• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
NCHammer

Default browser

9 posts in this topic

Hi.

 

My browser has a new start up page and a new search page. This means that every time a page is loaded, I end up at some random pages that has a list of pornographic websites. I have both Webroot SpySweeper and Norton Internet Security but they don't appear to have done much!! When I go to Tools>Internet Options, there is a group of numbers written as my home page rather than wanadoo.co.uk. Internet options is still in the control panel but I cannot look at anything on the internet that isn't in my favorites folder.

 

The homepage is http://195.225.176.14/

 

I downloaded HijackThis and this is what it came back with:

 

Logfile of HijackThis v1.97.7

Scan saved at 22:18:52, on 29/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\DSB\DSB.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Documents and Settings\Neil\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.14/pre.pl?www.wanadoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.14/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/

F0 - system.ini: Shell=Explorer.exe monitor.exe

F2 - REG:system.ini: Shell=Explorer.exe monitor.exe

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE

O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe

O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE

O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O13 - DefaultPrefix: http://195.225.176.14/pre.pl?

O13 - WWW Prefix: http://195.225.176.14/pre.pl?

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{44C78281-80CD-42F0-AAED-EE874D4E4FE7}: NameServer = 195.92.195.94 195.92.195.95

O17 - HKLM\System\CS1\Services\Tcpip\..\{44C78281-80CD-42F0-AAED-EE874D4E4FE7}: NameServer = 195.92.195.94 195.92.195.95

 

Please help as this doing my head in!!! Thanks

Share this post


Link to post
Share on other sites

Hi. I'm bumping this up. First posted this at 9pm (english time) last night and haven't heard anything. I realise everyone is busy but just trying to get some assistance as this is doing my head in.

 

Can anyone help?!

Share this post


Link to post
Share on other sites

First, uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.

P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.14/pre.pl?www.wanadoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.14/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/

 

F0 - system.ini: Shell=Explorer.exe monitor.exe

F2 - REG:system.ini: Shell=Explorer.exe monitor.exe

 

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

 

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

 

O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe

O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE

O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe

O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE

O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE

O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe

O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe

 

O13 - DefaultPrefix: http://195.225.176.14/pre.pl?

O13 - WWW Prefix: http://195.225.176.14/pre.pl?

 

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Reboot and delete

 

files

wumgrd.exe

C:\WINDOWS\System32\SCVHOST.EXE

C:\WINDOWS\System32\REGCPM32.EXE

monitor.exe

 

folders

C:\Program Files\DSB

C:\Program Files\MyWay

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Thanks

 

Using the links on this website, I did a lot of what you said last night (on how to read your own log) and it appears to have cleared the problem. However, when I get home tonight, I will be following the rest of the instructions to try and clear it permanently (such as deleting hidden files and folders and removing P2P Networking). - I will update you if any of the above doesn't work.

 

Excellent website. Keep up the good work

Share this post


Link to post
Share on other sites

This is the new HijackThis log after I have done everything you requested

 

Logfile of HijackThis v1.97.7

Scan saved at 19:00:58, on 01/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\Neil\Local Settings\Temp\Temporary Directory 5 for

hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.wanadoo.co.uk/iesearch/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.wanadoo.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.wanadoo.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.wanadoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

Internet Explorer provided by Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = ;<local>

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} -

C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program

Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet

Security\UrlLstCk.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk

 

 

It seems to have cleared all the problems but please let me know if there is anything else that I can still get rid of to avoid future problems.

 

Thanks for all your help. This is a really great site.

Share this post


Link to post
Share on other sites

Hi

 

I've tried to do everything that you have told me and have followed all your instructions. However, I am unable to delete the file c:\WINDOWS\system32\svchost.exe as it appears to be running on my computer in the background. How do I shut it down so I can complete it. My most up-to-date Hijack This log is below and shows the problem.

 

Logfile of HijackThis v1.97.7

Scan saved at 16:37:06, on 17/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Neil\Local Settings\Temp\Temporary Directory 13 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

 

Please tell me if there is anything else I should delete and anything else that is running and should be shutdown. I'll need step by step instructions as I'm not that great with a computer

Share this post


Link to post
Share on other sites

The file to delete is not svchost.exe, which is an essentiona Windows file, but SCVhost.exe! Named like that in order to confuse, and resemble the real file.

 

It does not show as running in your log, so should delete OK

You log looks clean. Any further problems?

Share this post


Link to post
Share on other sites

Ok thanks.

 

I've not had any further problems to be honest. It was just that thing. When I open up my internet connection, it does open at my default browser but in the bottom left corner, it says that it's connecting to the number page that I had problems with and then goes to my browser. If you say my log is clear though, I won't worry about it.

 

Thanks for all your help. This is a great site for the likes of me who aren't completely computer literate.

Share this post


Link to post
Share on other sites

Clean log. Well done.

 

Glad to help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0