Thread: Please could someone help me
View Single Post
Old 12-03-2004, 01:48 PM   #3 (permalink)
Lorand
VIP Member
 
Lorand's Avatar
 
Join Date: Dec 2003
Location: Bucharest
Age: 42
Posts: 3,042
Default
You could disable these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
O2 - BHO: (no name) - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: (no name) - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\SYSTEM\CUSTOMIE32.DLL
O2 - BHO: (no name) - {D29D1C41-44C8-11D9-B6B6-00005E66FE9F} - C:\WINDOWS\SYSTEM\EMPCO.DLL
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [CueClub.exe] C:\WINDOWS\DESKTOP\CUECLU~1.EXE /r
O4 - HKCU\..\Run: [Pacr] C:\WINDOWS\Application Data\umra.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.110/winsearchie32....nsearchie32.exe
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {0CB2BD5A-7A80-4BA9-B49A-02DC51144BDF} (vciewer control) - http://www.thepaymentcentre.com/build/vciewer.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptem...iveSekurity.cab
O16 - DPF: {59C74461-DCC4-59EB-2586-27B336EFA9E9} - http://82.179.166.72/1/gdnGB208.exe
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {5588F7AF-651E-1D6D-7FBD-37900AE435E1} - http://82.179.166.72/1/gdnGB208.exe

Post a new log after that.
Last edited by Lorand; 12-03-2004 at 01:50 PM.
Lorand is offline   Reply With Quote