Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - mortlnd


  • Please log in to reply
3 replies to this topic

#1 mortlnd

mortlnd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 July 2004 - 02:01 AM

Hi there,

My browser has been hijacked. My home page keeps
defaulting to res://hgoir.dll/index.html#96676. I
have downloaded and run both ad-aware 6.0 and spybot.
Spybot found five registry entries related to DSO
Exploit, which I have tried to correct without much
success so far. Any insights? Thanks!

My hijack this log can be found below

Logfile of HijackThis v1.97.7
Scan saved at 11:53:11 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ipob32.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\netvt.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\WINDOWS\System32\uhkdeti.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Production Journal\Production Journal.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ian\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdoei.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdoei.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdoei.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdoei.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vdoei.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vdoei.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://ehkqu.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {112D5427-36BF-B118-6762-B819C2050E43} - C:\WINDOWS\javaft.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netvt.exe] C:\WINDOWS\system32\netvt.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [ifrabfwmfv] C:\WINDOWS\System32\uhkdeti.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [winyb.exe] C:\WINDOWS\winyb.exe
O4 - HKLM\..\RunOnce: [ipin.exe] C:\WINDOWS\ipin.exe
O4 - HKLM\..\RunOnce: [ipqz32.exe] C:\WINDOWS\system32\ipqz32.exe
O4 - HKLM\..\RunOnce: [addsl32.exe] C:\WINDOWS\system32\addsl32.exe
O4 - HKLM\..\RunOnce: [iebf.exe] C:\WINDOWS\system32\iebf.exe
O4 - HKLM\..\RunOnce: [iecr32.exe] C:\WINDOWS\iecr32.exe
O4 - HKLM\..\RunOnce: [iege.exe] C:\WINDOWS\system32\iege.exe
O4 - HKLM\..\RunOnce: [d3fq.exe] C:\WINDOWS\system32\d3fq.exe
O4 - HKLM\..\RunOnce: [mfciz.exe] C:\WINDOWS\system32\mfciz.exe
O4 - HKLM\..\RunOnce: [appbz.exe] C:\WINDOWS\system32\appbz.exe
O4 - HKLM\..\RunOnce: [d3zo32.exe] C:\WINDOWS\system32\d3zo32.exe
O4 - HKLM\..\RunOnce: [ntsm.exe] C:\WINDOWS\ntsm.exe
O4 - HKLM\..\RunOnce: [wingw32.exe] C:\WINDOWS\wingw32.exe
O4 - HKLM\..\RunOnce: [mswd32.exe] C:\WINDOWS\mswd32.exe
O4 - HKLM\..\RunOnce: [mfcru32.exe] C:\WINDOWS\system32\mfcru32.exe
O4 - HKLM\..\RunOnce: [addea32.exe] C:\WINDOWS\system32\addea32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\appyj32.exe
O4 - HKLM\..\RunOnce: [mscz.exe] C:\WINDOWS\mscz.exe
O4 - HKLM\..\RunOnce: [mshj.exe] C:\WINDOWS\system32\mshj.exe
O4 - HKLM\..\RunOnce: [mstk.exe] C:\WINDOWS\system32\mstk.exe
O4 - HKLM\..\RunOnce: [atlkb32.exe] C:\WINDOWS\system32\atlkb32.exe
O4 - HKLM\..\RunOnce: [sysnw32.exe] C:\WINDOWS\sysnw32.exe
O4 - HKLM\..\RunOnce: [addxs.exe] C:\WINDOWS\system32\addxs.exe
O4 - HKLM\..\RunOnce: [atlwa.exe] C:\WINDOWS\atlwa.exe
O4 - HKLM\..\RunOnce: [msdv32.exe] C:\WINDOWS\msdv32.exe
O4 - HKLM\..\RunOnce: [msye32.exe] C:\WINDOWS\system32\msye32.exe
O4 - HKLM\..\RunOnce: [mfckd32.exe] C:\WINDOWS\system32\mfckd32.exe
O4 - HKLM\..\RunOnce: [crlt.exe] C:\WINDOWS\crlt.exe
O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\system32\iely32.exe
O4 - HKLM\..\RunOnce: [syshe.exe] C:\WINDOWS\system32\syshe.exe
O4 - HKLM\..\RunOnce: [appve.exe] C:\WINDOWS\system32\appve.exe
O4 - HKLM\..\RunOnce: [mstd32.exe] C:\WINDOWS\system32\mstd32.exe
O4 - HKLM\..\RunOnce: [appka32.exe] C:\WINDOWS\system32\appka32.exe
O4 - HKLM\..\RunOnce: [msrg32.exe] C:\WINDOWS\msrg32.exe
O4 - HKLM\..\RunOnce: [ipdj32.exe] C:\WINDOWS\system32\ipdj32.exe
O4 - HKLM\..\RunOnce: [ievl32.exe] C:\WINDOWS\system32\ievl32.exe
O4 - HKLM\..\RunOnce: [appbj32.exe] C:\WINDOWS\appbj32.exe
O4 - HKLM\..\RunOnce: [crfa32.exe] C:\WINDOWS\crfa32.exe
O4 - HKLM\..\RunOnce: [ipdz32.exe] C:\WINDOWS\system32\ipdz32.exe
O4 - HKLM\..\RunOnce: [addhq.exe] C:\WINDOWS\addhq.exe
O4 - HKLM\..\RunOnce: [apihl.exe] C:\WINDOWS\apihl.exe
O4 - HKLM\..\RunOnce: [apizn32.exe] C:\WINDOWS\apizn32.exe
O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\system32\d3jr32.exe
O4 - HKLM\..\RunOnce: [syswd.exe] C:\WINDOWS\syswd.exe
O4 - HKLM\..\RunOnce: [d3mo32.exe] C:\WINDOWS\system32\d3mo32.exe
O4 - HKLM\..\RunOnce: [appit32.exe] C:\WINDOWS\system32\appit32.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\javasv.exe
O4 - HKLM\..\RunOnce: [sysdr32.exe] C:\WINDOWS\system32\sysdr32.exe
O4 - HKLM\..\RunOnce: [mswt.exe] C:\WINDOWS\mswt.exe
O4 - HKLM\..\RunOnce: [apifx.exe] C:\WINDOWS\system32\apifx.exe
O4 - HKLM\..\RunOnce: [atlmw.exe] C:\WINDOWS\system32\atlmw.exe
O4 - HKLM\..\RunOnce: [d3tc.exe] C:\WINDOWS\system32\d3tc.exe
O4 - HKLM\..\RunOnce: [winnj.exe] C:\WINDOWS\system32\winnj.exe
O4 - HKLM\..\RunOnce: [sdkyk.exe] C:\WINDOWS\sdkyk.exe
O4 - HKLM\..\RunOnce: [atlyu32.exe] C:\WINDOWS\atlyu32.exe
O4 - HKLM\..\RunOnce: [atlvm32.exe] C:\WINDOWS\system32\atlvm32.exe
O4 - HKLM\..\RunOnce: [apivy.exe] C:\WINDOWS\apivy.exe
O4 - HKLM\..\RunOnce: [d3jo.exe] C:\WINDOWS\d3jo.exe
O4 - HKLM\..\RunOnce: [javajz32.exe] C:\WINDOWS\javajz32.exe
O4 - HKLM\..\RunOnce: [windh.exe] C:\WINDOWS\windh.exe
O4 - HKLM\..\RunOnce: [msjn.exe] C:\WINDOWS\system32\msjn.exe
O4 - HKLM\..\RunOnce: [d3hd.exe] C:\WINDOWS\system32\d3hd.exe
O4 - HKLM\..\RunOnce: [netpc.exe] C:\WINDOWS\netpc.exe
O4 - HKLM\..\RunOnce: [ipis.exe] C:\WINDOWS\ipis.exe
O4 - HKLM\..\RunOnce: [atlfc32.exe] C:\WINDOWS\system32\atlfc32.exe
O4 - HKLM\..\RunOnce: [mfcds32.exe] C:\WINDOWS\mfcds32.exe
O4 - HKLM\..\RunOnce: [appxs32.exe] C:\WINDOWS\appxs32.exe
O4 - HKLM\..\RunOnce: [javaje.exe] C:\WINDOWS\system32\javaje.exe
O4 - HKLM\..\RunOnce: [atlfp32.exe] C:\WINDOWS\atlfp32.exe
O4 - HKLM\..\RunOnce: [ieax.exe] C:\WINDOWS\ieax.exe
O4 - HKLM\..\RunOnce: [msmf.exe] C:\WINDOWS\msmf.exe
O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\system32\sdkxw.exe
O4 - HKLM\..\RunOnce: [netpi.exe] C:\WINDOWS\netpi.exe
O4 - HKLM\..\RunOnce: [ntnk.exe] C:\WINDOWS\ntnk.exe
O4 - HKLM\..\RunOnce: [ieop.exe] C:\WINDOWS\ieop.exe
O4 - HKLM\..\RunOnce: [atlmu32.exe] C:\WINDOWS\atlmu32.exe
O4 - HKLM\..\RunOnce: [javaux.exe] C:\WINDOWS\system32\javaux.exe
O4 - HKLM\..\RunOnce: [sdkio.exe] C:\WINDOWS\system32\sdkio.exe
O4 - HKLM\..\RunOnce: [atlgx32.exe] C:\WINDOWS\atlgx32.exe
O4 - HKLM\..\RunOnce: [ipct.exe] C:\WINDOWS\ipct.exe
O4 - HKLM\..\RunOnce: [ipcs.exe] C:\WINDOWS\ipcs.exe
O4 - HKLM\..\RunOnce: [d3mq32.exe] C:\WINDOWS\system32\d3mq32.exe
O4 - HKLM\..\RunOnce: [sysxn.exe] C:\WINDOWS\system32\sysxn.exe
O4 - HKLM\..\RunOnce: [addek32.exe] C:\WINDOWS\system32\addek32.exe
O4 - HKLM\..\RunOnce: [crrj32.exe] C:\WINDOWS\system32\crrj32.exe
O4 - HKLM\..\RunOnce: [addyz.exe] C:\WINDOWS\addyz.exe
O4 - HKLM\..\RunOnce: [addxc32.exe] C:\WINDOWS\addxc32.exe
O4 - HKLM\..\RunOnce: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\RunOnce: [d3fy32.exe] C:\WINDOWS\system32\d3fy32.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\iebr32.exe
O4 - HKLM\..\RunOnce: [d3jp.exe] C:\WINDOWS\system32\d3jp.exe
O4 - HKLM\..\RunOnce: [ipep32.exe] C:\WINDOWS\system32\ipep32.exe
O4 - HKLM\..\RunOnce: [netyd.exe] C:\WINDOWS\system32\netyd.exe
O4 - HKLM\..\RunOnce: [atldl.exe] C:\WINDOWS\atldl.exe
O4 - HKLM\..\RunOnce: [sysoi.exe] C:\WINDOWS\sysoi.exe
O4 - HKLM\..\RunOnce: [iehf.exe] C:\WINDOWS\iehf.exe
O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe
O4 - HKLM\..\RunOnce: [netzu32.exe] C:\WINDOWS\netzu32.exe
O4 - HKLM\..\RunOnce: [javazl.exe] C:\WINDOWS\system32\javazl.exe
O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
O4 - HKLM\..\RunOnce: [addks.exe] C:\WINDOWS\addks.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe
O4 - HKLM\..\RunOnce: [ipaa.exe] C:\WINDOWS\ipaa.exe
O4 - HKLM\..\RunOnce: [iegu.exe] C:\WINDOWS\system32\iegu.exe
O4 - HKLM\..\RunOnce: [atlzu.exe] C:\WINDOWS\atlzu.exe
O4 - HKLM\..\RunOnce: [apixw32.exe] C:\WINDOWS\apixw32.exe
O4 - HKLM\..\RunOnce: [ipek32.exe] C:\WINDOWS\system32\ipek32.exe
O4 - HKLM\..\RunOnce: [apity.exe] C:\WINDOWS\apity.exe
O4 - HKLM\..\RunOnce: [atlxv.exe] C:\WINDOWS\system32\atlxv.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\system32\javapr32.exe
O4 - HKLM\..\RunOnce: [mskr.exe] C:\WINDOWS\system32\mskr.exe
O4 - HKLM\..\RunOnce: [apizp32.exe] C:\WINDOWS\apizp32.exe
O4 - HKLM\..\RunOnce: [ipvi.exe] C:\WINDOWS\system32\ipvi.exe
O4 - HKLM\..\RunOnce: [msqs32.exe] C:\WINDOWS\system32\msqs32.exe
O4 - HKLM\..\RunOnce: [atlut.exe] C:\WINDOWS\atlut.exe
O4 - HKLM\..\RunOnce: [apiod.exe] C:\WINDOWS\system32\apiod.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\javayz.exe
O4 - HKLM\..\RunOnce: [sdkqd32.exe] C:\WINDOWS\sdkqd32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [msuf32.exe] C:\WINDOWS\system32\msuf32.exe
O4 - HKLM\..\RunOnce: [winws.exe] C:\WINDOWS\system32\winws.exe
O4 - HKLM\..\RunOnce: [sysar.exe] C:\WINDOWS\sysar.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\d3jw32.exe
O4 - HKLM\..\RunOnce: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [mfcrm.exe] C:\WINDOWS\system32\mfcrm.exe
O4 - HKLM\..\RunOnce: [ipnf.exe] C:\WINDOWS\system32\ipnf.exe
O4 - HKLM\..\RunOnce: [sdkpb.exe] C:\WINDOWS\sdkpb.exe
O4 - HKLM\..\RunOnce: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKLM\..\RunOnce: [winaf.exe] C:\WINDOWS\winaf.exe
O4 - HKLM\..\RunOnce: [mfcqj.exe] C:\WINDOWS\mfcqj.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\netpq.exe
O4 - HKLM\..\RunOnce: [winaq32.exe] C:\WINDOWS\winaq32.exe
O4 - HKLM\..\RunOnce: [d3kx.exe] C:\WINDOWS\system32\d3kx.exe
O4 - HKLM\..\RunOnce: [apiuf32.exe] C:\WINDOWS\system32\apiuf32.exe
O4 - HKLM\..\RunOnce: [sdkkm32.exe] C:\WINDOWS\system32\sdkkm32.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: BionicleTM Mask of Light the Movie Production Journal.lnk = C:\Program Files\Production Journal\Production Journal.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4...0367/wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\dnvbsihv.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/30e8311b48512ed52601/netzip/RdxIE2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7874.8826273148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D65CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

BC AdBot (Login to Remove)

 


m

#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 July 2004 - 08:49 AM

Please take the following steps to clean this hijack:

First, please enable viewing of hidden/system files per the instructions here: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Download this tool called AboutBuster http://www.downloads.subratam.org/AboutBuster.zip
Unzip it to your desktop but don't run it yet.

Download the latest version of Adaware (get the free edition)
http://www.lavasoft.de/software/adaware/
(choose download from the lefthand menu)

After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen.

Go ahead and close the program

Using the Task Manager, end the task on the following processes:
ipob32.exe
netvt.exe
uhkdeti.exe

Next, go to Start->Run and type "Services.msc" (without quotes) then hit OK.
Scroll down and find the service called "Network Security Service".
When you find it, double-click on it.
In the next window that opens, click the Stop button, then change the Startup Type to Disabled.
Now hit Apply and then OK and close any open windows.


Reboot into Safe Mode http://service1.symantec.com/SUPPORT/tsgen...001052409420406


Run HijackThis and place a check mark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdoei.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdoei.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdoei.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdoei.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vdoei.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vdoei.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://ehkqu.dll/index.html#96676

O2 - BHO: (no name) - {112D5427-36BF-B118-6762-B819C2050E43} - C:\WINDOWS\javaft.dll

O4 - HKLM\..\Run: [netvt.exe] C:\WINDOWS\system32\netvt.exe
O4 - HKLM\..\Run: [ifrabfwmfv] C:\WINDOWS\System32\uhkdeti.exe
O4 - HKLM\..\RunOnce: [winyb.exe] C:\WINDOWS\winyb.exe
O4 - HKLM\..\RunOnce: [ipin.exe] C:\WINDOWS\ipin.exe
O4 - HKLM\..\RunOnce: [ipqz32.exe] C:\WINDOWS\system32\ipqz32.exe
O4 - HKLM\..\RunOnce: [addsl32.exe] C:\WINDOWS\system32\addsl32.exe
O4 - HKLM\..\RunOnce: [iebf.exe] C:\WINDOWS\system32\iebf.exe
O4 - HKLM\..\RunOnce: [iecr32.exe] C:\WINDOWS\iecr32.exe
O4 - HKLM\..\RunOnce: [iege.exe] C:\WINDOWS\system32\iege.exe
O4 - HKLM\..\RunOnce: [d3fq.exe] C:\WINDOWS\system32\d3fq.exe
O4 - HKLM\..\RunOnce: [mfciz.exe] C:\WINDOWS\system32\mfciz.exe
O4 - HKLM\..\RunOnce: [appbz.exe] C:\WINDOWS\system32\appbz.exe
O4 - HKLM\..\RunOnce: [d3zo32.exe] C:\WINDOWS\system32\d3zo32.exe
O4 - HKLM\..\RunOnce: [ntsm.exe] C:\WINDOWS\ntsm.exe
O4 - HKLM\..\RunOnce: [wingw32.exe] C:\WINDOWS\wingw32.exe
O4 - HKLM\..\RunOnce: [mswd32.exe] C:\WINDOWS\mswd32.exe
O4 - HKLM\..\RunOnce: [mfcru32.exe] C:\WINDOWS\system32\mfcru32.exe
O4 - HKLM\..\RunOnce: [addea32.exe] C:\WINDOWS\system32\addea32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\appyj32.exe
O4 - HKLM\..\RunOnce: [mscz.exe] C:\WINDOWS\mscz.exe
O4 - HKLM\..\RunOnce: [mshj.exe] C:\WINDOWS\system32\mshj.exe
O4 - HKLM\..\RunOnce: [mstk.exe] C:\WINDOWS\system32\mstk.exe
O4 - HKLM\..\RunOnce: [atlkb32.exe] C:\WINDOWS\system32\atlkb32.exe
O4 - HKLM\..\RunOnce: [sysnw32.exe] C:\WINDOWS\sysnw32.exe
O4 - HKLM\..\RunOnce: [addxs.exe] C:\WINDOWS\system32\addxs.exe
O4 - HKLM\..\RunOnce: [atlwa.exe] C:\WINDOWS\atlwa.exe
O4 - HKLM\..\RunOnce: [msdv32.exe] C:\WINDOWS\msdv32.exe
O4 - HKLM\..\RunOnce: [msye32.exe] C:\WINDOWS\system32\msye32.exe
O4 - HKLM\..\RunOnce: [mfckd32.exe] C:\WINDOWS\system32\mfckd32.exe
O4 - HKLM\..\RunOnce: [crlt.exe] C:\WINDOWS\crlt.exe
O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\system32\iely32.exe
O4 - HKLM\..\RunOnce: [syshe.exe] C:\WINDOWS\system32\syshe.exe
O4 - HKLM\..\RunOnce: [appve.exe] C:\WINDOWS\system32\appve.exe
O4 - HKLM\..\RunOnce: [mstd32.exe] C:\WINDOWS\system32\mstd32.exe
O4 - HKLM\..\RunOnce: [appka32.exe] C:\WINDOWS\system32\appka32.exe
O4 - HKLM\..\RunOnce: [msrg32.exe] C:\WINDOWS\msrg32.exe
O4 - HKLM\..\RunOnce: [ipdj32.exe] C:\WINDOWS\system32\ipdj32.exe
O4 - HKLM\..\RunOnce: [ievl32.exe] C:\WINDOWS\system32\ievl32.exe
O4 - HKLM\..\RunOnce: [appbj32.exe] C:\WINDOWS\appbj32.exe
O4 - HKLM\..\RunOnce: [crfa32.exe] C:\WINDOWS\crfa32.exe
O4 - HKLM\..\RunOnce: [ipdz32.exe] C:\WINDOWS\system32\ipdz32.exe
O4 - HKLM\..\RunOnce: [addhq.exe] C:\WINDOWS\addhq.exe
O4 - HKLM\..\RunOnce: [apihl.exe] C:\WINDOWS\apihl.exe
O4 - HKLM\..\RunOnce: [apizn32.exe] C:\WINDOWS\apizn32.exe
O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\system32\d3jr32.exe
O4 - HKLM\..\RunOnce: [syswd.exe] C:\WINDOWS\syswd.exe
O4 - HKLM\..\RunOnce: [d3mo32.exe] C:\WINDOWS\system32\d3mo32.exe
O4 - HKLM\..\RunOnce: [appit32.exe] C:\WINDOWS\system32\appit32.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\javasv.exe
O4 - HKLM\..\RunOnce: [sysdr32.exe] C:\WINDOWS\system32\sysdr32.exe
O4 - HKLM\..\RunOnce: [mswt.exe] C:\WINDOWS\mswt.exe
O4 - HKLM\..\RunOnce: [apifx.exe] C:\WINDOWS\system32\apifx.exe
O4 - HKLM\..\RunOnce: [atlmw.exe] C:\WINDOWS\system32\atlmw.exe
O4 - HKLM\..\RunOnce: [d3tc.exe] C:\WINDOWS\system32\d3tc.exe
O4 - HKLM\..\RunOnce: [winnj.exe] C:\WINDOWS\system32\winnj.exe
O4 - HKLM\..\RunOnce: [sdkyk.exe] C:\WINDOWS\sdkyk.exe
O4 - HKLM\..\RunOnce: [atlyu32.exe] C:\WINDOWS\atlyu32.exe
O4 - HKLM\..\RunOnce: [atlvm32.exe] C:\WINDOWS\system32\atlvm32.exe
O4 - HKLM\..\RunOnce: [apivy.exe] C:\WINDOWS\apivy.exe
O4 - HKLM\..\RunOnce: [d3jo.exe] C:\WINDOWS\d3jo.exe
O4 - HKLM\..\RunOnce: [javajz32.exe] C:\WINDOWS\javajz32.exe
O4 - HKLM\..\RunOnce: [windh.exe] C:\WINDOWS\windh.exe
O4 - HKLM\..\RunOnce: [msjn.exe] C:\WINDOWS\system32\msjn.exe
O4 - HKLM\..\RunOnce: [d3hd.exe] C:\WINDOWS\system32\d3hd.exe
O4 - HKLM\..\RunOnce: [netpc.exe] C:\WINDOWS\netpc.exe
O4 - HKLM\..\RunOnce: [ipis.exe] C:\WINDOWS\ipis.exe
O4 - HKLM\..\RunOnce: [atlfc32.exe] C:\WINDOWS\system32\atlfc32.exe
O4 - HKLM\..\RunOnce: [mfcds32.exe] C:\WINDOWS\mfcds32.exe
O4 - HKLM\..\RunOnce: [appxs32.exe] C:\WINDOWS\appxs32.exe
O4 - HKLM\..\RunOnce: [javaje.exe] C:\WINDOWS\system32\javaje.exe
O4 - HKLM\..\RunOnce: [atlfp32.exe] C:\WINDOWS\atlfp32.exe
O4 - HKLM\..\RunOnce: [ieax.exe] C:\WINDOWS\ieax.exe
O4 - HKLM\..\RunOnce: [msmf.exe] C:\WINDOWS\msmf.exe
O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\system32\sdkxw.exe
O4 - HKLM\..\RunOnce: [netpi.exe] C:\WINDOWS\netpi.exe
O4 - HKLM\..\RunOnce: [ntnk.exe] C:\WINDOWS\ntnk.exe
O4 - HKLM\..\RunOnce: [ieop.exe] C:\WINDOWS\ieop.exe
O4 - HKLM\..\RunOnce: [atlmu32.exe] C:\WINDOWS\atlmu32.exe
O4 - HKLM\..\RunOnce: [javaux.exe] C:\WINDOWS\system32\javaux.exe
O4 - HKLM\..\RunOnce: [sdkio.exe] C:\WINDOWS\system32\sdkio.exe
O4 - HKLM\..\RunOnce: [atlgx32.exe] C:\WINDOWS\atlgx32.exe
O4 - HKLM\..\RunOnce: [ipct.exe] C:\WINDOWS\ipct.exe
O4 - HKLM\..\RunOnce: [ipcs.exe] C:\WINDOWS\ipcs.exe
O4 - HKLM\..\RunOnce: [d3mq32.exe] C:\WINDOWS\system32\d3mq32.exe
O4 - HKLM\..\RunOnce: [sysxn.exe] C:\WINDOWS\system32\sysxn.exe
O4 - HKLM\..\RunOnce: [addek32.exe] C:\WINDOWS\system32\addek32.exe
O4 - HKLM\..\RunOnce: [crrj32.exe] C:\WINDOWS\system32\crrj32.exe
O4 - HKLM\..\RunOnce: [addyz.exe] C:\WINDOWS\addyz.exe
O4 - HKLM\..\RunOnce: [addxc32.exe] C:\WINDOWS\addxc32.exe
O4 - HKLM\..\RunOnce: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\RunOnce: [d3fy32.exe] C:\WINDOWS\system32\d3fy32.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\iebr32.exe
O4 - HKLM\..\RunOnce: [d3jp.exe] C:\WINDOWS\system32\d3jp.exe
O4 - HKLM\..\RunOnce: [ipep32.exe] C:\WINDOWS\system32\ipep32.exe
O4 - HKLM\..\RunOnce: [netyd.exe] C:\WINDOWS\system32\netyd.exe
O4 - HKLM\..\RunOnce: [atldl.exe] C:\WINDOWS\atldl.exe
O4 - HKLM\..\RunOnce: [sysoi.exe] C:\WINDOWS\sysoi.exe
O4 - HKLM\..\RunOnce: [iehf.exe] C:\WINDOWS\iehf.exe
O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe
O4 - HKLM\..\RunOnce: [netzu32.exe] C:\WINDOWS\netzu32.exe
O4 - HKLM\..\RunOnce: [javazl.exe] C:\WINDOWS\system32\javazl.exe
O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
O4 - HKLM\..\RunOnce: [addks.exe] C:\WINDOWS\addks.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe
O4 - HKLM\..\RunOnce: [ipaa.exe] C:\WINDOWS\ipaa.exe
O4 - HKLM\..\RunOnce: [iegu.exe] C:\WINDOWS\system32\iegu.exe
O4 - HKLM\..\RunOnce: [atlzu.exe] C:\WINDOWS\atlzu.exe
O4 - HKLM\..\RunOnce: [apixw32.exe] C:\WINDOWS\apixw32.exe
O4 - HKLM\..\RunOnce: [ipek32.exe] C:\WINDOWS\system32\ipek32.exe
O4 - HKLM\..\RunOnce: [apity.exe] C:\WINDOWS\apity.exe
O4 - HKLM\..\RunOnce: [atlxv.exe] C:\WINDOWS\system32\atlxv.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\system32\javapr32.exe
O4 - HKLM\..\RunOnce: [mskr.exe] C:\WINDOWS\system32\mskr.exe
O4 - HKLM\..\RunOnce: [apizp32.exe] C:\WINDOWS\apizp32.exe
O4 - HKLM\..\RunOnce: [ipvi.exe] C:\WINDOWS\system32\ipvi.exe
O4 - HKLM\..\RunOnce: [msqs32.exe] C:\WINDOWS\system32\msqs32.exe
O4 - HKLM\..\RunOnce: [atlut.exe] C:\WINDOWS\atlut.exe
O4 - HKLM\..\RunOnce: [apiod.exe] C:\WINDOWS\system32\apiod.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\javayz.exe
O4 - HKLM\..\RunOnce: [sdkqd32.exe] C:\WINDOWS\sdkqd32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [msuf32.exe] C:\WINDOWS\system32\msuf32.exe
O4 - HKLM\..\RunOnce: [winws.exe] C:\WINDOWS\system32\winws.exe
O4 - HKLM\..\RunOnce: [sysar.exe] C:\WINDOWS\sysar.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\d3jw32.exe
O4 - HKLM\..\RunOnce: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [mfcrm.exe] C:\WINDOWS\system32\mfcrm.exe
O4 - HKLM\..\RunOnce: [ipnf.exe] C:\WINDOWS\system32\ipnf.exe
O4 - HKLM\..\RunOnce: [sdkpb.exe] C:\WINDOWS\sdkpb.exe
O4 - HKLM\..\RunOnce: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKLM\..\RunOnce: [winaf.exe] C:\WINDOWS\winaf.exe
O4 - HKLM\..\RunOnce: [mfcqj.exe] C:\WINDOWS\mfcqj.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\netpq.exe
O4 - HKLM\..\RunOnce: [winaq32.exe] C:\WINDOWS\winaq32.exe
O4 - HKLM\..\RunOnce: [d3kx.exe] C:\WINDOWS\system32\d3kx.exe
O4 - HKLM\..\RunOnce: [apiuf32.exe] C:\WINDOWS\system32\apiuf32.exe
O4 - HKLM\..\RunOnce: [sdkkm32.exe] C:\WINDOWS\system32\sdkkm32.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\dnvbsihv.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/30e8311b48512ed52601/netzip/RdxIE2.cab

Be sure to close all browser and explorer windows and click 'Fix Checked'.

Exit HiJackThis.

Delete the following files if present:

C:\WINDOWS\vdoei.dll
C:\WINDOWS\javaft.dll
C:\WINDOWS\system32\ipob32.exe
C:\WINDOWS\system32\netvt.exe
C:\WINDOWS\System32\uhkdeti.exe


While still in Safe Mode, finish the cleanup process.

Go to Start -->Run and type Regedit then click Ok.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and highlight Services in the left pane. In the right pane, look for any of these entries:

__NS_Service
__NS_Service_2
__NS_Service_3

If any are listed, right-click that entry in the right pane and choose Delete.

Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
and highlight Root in the Left Pane. In the right pane, look for these entries:

LEGACY___NS_Service
LEGACY___NS_Service_2
LEGACY___NS_Service_3

If you find it, right-click it in the right-pane and choose delete. Exit regedit.

Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.

Scan with Adaware and let it remove any bad files found.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


Boot in Normal Mode.

To remove the remainder of the files this exploit deposits, run this Online AntiVirus scan, removing all it finds:

Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com


Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the
second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.


It is also possible that the infection may have deleted up to three files from your system. If these files are present, to be safe I suggest you overwrite them with a new copy.

Go here: http://www.spywareinfo.com/~merijn/winfiles.html#control and download the version of control.exe for your operating system. If you are running Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\.

Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

If you have Spybot S&D installed you may also need to replace one file.
Go here: http://www.spywareinfo.com/~merijn/winfiles.html#sdhelper and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)


Run HiJackThis and post a new log in this thread Please.

I would also recomend uninstalling P2P Networking an add remove programs and then fixing these entries with HijackThis

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART


=== End CWS sp.html/#nnnnn fix ===

#3 mortlnd

mortlnd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 08 July 2004 - 06:41 PM

Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

#4 tjpoc

tjpoc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 15 January 2005 - 05:27 PM

Amazingly, six month later, other's still have this problem...ergh!!! I found this post by a google search and did everything like you said (even though I didn't submit the original post), and sure enough, all appears to be clean. I'm not getting those anoying popus anymore and my start page isn't getting set to about:blank anymore.

I'm just blown away that these types of things can get installed from simply browsing. It's obvious that IE really sucks!

Thanks ColdinCbus!

TJ




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users