• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Wolf Fog

My computer keeps changing homepage.

10 posts in this topic

Ok well, whenever I start my computer I end up in a page with the address being about:blank and the phrase Search For... in bold on the top of the page. I also always get this random pop-up that tells me that my computer has been infected with spyware and/or adware. This only appears the first time I open Internet Explorer after I turn the computer on. From then on I simply get a blank page as my homepage. I've tried running CWSredder and it tells me that it has found CWS.Searchx in my computer, removed it and restored 6 web pages. However, if I restart the computer the CWS.Searchx seems to respawn. I tried asking about this in Gamefaqs, but after around an hour of of trying we weren't able to accomplish anything. He told me to visit this site for help so here I am.

Share this post


Link to post
Share on other sites

Here is the Hijackthis log file.

 

Logfile of HijackThis v1.98.0

Scan saved at 3:38:17 AM, on 7/21/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\SCVHOST.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\DSB\DSB.EXE

C:\WINDOWS\SYSTEM\UPDATE.EXE

C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE

C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL

O2 - BHO: (no name) - {D6849090-AD51-48C7-859C-A33DA6F66503} - C:\WINDOWS\SYSTEM\HJE.DLL

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe

O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKCU\..\Run: [system Update] C:\WINDOWS\System\update.exe

O4 - HKCU\..\Run: [iDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

O4 - HKCU\..\RunServices: [system Update] C:\WINDOWS\System\update.exe

O4 - HKCU\..\RunServices: [iDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab

O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.quickbooks.com/v7.576/qboax5.cab

O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab28578.cab

O18 - Filter: text/html - {2BFE02E7-A2C3-4E12-BC7E-07D872800E3F} - C:\WINDOWS\SYSTEM\HJE.DLL

O18 - Filter: text/plain - {2BFE02E7-A2C3-4E12-BC7E-07D872800E3F} - C:\WINDOWS\SYSTEM\HJE.DLL

O19 - User stylesheet: (file missing)

Share this post


Link to post
Share on other sites

Hi Wolf Fog,

 

Please run Ad Aware and Spybot first. Links can be found below.

 

After running (make sure they're up to date!) make a new HJT-log and post it here :)

 

Edit: Use also CWShredder, seen the fact you're infected by CWS.

Edited by H@ns

Share this post


Link to post
Share on other sites

I did what you said and here is the log.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:26:21 AM, on 7/21/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\SCVHOST.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\DSB\DSB.EXE

C:\WINDOWS\SYSTEM\UPDATE.EXE

C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE

C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\TSC.EXE

C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe

O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKCU\..\Run: [system Update] C:\WINDOWS\System\update.exe

O4 - HKCU\..\Run: [iDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab

O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.quickbooks.com/v7.576/qboax5.cab

O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O19 - User stylesheet: (file missing)

 

After I ran them, Internet Explorer started acting up so I had to restart. Its what happend last night too. I would run CWShredder and Adaware, they would find some files and I would get rid of them, but when I turned the computer back on they were back.

Share this post


Link to post
Share on other sites

Perhaps you should get rid of following. Be sure to close all IE and Windows Explorer windows before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://listdating.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://listdating.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

Share this post


Link to post
Share on other sites

Fine, but read some tuts first, and don't do live logs but some practice logs in the Boot Camp.

 

There you will learn more than i can learn you :)

Share this post


Link to post
Share on other sites

Well, after I cleaared those items the homepage stopped changing. Thanks Ansh. However, could someone please check this log? I want to try to clean my computer since it seems to be running kinda slowly.

 

Logfile of HijackThis v1.98.0

Scan saved at 6:25:03 PM, on 7/21/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\SCVHOST.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\DSB\DSB.EXE

C:\WINDOWS\SYSTEM\UPDATE.EXE

C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE

 

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [mjsr] C:\WINDOWS\mjsr.exe

O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [MSStartOptimizer] C:\WINDOWS\SYSTEM\SCVHOST.EXE

O4 - HKLM\..\RunServices: [RegCompres] C:\WINDOWS\SYSTEM\REGCPM32.EXE

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKCU\..\Run: [system Update] C:\WINDOWS\System\update.exe

O4 - HKCU\..\Run: [iDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

O4 - HKCU\..\RunServices: [system Update] C:\WINDOWS\System\update.exe

O4 - HKCU\..\RunServices: [iDMan] C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE /onboot

O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\idmmbc.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab

O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.quickbooks.com/v7.576/qboax5.cab

O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O19 - User stylesheet: (file missing)

 

Thanks in advance.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0