Jump to content


Photo

My computer keeps changing homepage.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Wolf Fog

Wolf Fog

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 20 July 2004 - 09:51 PM

Ok well, whenever I start my computer I end up in a page with the address being about:blank and the phrase Search For... in bold on the top of the page. I also always get this random pop-up that tells me that my computer has been infected with spyware and/or adware. This only appears the first time I open Internet Explorer after I turn the computer on. From then on I simply get a blank page as my homepage. I've tried running CWSredder and it tells me that it has found CWS.Searchx in my computer, removed it and restored 6 web pages. However, if I restart the computer the CWS.Searchx seems to respawn. I tried asking about this in Gamefaqs, but after around an hour of of trying we weren't able to accomplish anything. He told me to visit this site for help so here I am.

#2 Wolf Fog

Wolf Fog

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 21 July 2004 - 05:42 AM

Here is the Hijackthis log file.

Logfile of HijackThis v1.98.0
Scan saved at 3:38:17 AM, on 7/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SCVHOST.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DSB\DSB.EXE
C:\WINDOWS\SYSTEM\UPDATE.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL
O2 - BHO: (no name) - {D6849090-AD51-48C7-859C-A33DA6F66503} - C:\WINDOWS\SYSTEM\HJE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe
O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\update.exe
O4 - HKCU\..\Run: [IDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot
O4 - HKCU\..\RunServices: [System Update] C:\WINDOWS\System\update.exe
O4 - HKCU\..\RunServices: [IDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.q....576/qboax5.cab
O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpig...ivex/mayhem.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab28578.cab
O18 - Filter: text/html - {2BFE02E7-A2C3-4E12-BC7E-07D872800E3F} - C:\WINDOWS\SYSTEM\HJE.DLL
O18 - Filter: text/plain - {2BFE02E7-A2C3-4E12-BC7E-07D872800E3F} - C:\WINDOWS\SYSTEM\HJE.DLL
O19 - User stylesheet: (file missing)

#3 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 21 July 2004 - 06:37 AM

Hi Wolf Fog,

Please run Ad Aware and Spybot first. Links can be found below.

After running (make sure they're up to date!) make a new HJT-log and post it here :)

Edit: Use also CWShredder, seen the fact you're infected by CWS.

Edited by H@ns, 21 July 2004 - 06:40 AM.

Nucia Security Forums - Dutch Anti-Malware Support

#4 Wolf Fog

Wolf Fog

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 21 July 2004 - 07:42 AM

I did what you said and here is the log.

Logfile of HijackThis v1.98.0
Scan saved at 5:26:21 AM, on 7/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SCVHOST.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DSB\DSB.EXE
C:\WINDOWS\SYSTEM\UPDATE.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TSC.EXE
C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe
O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\update.exe
O4 - HKCU\..\Run: [IDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.q....576/qboax5.cab
O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpig...ivex/mayhem.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O19 - User stylesheet: (file missing)

After I ran them, Internet Explorer started acting up so I had to restart. Its what happend last night too. I would run CWShredder and Adaware, they would find some files and I would get rid of them, but when I turned the computer back on they were back.

#5 Ansh

Ansh

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 21 July 2004 - 11:26 AM

Perhaps you should get rid of following. Be sure to close all IE and Windows Explorer windows before fixing.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing

#6 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 21 July 2004 - 11:56 AM

Erm, Ansh...

There is lots of more sh*t in that log :scratchhead:
Nucia Security Forums - Dutch Anti-Malware Support

#7 Ansh

Ansh

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 21 July 2004 - 12:45 PM

I will be happy to know more Hans!!!

#8 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 21 July 2004 - 12:51 PM

Fine, but read some tuts first, and don't do live logs but some practice logs in the Boot Camp.

There you will learn more than i can learn you :)
Nucia Security Forums - Dutch Anti-Malware Support

#9 Wolf Fog

Wolf Fog

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 21 July 2004 - 04:24 PM

Could someone tell me what else I should get rid of then?

Edited by Wolf Fog, 21 July 2004 - 05:08 PM.


#10 Wolf Fog

Wolf Fog

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 21 July 2004 - 08:34 PM

Well, after I cleaared those items the homepage stopped changing. Thanks Ansh. However, could someone please check this log? I want to try to clean my computer since it seems to be running kinda slowly.

Logfile of HijackThis v1.98.0
Scan saved at 6:25:03 PM, on 7/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SCVHOST.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DSB\DSB.EXE
C:\WINDOWS\SYSTEM\UPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe
O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE
O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\update.exe
O4 - HKCU\..\Run: [IDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot
O4 - HKCU\..\RunServices: [System Update] C:\WINDOWS\System\update.exe
O4 - HKCU\..\RunServices: [IDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfe...tml?toolbar=yes (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.q....576/qboax5.cab
O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpig...ivex/mayhem.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O19 - User stylesheet: (file missing)

Thanks in advance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button