• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
roadsafetyguy

lost control of my webpage

5 posts in this topic

I've had my internet explorer home page changed on me. I'm no techie but with a little help here and there I've tried a lot of different ways of resetting it including going into my registry and modifying it, to trying to use hijack this and about buster after reading the instructions given here. I can get internet explorer to reset the first time but as soon as I close it and reopen it the original html#2706 is back again. Any help or suggestions would be appreciated and here is my recent logfile from hijackthis and it seems when I deleted the files I thought I should delete they just came back....thanks

 

Logfile of HijackThis v1.98.0

Scan saved at 11:48:03 PM, on 7/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP DVD\Umbrella\DVDTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\netwr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\mfcqk32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Kevin\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mergi.dll/sp.html#27063

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mergi.dll/index.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mergi.dll/index.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mergi.dll/sp.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mergi.dll/sp.html#27063

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mergi.dll/index.html#27063

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {1BF98538-B821-9B2B-6B34-38F2F81EB289} - C:\WINDOWS\system32\addhf.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe

O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI

O4 - HKLM\..\Run: [netwr.exe] C:\WINDOWS\netwr.exe

O4 - HKLM\..\RunOnce: [mfcjj.exe] C:\WINDOWS\system32\mfcjj.exe

O4 - HKLM\..\RunOnce: [atldp32.exe] C:\WINDOWS\atldp32.exe

O4 - HKLM\..\RunOnce: [netrv.exe] C:\WINDOWS\netrv.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

 

:techsupport:

Share this post


Link to post
Share on other sites

I tired safe mode and ran buster twice and then rebooted and the home page was fine for one try and then changed again...am I doing something wrong???

Share this post


Link to post
Share on other sites

The Monk cannot tell. Your probably doing something wrong, but without knowing anything about this specific adware it's not your fault. All I can say is to reread the FAQ (if you haven't already) and search for posts containing html#2706 untill an expert can check your log personally

 

 

 

--- oh, and if you didn't know already, The Warez Monk is no expert. The Monk has no idea what he's doing. At all :whistle:

Edited by Warez Monk

Share this post


Link to post
Share on other sites

hey, it was good advice and I tried the safe mode as an adminstrator as well as not but still no luck....I did find something that wouldn't delete though which makes me wonder what the hell it is.......oh well....I'm a lot farther along than when I started so thanks and I'll keep looking for the right advice :ugh:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0