Show Posts

Tech Clinic / Big problems with CWS.HiddenDll

« on: April 07, 2005, 07:46:12 AM »

Hello and tnanks for trying to help me:

This is the DLLCompare log->

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1.223 items found: 1.223 files, 0 directories.
Total of file sizes: 250.686.563 bytes 239,07 M

Administrator Account = Verdadero

--------------------End log---------------------

So it seems it did not find anything.
Here there is a fresher log of CWShredder and Hijackthis:

CWShredder->

**** Run Keys ****

RUN: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
RUN: [KAZAA] C:\Archivos de programa\Kazaa\Kazaa.exe /SYSTRAY
RUN: [SearchUpgrader] C:\Archivos de programa\Common files\SearchUpgrader\SearchUpgrader.exe
RUN: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [sp] rundll32 C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll,DllInstall
RUN: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
RUN: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
RUN: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
RUN: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\leem.dll
BHO: [ST] C:\Archivos de programa\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
BHO: [MSNToolBandBHO] C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll

**** IE Toolbars ****

TOOLBAR: []
TOOLBAR: [MSN] C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx

**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll
IEExt: [Referencia] C:\WINDOWS\System32\msjava.dll
IEExt: [Messenger] C:\Archivos de programa\Messenger\MSMSGS.EXE

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost

**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Bar: res://C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll/spage.html
Search Page: about:blank

**** IE Context Menu (Right click) ****

IEContext: [E&xportar a Microsoft Excel] res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6032FB72-9D03-4BA0-AE25-AA0C4DFD455B}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6032FB72-9D03-4BA0-AE25-AA0C4DFD455B}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CAF338C-9364-4FD3-AF0B-E0DD235AE661}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CAF338C-9364-4FD3-AF0B-E0DD235AE661}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C634834-3FB5-4F5B-ABD4-87C278311EE4}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C634834-3FB5-4F5B-ABD4-87C278311EE4}] DATAGRAM 2

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108456458281] C:\WINDOWS\System32\wuweb.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.2097337963] C:\WINDOWS\System32\iuctl.dll
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]

**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[C-DillaCdaC11BA] C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Macromedia Licensing Service] "C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe"
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[ose] C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{7F370E26-926C-4FB8-B353-2CEE2306B5E8}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] about:blank
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Save Directory] C:\Documents and Settings\ester\Mis documentos\
IEOPT: [Use Custom Search URL]
IEOPT: [AutoSearch]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [Force Offscreen Composition]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [Enable Browser Extensions] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [AllowWindowReuse]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [SmoothScroll]
IEOPT: [Print_Background] no
IEOPT: [Play_Animations] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Display Inline Videos] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [LastCheckedHi]
IEOPT: [Toolbars_Placement] /ÝTBêL~VBŠÍXH „KØ5tings\ester\Mis documentos\
IEOPT: [Use Search Asst] no
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll/spage.html
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] about:blank
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Search Bar] res://C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll/spage.html

Hijackthis->

Logfile of HijackThis v1.99.1
Scan saved at 14:44:19, on 07/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Common files\SearchUpgrader\SearchUpgrader.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Temp\CWShredder.exe
C:\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A58FD05-F7AD-403C-90C5-78A33E822348} - C:\WINDOWS\System32\leem.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAZAA] C:\Archivos de programa\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Archivos de programa\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ester\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108456458281
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032FB72-9D03-4BA0-AE25-AA0C4DFD455B}: NameServer = 194.179.1.100,194.179.1.101
O18 - Filter: text/html - {69C98C78-365F-4A05-8510-B09D558A3A94} - C:\WINDOWS\System32\leem.dll
O18 - Filter: text/plain - {69C98C78-365F-4A05-8510-B09D558A3A94} - C:\WINDOWS\System32\leem.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Let's see if someone can help me get rid of this annoying CWS.HiddenDll

TheTechGuide Forum

News:

Messages - mugi

Tech Clinic / Big problems with CWS.HiddenDll

Tech Clinic / Big problems with CWS.HiddenDll