
0
i have to clean out this work computer i inherited -- not only does it have that internet optimizer but there was other stuff too that was/is driving me nuts. Can someone look at the HijackThis log and tell me what to do?
I have already run the CWShredder.
Thanks!
Logfile of HijackThis v1.97.7
Scan saved at 6:10:16 PM, on 2/2/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.exe
C:\WINDOWS.000\SYSTEM\MPREXE.exe
C:\WINDOWS.000\SYSTEM\MSTASK.exe
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\ATI2EVAE.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe
C:\PROGRAM FILES\DANTZ\CLIENT\RETROCLIENT.exe
C:\WINDOWS.000\EXPLORER.exe
C:\WINDOWS.000\TASKMON.exe
C:\WINDOWS.000\SYSTEM\SYSTRAY.exe
C:\WINDOWS.000\SYSTEM\ATIPTAXX.exe
C:\WINDOWS.000\SYSTEM\ATI2CWXX.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe
C:\WINDOWS.000\WT\UPDATER\WCMDMGR.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.exe
C:\WINDOWS.000\SYSTEM\DDHELP.exe
C:\WINDOWS.000\SYSTEM\PSTORES.exe
C:\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantv.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cantv.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O1 - Hosts: 207.44.240.65 ads.x10.com
O1 - Hosts: 207.44.240.65 images.x10.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
O1 - Hosts: 207.44.240.65 images.trafficmp.com
O1 - Hosts: 207.44.240.65 ads.specificpop.com
O1 - Hosts: 207.44.240.65 ads.specificclick.com
O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 media1.fastclick.net
O1 - Hosts: 207.44.240.65 media19.fastclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media29.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
O1 - Hosts: 207.44.240.65 www.satellitepop.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 z1.adserver.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 servedfor.valuead.com
O1 - Hosts: 207.44.240.65 banners.valuead.com
O1 - Hosts: 207.44.240.65 img.mediaplex.com
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 popuptraffic.com
O1 - Hosts: 207.44.240.65 leader.linkexchange.com
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
O1 - Hosts: 207.44.240.65 a.tribalfusion.com
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINDOWS.000\SYSTEM\SBSRCH_V22.DLL (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS.000\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS.000\NEM214.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.106-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.106-deleon.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.000\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS.000\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS.000\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS.000\UPTODATE.exe
O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [Retrospect Client] C:\Program Files\Dantz\Client\Retroclient.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [OWMngr] C:\WINDOWS.000\SYSTEM\OWMngr.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS.000\SYSTEM\winservn.exe
O4 - HKCU\..\Run: [Eaua] C:\WINDOWS.000\Application Data\csre.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: EReg.lnk = C:\WINDOWS.000\EReg206\Reg32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Advocy\Office\FINDFAST.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.106-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.106-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.106-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.106-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.106-DELEON.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.17.21/136b470d9c9be6341d21/netzip/RdxIE.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.3684490741
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {FFFF0017-0001-101A-A3C9-08002B2F49FB} - http://www.regnodelsesso.net/23aW0001.exe
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0014.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotica.com/download/1,1,0,3/cabdll.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {E2B2B5A1-B48C-4886-A318-723916A01024} (SBFullInst Control) - http://www.spyblast.com/download/SBFullWU.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/OPTI8106/optimize.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233200} - http://www.sexe-exhibition.org/acces/002/sexe-haut-debit.exe
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/MPB18106/button.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.getweathercast.com/WUInstCAST.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
