Nibble Guru - Computing queries demystified Tuesday, December 02, 2008
Home
My Account / Register
Login / Logout
Post your Problem!
Search
About Us
Contact Us
List Home > Web Browsers >   [ Post New Problem ]

Welcome back !
TrackingID : 1632
Posted : Friday, August 13th, 2004 07:24:03 PM
By : shankar_krs
Homepage hijackedConfiguration:
I am getting many popups and the home page often changes. moreover many unwanted toolbars are also being displayed. the below is the log file from hijackthis


Logfile of HijackThis v1.98.2
Scan saved at 7:21:30 PM, on 8/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\\WINNT\\System32\\smss.exe
C:\\WINNT\\system32\\winlogon.exe
C:\\WINNT\\system32\\services.exe
C:\\WINNT\\system32\\lsass.exe
C:\\WINNT\\System32\\ibmpmsvc.exe
C:\\WINNT\\system32\\svchost.exe
C:\\WINNT\\System32\\svchost.exe
C:\\WINNT\\system32\\spoolsv.exe
C:\\WINNT\\LogWatNT.exe
C:\\PROGRA~1\\Marimba\\CASTAN~1\\Tuner.exe
C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe
C:\\Program Files\\Network Associates\\VirusScan\\mcshield.exe
C:\\Program Files\\Network Associates\\VirusScan\\vstskmgr.exe
C:\\PROGRA~1\\Marimba\\CASTAN~1\\RemoteUser.exe
C:\\WINNT\\System32\\svchost.exe
C:\\WINNT\\Explorer.EXE
C:\\WINNT\\System32\\tp4mon.exe
C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\TP98TRAY.EXE
C:\\WINNT\\System32\\RunDll32.exe
C:\\WINNT\\System32\\ltmsg.exe
C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE
C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe
C:\\WINNT\\System32\\zjsiukp.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\Adobe\\Acrobat 5.0\\Distillr\\AcroTray.exe
c:\\progra~1\\intern~1\\iexplore.exe
c:\\progra~1\\intern~1\\iexplore.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Program Files\\Windows Media Player\\wmplayer.exe
C:\\WINNT\\System32\\SNDVOL32.EXE
C:\\WINNT\\System32\\SNDVOL32.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Shankar\\downloads\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://mww.metlife.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://mww.metlife.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://mww.metlife.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://wxkrloevesvbxsoxldpjmbt.net/ml6uiVPgBRGSulha4j_L26IkhX99bOqtYEcDnQYdbnswc6JEO3LLgX0Vfh0_/0yb.html
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = http://risccaste1:5282/ENT/Castanet/ChannelManager
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsB.dll (file missing)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\\WINNT\\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 5.0\\Acrobat\\ActiveX\\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\\WINNT\\questmod.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: C:\\WINNT\\lbbho.dll - {DF28538A-77C0-4B0C-B355-A3F92E70D7F6} - C:\\WINNT\\lbbho.dll
O2 - BHO: (no name) - {EA1EE2CD-7FDD-6877-F948-7F0DC1E1EC67} - C:\\PROGRA~1\\enc32\\amendownload.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINNT\\System32\\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O4 - HKLM\\..\\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\\..\\Run: [TPTRAY] C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\TP98TRAY.EXE
O4 - HKLM\\..\\Run: [BMMGAG] RunDll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\\..\\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\\..\\Run: [ShStatEXE] \"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE
O4 - HKLM\\..\\Run: [McAfeeUpdaterUI] \"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey
O4 - HKLM\\..\\Run: [NeroCheck] C:\\WINNT\\System32\\\\NeroCheck.exe
O4 - HKLM\\..\\Run: [pvgqryekqh] C:\\WINNT\\System32\\zjsiukp.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime
O4 - HKLM\\..\\Run: [otahqvkl] C:\\WINNT\\otahqvkl.exe
O4 - HKLM\\..\\Run: [VcBody] C:\\PROGRA~1\\BENDDR~1\\bind eggs kind.exe
O4 - HKLM\\..\\Run: [browse seek bin roam] C:\\Documents and Settings\\All Users\\Application Data\\jump global browse seek\\Frag Global.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKCU\\..\\Run: [Yahoo! Pager] C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet
O4 - HKCU\\..\\Run: [Spyware Begone] c:\\freescan\\freescan.exe -FastScan
O4 - Global Startup: Acrobat Assistant.lnk = C:\\Program Files\\Adobe\\Acrobat 5.0\\Distillr\\AcroTray.exe
O6 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\\Program Files\\Google\\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\\Program Files\\Yahoo!\\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\\Program Files\\Google\\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\\Program Files\\Google\\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\\Program Files\\Google\\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\\Program Files\\Google\\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\\Program Files\\Yahoo!\\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\\Program Files\\Yahoo!\\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\\Program Files\\Yahoo!\\Messenger\\yhexbmes0521.dll
O9 - Extra \'Tools\' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\\Program Files\\Yahoo!\\Messenger\\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://mww.metlife.com
O16 - DPF: JavaConnect - file://C:\\Documents and Settings\\tkaminski\\Local Settings\\Temp\\SISD\\JavaConnect.cab
O16 - DPF: Sametime BroadCast Client ST30IF2 - file://C:\\Documents and Settings\\tkaminski\\Local Settings\\Temp\\SISD\\STBroadcastClient.cab
O16 - DPF: Sametime Directory Applet ST30SP1 - file://C:\\Documents and Settings\\tkaminski\\Local Settings\\Temp\\SISD\\STDirectoryApplet.cab
O16 - DPF: Sametime Meeting Room Client ST30SP1 - file://C:\\Documents and Settings\\tkaminski\\Local Settings\\Temp\\SISD\\STMeetingRoomClient.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwib.ops.placeware.com/etc/place/INDIA/SCIpws-b2/5.1.3.199/lib/quicksilver.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: Domain = metlife.com
O17 - HKLM\\Software\\..\\Telephony: DomainName = metlife.com
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: Domain = metlife.com 		Operating System : Microsoft Windows XP
CPU/Processor : Pentium III
Hard Disk : 20 GB

Related Problems :
Comments :
Re: Homepage hijacked by shankar_krs on August 14th, 2004 08:59:58 AM
can anyone help me out in getting rid of the above mentioned problems..Please.
Re: Homepage hijacked by Anonymous Ghost on August 16th, 2004 03:16:15 AM
Run spybot, ad-aware

that should fix it for you. if it doesnt post a message here.
Re: Homepage hijacked by 51blues on August 29th, 2004 11:03:39 PM
Did you get your problem solved?
Re: Homepage hijacked by rootsearch.biz by ddgtr04 on September 30th, 2004 12:42:49 AM
Please help, cannot get rid of rootsearch.biz plus porn links in Favorites. Tried Ad-Aware and SpyBot, no significant results. Here is the HijackThis scan results (as much as I can fit in this window. Thank you!!
Logfile of HijackThis v1.98.2
Scan saved at 10:30:56 PM, on 9/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\vladimir\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E14E039-4544-4265-9EA6-884CFF05C1DA}: NameServer = 66.81.0.251 66.81.0.252
Re: Homepage hijacked by rootsearch.biz by ddgtr04 on September 30th, 2004 12:49:45 AM
Please help, cannot get rid of rootsearch.biz plus porn links in Favorites. Tried Ad-Aware and SpyBot, no significant results. Here is the HijackThis scan results (as much as I can fit in this window. Thank you!!
Logfile of HijackThis v1.98.2
Scan saved at 10:30:56 PM, on 9/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\vladimir\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E14E039-4544-4265-9EA6-884CFF05C1DA}: NameServer = 66.81.0.251 66.81.0.252

Related Problems :
Post a Note :
UserName (not required in anonymous posts)
Password (not required in anonymous posts)
Post Anonymous (check this only if you wish to post anonymously.)
Subject
Comment (limited HTML allowed)
List Home > Web Browsers >   [ Post New Problem ]
Copyright © 2001-2008, Nibble Guru