Jump to content


Photo

browser default problems


  • Please log in to reply
1 reply to this topic

#1 JanetKemp

JanetKemp

    Member

  • New Member
  • Pip
  • 1 posts

Posted 10 July 2004 - 08:57 PM

Hello,

1. When I open the IE browser, instead of my home page coming up, I get the following pare or variations thereof:

res://cuxsq.dll/index.html#15011

Even if I go in an fix the home page in the settings it keeps reverting back to this each time I open the browser.

2. When I search through Yahoo or one of the search engines after my results come up my page automatically switches to the following search page:

http://search-to-fin...=junk&pin=15011

I have already done the following to clean stuff up:

• I ran Ad-Aware
• I ran Spybot
• I downloaded all of the Micrsoft updates (now that we have cable!)
• Our anti-virus software is up to date
• I ran Hijackthis and eliminated some clearly suspect files (the ones I wasn’t sure about I left).

I noticed after running Hijackthis that some of the files I tried to delete keep coming back (the ones coded R0, R1, 04 and 10).

The good new is that it doesn’t take 5 minutes to boot up anymore and when we search, the “http://” comes up automatically without us having to type it in each time.

I WOULD BE ETERNALLY GRATEFUL IF SOMEONE CAN HELP WITH THE REST OF MY PROBLEM!

Following is the Hijackthis log file:

Logfile of HijackThis v1.97.7
Scan saved at 8:32:11 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\winsv32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\mfcrg32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Documents and Settings\Brendon Kemp\My Documents\Mom's Files\CD9\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cuxsq.dll/sp.html#15011
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cuxsq.dll/index.html#15011
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cuxsq.dll/index.html#15011
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cuxsq.dll/sp.html#15011
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cuxsq.dll/index.html#15011
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cuxsq.dll/sp.html#15011
O2 - BHO: (no name) - {B35C1647-FF47-9FEF-3DE2-7B4BBD5741D3} - C:\WINDOWS\mfcdn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [mfcrg32.exe] C:\WINDOWS\system32\mfcrg32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\RunOnce: [winsv32.exe] C:\WINDOWS\system32\winsv32.exe
O4 - HKLM\..\RunOnce: [apirq.exe] C:\WINDOWS\apirq.exe
O4 - HKLM\..\RunOnce: [addcv.exe] C:\WINDOWS\addcv.exe
O4 - HKLM\..\RunOnce: [sdkxg.exe] C:\WINDOWS\system32\sdkxg.exe
O4 - HKLM\..\RunOnce: [ipsi32.exe] C:\WINDOWS\system32\ipsi32.exe
O4 - HKLM\..\RunOnce: [d3le32.exe] C:\WINDOWS\d3le32.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: VIN.net Client Installer - https://app2.outtask...stallClient.cab
O16 - DPF: VIN.net Clients - https://app2.outtask...6.29/Vinnet.cab
O16 - DPF: Vinnet Swing Classes - https://app2.outtask...VinnetSwing.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab




Thanks!
Jan

#2 808chick

808chick

    SWI Junkie

  • Retired Staff - Helper
  • PipPipPipPip
  • 262 posts

Posted 15 July 2004 - 09:53 PM

Hey JanetKemp,
If you are still having problems, please post a fresh log here for review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button