Jump to content


'Roings' & 'Netsearch'

  • This topic is locked This topic is locked
4 replies to this topic

#1 Riciamarn



  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 01:25 PM

Am using XP, along with PC-cillin & Ad-aware but now have a problem & we seem to have picked up a Trojan or virus. Home page keeps changing, default search engine keeps coming up as 'netsearch' & Adaware keeps finding 'roing', which we keep deleting. It's causing pop ups {despite having pop up stopper} adding new stuff {like gambling/sex sites} to the favourites & driving us crazy :(

I closed System Restore & ran Ad-aware, deleted the items & re-started System restore, all seemed ok for a while but it's all back again & I am @ loss as to what to do now. I don't know what to download to even try now, please help.

#2 discogail


    "All you need is a gorilla and a dream"

  • Emeritus
  • Pip
  • 86 posts

Posted 16 May 2004 - 01:29 PM

download HijackThis from
to a folder of your choice......doubleclick to open."Scan"...then "Save Log"...when it opens in notepad.......copy (edit..select all..copy) & paste (CTRL-V) the log into your next reply.......

#3 Riciamarn



  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 01:36 PM

Thank you, here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 19:35:49, on 16/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\PC-cillin 2002\PCCPFW.exe
C:\Program Files\PC-cillin 2002\pccguide.exe
C:\Program Files\PC-cillin 2002\PCCClient.exe
C:\Program Files\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\PC-cillin 2002\WebTrap.EXE
C:\PROGRA~1\MEDIAS~1\extra up.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Riciamarn\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.../searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9AC5ED34-CF49-40A3-A525-1614828CAE0E} - C:\WINDOWS\nhvu.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [jtcz] C:\WINDOWS\elfhlki.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Defy License] C:\PROGRA~1\MEDIAS~1\extra up.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{552FFB96-D9CF-49B0-9067-22C394D16669}: NameServer =

#4 Riciamarn



  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 02:47 PM

Still desperate, please help.

#5 PGPhantom


    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 04 October 2004 - 01:55 AM

Due to the time passed without a response in this thread - I am closing it.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button