Next Victim of "Rootsearch.biz"
Folks,
Glad I stumbled on this site - I am the latest unfortunate recepient of the dreaded rootsearch.biz. AS PER YOUR INSTRUCTIONS, I have downloaded both adware and spybot and ran but to no avail on reboot. Here is my Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 11:11:59 PM, on 9/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\EASY CD CREATOR\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collingwoodsoccer.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.collingwoodsoccer.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdms\1.01.08.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=www.e4me.com
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {0783AF3E-7C31-3923-6844-1EF14ECC36E9} - http://64.237.41.215/1/rdgCA780.exe
Any help would be more than appreciated!
Kind Regards,
Corky :Canflag:
Glad I stumbled on this site - I am the latest unfortunate recepient of the dreaded rootsearch.biz. AS PER YOUR INSTRUCTIONS, I have downloaded both adware and spybot and ran but to no avail on reboot. Here is my Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 11:11:59 PM, on 9/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\EASY CD CREATOR\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collingwoodsoccer.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.collingwoodsoccer.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdms\1.01.08.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=www.e4me.com
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {0783AF3E-7C31-3923-6844-1EF14ECC36E9} - http://64.237.41.215/1/rdgCA780.exe
Any help would be more than appreciated!
Kind Regards,
Corky :Canflag:
0
This discussion has been closed.
Comments
Get rid of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collingwoodsoccer.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.collingwoodsoccer.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdms\1.01.08.dll (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O14 - IERESET.INF: START_PAGE_URL=www.e4me.com
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32....nsearchie32.exe
O16 - DPF: {0783AF3E-7C31-3923-6844-1EF14ECC36E9} - http://64.237.41.215/1/rdgCA780.exe
Remove all those, and then improperly shut down your computer (like, hit ctrl-alt-delete a few times until it reboots). After it comes back up, post a new log and we'll go from there
Logfile of HijackThis v1.98.2
Scan saved at 11:56:08 PM, on 9/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\EASY CD CREATOR\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
Am I OK now?
Corky
The log looks good to me....
I would really like to thank you for your efforts and quick responses. This is truly an awesome site.
Kind Regards,
Corky