Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Every time i reboot my homepage is being changed to http://www.geocities.com/yori_mrakkadi
Someone please tell me what to do this is the second time my homepage has been hijacked but i dont know how to fix this.StartupList report, 11/9/03, 8:26:55 PM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS.exe
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\ATI2EVXX.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\SISAUDUT.exe
C:\WINDOWS\SYSTEM\DESK98.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\WINAMP3\WINAMPA.exe
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe
C:\WINDOWS\SYSTEM\EXPLORE.exe
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exe---------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe---------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SiS7012Utility = C:\WINDOWS\SYSTEM\SiSAudUt.exe -wdm
HydarVisionDesktopManager = desk98.exe
LoadQM = loadqm.exe
WinampAgent = "C:\Program Files\Winamp3\winampa.exe"
P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe /AUTOSTART
AltnetPointsManager =
Explore = C:\WINDOWS\SYSTEM\EXPLORE.exe
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime---------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesLoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ATIPOLL = ati2evxx.exe
ATISmart = C:\WINDOWS\SYSTEM\ati2s9ag.exe---------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunTaskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
(Default) =---------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv---------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 19/10/2003, 13:45:16)[rename]
C:\WINDOWS\SYSTEM\ati2cqag.DLL=C:\WINDOWS\SYSTEM\ati2cqag.001
C:\WINDOWS\SYSTEM\ATI2DRAG.DRV=C:\WINDOWS\SYSTEM\ATI2DRAG.001
C:\WINDOWS\SYSTEM\Ati2evxx.exe=C:\WINDOWS\SYSTEM\Ati2evxx.002
C:\WINDOWS\SYSTEM\ATI2I9AG.DLL=C:\WINDOWS\SYSTEM\ATI2I9AG.001
C:\WINDOWS\SYSTEM\ATI3D1AG.DLL=C:\WINDOWS\SYSTEM\ATI3D1AG.001---------------------
Enumerating Browser Helper Objects:(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL - {029CA12C-89C1-46a7-A3C7-82F2F98635CB}---------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
---------------------
Enumerating Download Program Files:
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1108/V31Controls/x86/nt5/en/actsetup.cab[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.9192939815[QuickPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\QP2.DLL
CODEBASE = http://quartz.atkinson.yorku.ca/qp2.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\HRTBEAT.OCX
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab[InstallShield International Setup Player]
InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL
CODEBASE = http://www.installengine.com/engine/isetup.cab---------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
---------------------
End of report, 5,608 bytes
Report generated in 0.059 secondsCommand line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
This looks to be a virus:
Explore = C:\WINDOWS\SYSTEM\EXPLORE.exe
Scan for viruses here:
http://housecall.antivirus.com/
0 
I remember the last time this happened to me I had to go into the registry and delete some things before the problem was resolved, i just dont know what and where these things are
0
I have run CWShredder, spybot, hijack this and I still get the Searchtv homepage at my internet home page. I can't get rid of it. Can someone please look at the below file and tell me what I'm missing. I'm running Windows 2000.
Logfile of HijackThis v1.97.3
Scan saved at 7:25:53 PM, on 12/04/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
E:\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.exe
C:\WINNT\Explorer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ICO.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\Pelmiced.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
E:\Kodak EasyShare software\bin\EasyShare.exe
C:\QUICKENW\QWDLLS.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEFFAN~1\LOCALS~1\Temp\Rar$EX00.770\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - (no file)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {F101D8F9-9E90-4401-9FBF-9B515CAA045F} - C:\PROGRA~1\SURFGH~1\SGengine.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: & SurfGhost - {0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} - C:\PROGRA~1\SURFGH~1\SURFGH~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.4977662037
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0010.cab
0  |
 'Open with' problem
|
Password question
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
