Results 1 to 2 of 2

Thread: NetSpry

  1. #1
    mlramo
    Guest

    Default NetSpry

    I have run all of the suggested programs along with Pest Patrol and when I enter Internet explorer it still goes to www.netspry.com as the default home page. I may be contacted at (edit). Thank you for your time and consideration.

    Logfile of HijackThis v1.98.2
    Scan saved at 5:17:56 PM, on 11/10/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DrWeb\SpiderNT.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\documents and settings\michael ramer\local settings\temp\eCAx.exe
    C:\PROGRA~1\DrWeb\spidernt.exe
    C:\Program Files\DrWeb\spiderml.exe
    C:\Program Files\DrWeb\DRWEBSCD.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Michael Ramer\Local Settings\Temp\cXkQv4z.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eCAx] C:\documents and settings\michael ramer\local settings\temp\eCAx.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spidernt.exe /agent
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mid-tn.com/utilities/tdserver.cab
    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - https://www.vericheckonline.com/view...eterdialog.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C} (ReportExport Class) - https://www.vericheckonline.com/view...ivexviewer.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.vericheckonline.com/view...ivexviewer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...98/mcfscan.cab
    O16 - DPF: {F2CA2115-C8D2-11D1-BEBD-00A0C95A6A5C} (WebReportSource Class) - https://www.vericheckonline.com/view...ivexviewer.cab

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    I took the liberty to remove your e-mail address. First we only answer questions on site and secondly, it is not a good idea to post your e-mail address as there are those who scour the net for valid addresses to set up spam and malware. Your log appears to have a few problems, Ill transfer this post to the Spyware Help forum where HJT logs are looked at.