Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello,
searchcentrix has hijacked my IE search feature.
I've run HijackThis and selected the searchcentrix items and clicked fix.
After reboot, they keep coming back.
Here's the logfile and any help would be greatly appreciated :)Logfile of HijackThis v1.97.7
Scan saved at 5:05:49 PM, on 11/28/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\GRXP4EXE.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\WINDOWS\SYSTEM\HPHMON04.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\DBGZA.exe
C:\WINDOWS\TASKMON.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.exe
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.exe
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\GREATIS\REGRUNSUITE\WATCHDOG.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe
C:\PROGRAM FILES\HISTORYKILL\HISTKILL.exe
C:\PROGRAM FILES\ICONOID\ICONOID.exe
C:\PROGRAM FILES\PAGOO\PAGOO.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.exe
C:\WINDOWS\SYSTEM\STIMON.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=1608176775234232
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/c/home.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=1608176775234232
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://defaultsearch.net/search.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [dbgza] C:\WINDOWS\SYSTEM\dbgza.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\GREATIS\REGRUN~1\WatchDog.exe
O4 - Startup: HISTORYKILL 2001.LNK = C:\Program Files\HistoryKill\histkill.exe
O4 - Startup: iconoid.lnk = C:\Program Files\Iconoid\iconoid.exe
O4 - Startup: pagoo.lnk = C:\Program Files\Pagoo\Pagoo.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .cfm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {B71C61AE-79C5-4870-B761-07A2D21F63E0} (FreeMedia Control) - http://66.28.33.112/Media.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
Try this page-
http://www.google.com/options/defaults.html
Scroll down to the download that will restore IE back to the original search option.
Jimi_l
0 
see how many of your R0 & R1 entries mention searchcentrix? the ones that mention blank are bad too. delete all R0 & R1 entries except for the Sony Viao one. You do have a Sony Viao? Then reboot.
I don't recognize your O2 or O3 entries, maybe they can go too.
Have you run AdAware, Spybot Search & Destroy, CWShredder, Spyware Blaster? Usually they get rid of all the bad stuff before you need to run HiJackThis.
0
Hello and thanks immensely for your help!!
Sonnysandiego, you were right about the O2 and O3 entries. Those were affecting the return of searchcentrix on R1 and R0.. even after deleting them with HijackThis.
what a nightmare.
AdAware and Spybot did not find or recogognize C:\WINDOWS\SYSTEM\MSDXM.OCX
or
C:\WINDOWS\GSIM.DLL (which is some kind of newfangled toolbar from Visicom Media:
http://www.visicommedia.com/
Check out that "Dynamic Toolbar 2".. if that isn't a piece of adware/spyware work from hell...)
I'm wondering how that blasted searchcentrix got on my system in the first place.
Anyway, thanks again :D
0
You are welcome & thanks for the feedback. I'm glad it worked.
Spybot when run in advanced mode can prevent some malware from being installed. So can Spywareblaster.
CWShredder can fix a lot of search engine problems.
0
i also have a problem with searchcentrix... but alsoi don't know what to do ive discovered strange programs in system32 named qtkcxu.exe,vovzln.exe and yypeeo.exe and i cant delete them. My pc seems strange,for example when i try to write smth in an online window like this one,my keyboard gets crazy,it writes in CAPS when it is not on,it stops writing after two or three letters.... when i run adaware it says that svchost is a spyware. what should i do??? im sending you my hijackthis log.
Logfile of HijackThis v1.97.6
Scan saved at 13:11:54, on 05/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\oxawijqj.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System32\qtkcxu.exe
C:\WINDOWS\System32\nrcheck.exe
C:\WINDOWS\System32\nrcheck.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\ScanPanel\ScnPanel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.exe
C:\WINDOWS\System32\Yzyp.exe
C:\WINDOWS\System32\ZrihQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Popup Blocker\updatedl.exe
C:\WINDOWS\System32\vovzln.exe
C:\WINDOWS\System32\yypeeo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\WINWORD.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Propriétaire\Bureau\Internet & Anti-virus stuff\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=1356168267485
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=1356168267485
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\gsim.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {85F8C8D4-886F-9DDE-0E8B-FCF527B0AFED} - C:\WINDOWS\system32\cgguaksx.dll
O2 - BHO: (no name) - {BBFBAEEC-B5B0-FC35-F60F-3B6FB409DA5E} - C:\WINDOWS\system32\zlxvkhrc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Popup Blocker\Updated.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NetReach] nrcheck.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Yxu5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ihgosple] C:\WINDOWS\oxawijqj.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DELDIR0.exe" "C:\Program Files\McAfee\McAfee Shared Components\Central"
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16f7399c0cb37a586720/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.5082291667
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
0
My ie has been hjacked too, I think. Whenever I enter a search term in Google or sites like EBay a new ie window opens up www.goking.com and it appears to be a search engine. Sometimes multiple windows of these open up and some can be not nice sites. I have used Ad-aware, spybot, spykiller and they do not resolve this issue. When I launce Netscape this does not happen. I don't know what else to do about this problem. Would Norton Utilities clear this up? Please help
0
I'm not an expert,only asking for help too... But I think you shoul try downloading Hijackthis.exe to get rid of it. Scan your pc and send your report here and someone who knows more than me will tell you what to delete! Cheers!
0
I downloaded Hijackthis.exe and here is the log. Thanks in advance for any help here.
I have a Sony system and am running Windows xp. My problem is stated above.Logfile of HijackThis v1.97.7
Scan saved at 6:13:25 AM, on 12/7/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\cscss.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Margaret\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\hille005\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CS] C:\WINDOWS\System32\cscss.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://www.liveupdate.com/controls/getcab2.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
