Newbie dot Org HomePage
Visit one of our web buddies
IE home page hijacked http://ssearch.biz
SBSM
silveries@rediffmail.com
08/05/04 		Hi,
My homepage has been hijacked to http://ssearch.biz

The HijackThis result is given below...any clue.. ???

StartupList report, 8/6/2004, 1:13:28 AM
StartupList version: 1.52
Started from : C:\install\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\regedit.exe
C:\install\HijackThis.exe

--

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

--
End of report, 3,003 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Thanks,
SBSM

Anti-SpyWare: SPYBOT, HijakThis
Anti-Virus: Symantec Corporate Edition 8.1
Browser: IE
Firewall: None
OS: Windows 2000

© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--