I think my browser have been hijacked ... please help me - for every url I type it takes me to the site web.yoursearchfinder.com/.
.. I ran Hijackthis and the log log is as pasted below ...
Logfile of HijackThis v1.97.3
Scan saved at 11:33:26 AM, on 4/15/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\services
.exe
C:\WINNT\system32\lsass.ex
e
C:\WINNT\system32\svchost.
exe
C:\WINNT\System32\svchost.
exe
C:\WINNT\system32\spoolsv.
exe
C:\WINNT\System32\Ati2evxx
.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\MS\SMS\CORE\BIN\C
LISVCL.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\Hummingb
ird\Connec
tivity\7.1
1\Inetd\in
etd32.exe
C:\WINNT\System32\Hummingb
ird\Connec
tivity\7.1
1\Jconfig\
jconfigdnt
.exe
C:\Program Files\NavNT\rtvscan.exe
C:\oracle\ora81\bin\omtsre
co.exe
C:\WINNT\system32\regsvc.e
xe
C:\WINNT\system32\MSTask.e
xe
C:\WINNT\System32\WBEM\Win
Mgmt.exe
C:\WINNT\System32\mspmspsv
.exe
C:\WINNT\MS\SMS\clicomp\ap
a\Bin\smsa
pm32.exe
C:\WINNT\MS\SMS\CLICOMP\Re
mCtrl\Wuse
r32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx
.exe
C:\Program Files\DELL\AccessDirect\da
dapp.exe
C:\WINNT\System32\pctspk.e
xe
C:\WINNT\System32\PRPCUI.e
xe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NavNT\vptray.exe
C:\progra~1\scansoft\paper
p~1\pptd40
nt.exe
C:\PROGRA~1\TEXTBR~1.0\Bin
\INSTAN~1.
EXE
C:\WINNT\MS\SMS\CORE\BIN\L
AUNCH32.EX
E
C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe
C:\Program Files\blss\blss.exe
C:\WINNT\System32\rundll32
.exe
C:\WINNT\MS\SMS\CLICOMP\SW
Dist32\bin
\smsmon32.
exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\WINNT\System32\mdm.exe
C:\Documents and Settings\500517577\My Documents\ie6setup.exe
C:\DOCUME~1\500517~1\LOCAL
S~1\Temp\I
XP001.TMP\
ie6wzd.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Lotus\Sametime Client\activmon.srv
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip3
2.exe
C:\DOCUME~1\500517~1\LOCAL
S~1\Temp\H
ijackThis.
exe
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://corp.home.ge.com/
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,AutoConfigURL =
http://corp.setpac.ge.com/pac.pac
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = http=cin01.proxy.corporate
.ge.com:80
;https=cin
01.proxy.c
orporate.g
e.com:80;f
tp=cin01.p
roxy.corpo
rate.ge.co
m:80
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Toolbar,LinksFold
erName =
R1 - HKCU\Software\Microsoft\In
ternet Connection Wizard,Shellnext =
http://corp.home.ge.com/
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3
DBE0391097
2} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-0
0E018981B9
E} - C:\Program Files\NewDotNet\newdotnet6
_22.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C
581AC420D4
1} - C:\PROGRA~1\COMMON~1\WinTo
ols\btiein
.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C
176083F35C
F} - C:\WINNT\Downloaded Program Files\bridge.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\da
dapp.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
PEnh.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LogoffOnConnect] C:\Program Files\LogoffOnConnect.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paper
p~1\pptd40
nt.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin
\INSTAN~1.
EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin
\REGIST~1.
EXE
O4 - HKLM\..\Run: [VerifyStartMenu] RunDLL32 C:\Netmanag.97\NMGOINN.DLL
,VerifySta
rtMenu
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\L
AUNCH32.EX
E
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDO
T~2.DLL,Ne
wDotNetSta
rtup
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin
\REGIST~1.
EXE
O4 - HKLM\..\RunServices: [PMA] C:\Netmanag.97\PMALOAD.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
ger.exe -quiet
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\System32\advpack.
dll,DelNod
eRunDLL32 "C:\DOCUME~1\500517~1\LOCA
LS~1\Temp\
IXP001.TMP
\"
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanIns
tallStubs >{60B49E34-C7CC-11D0-8953-
00A0C90347
FF}MICROS
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.ge-registrar.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: *.gefinancialbenefits.com
O15 - Trusted Zone: *.mypenskesignon.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
0A0C9037DF
E} (TDServer Control) -
http://www.anandabazar.com/wfplayer/tdserver.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C
281324D548
9} -
http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
4455354000
0} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F
A1D4F56A2A
B} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4524F6B8-B807-11D5-B6C8-0
0805F77B63
0} (Signer Control) -
https://www.ultimatix.net/certEXE/Signer.cab
O16 - DPF: {9B935470-AD4A-11D5-B63E-0
0C04FAEDB1
8} -
http://corpt028.corporate.ge.com:3643/OA_HTML/oajinit.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C
176083F35C
F} (brdg Class) -
http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-A
BCDEFABCDE
F} (JInitiator 1.3.1.9) -
http://corpp034.corporate.ge.com:3243/jinitiator/oajinit.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {ff348b6e-fd21-11d4-a3f0-0
0c04fa3251
8} -
O17 - HKLM\System\CCS\Services\T
cpip\Param
eters: Domain = corporate.ge.com
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: Domain = corporate.ge.com
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: Domain = corporate.ge.com