• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Yuna

Problem with homepage and favourites in IE

7 posts in this topic

Hi,

i've had this problem for more than a month now... it started when i got tricked into a website by a ICQ user(do not trust anyone on ICQ, they are pure evil!.. :p), after that, something is wrong in my internet explorer.

 

i realised that when i open a new IE, the default homepage has changed into a site that i neva heard of, so i went into "internet option" and see, and my default homepage has been changed to "http://go.targetsearch.info" and there are 3 extra links in my favourite in the IE. i've tried deleting them, but they keep coming back up after reboot. but its really not too much of a major problem, so i kina ignored it...

 

Today i've been searching for some stuff, went thru a lot of sites; and then i opened a new IE, and found out that the default homepage has changed, so i wondered and looked into "internet options" again, and see that the default homepage URL has changed.. and all the buttons and the text box on that section is disabled!.. so i can't even change it now!!! :( but when i restarted my computer again and open an IE, the homepage goes back to that targetsearch website.... but the buttons on the "internet options" homepage section is still disabled.. and its getting a lil annoying.. and i'm wondering if it is any kind of spyware at all.... :S

 

here is my log from hackthis:

 

Logfile of HijackThis v1.97.7

Scan saved at 下午 11:27:12, on 2004/6/6

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

D:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINDOWS\wanmpsvc.exe

D:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\svahost.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

D:\WinMX\WinMX.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Carmen\桌面\HijackThis.exe

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carmen\Application Data\Mozilla\Profiles\default\udqbz4v8.slt\prefs.js)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [tmwvvje] "C:\WINDOWS\System32\tmwvvje.exe"

O4 - HKLM\..\Run: [system Restores] C:\WINDOWS\svahost.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: com_securenetasia_p11wrapper2.dll

O4 - Startup: NTUSER.DAT

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Startup: SCLSk.bet_hongkongjockeyclub_com

O4 - Startup: tnsa.bet_hongkongjockeyclub_com.cfg

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029

O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB66A29B-F3D6-4E4A-8684-2E6C16BD49AA}: NameServer = 195.93.49.134

 

 

it'll be wonderful if you can help, thanks!

Share this post


Link to post
Share on other sites

o.. forgot to mention, i have been trying to see if there are any cures for it today.. and i've tried using spybot... and it didn't help one bit.... :weep:

Share this post


Link to post
Share on other sites

Please be patient. :)

 

There are tons of logs being posted each minute and not too many helpers to deal with them. An expert will soon be around to lend a helping hand.

 

Best,

R. :wave:

Share this post


Link to post
Share on other sites

Hi Yuna,

 

Well, off the bat you should fix these:

  • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  • O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  • O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
  • O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
  • O17 - HKLM\System\CCS\Services\Tcpip\..\{EB66A29B-F3D6-4E4A-8684-2E6C16BD49AA}: NameServer = 195.93.49.134

I am quite sure I missed alot. Though, I only had enough time to look over it slightly. I hope this helps a bit.

 

 

Also, please consider using one or everyone of these fine products:

  • Ad-Aware Personal
  • Spybot S&D
  • SpywareGaurd
  • SpywareBlaster
  • Bazooka Spyware Scanner

Edited by [Red]

Share this post


Link to post
Share on other sites

hi red! thx for that! the buttons aren't disabled anymore! :cool: but the home page is still that targentsearch site, and the 3 links on the fav still there after reboot.. here's my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 下午 04:15:09, on 2004/6/9

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

D:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\svahost.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

D:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

C:\Documents and Settings\Carmen\桌面\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carmen\Application Data\Mozilla\Profiles\default\udqbz4v8.slt\prefs.js)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [tmwvvje] "C:\WINDOWS\System32\tmwvvje.exe"

O4 - HKLM\..\Run: [system Restores] C:\WINDOWS\svahost.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: com_securenetasia_p11wrapper2.dll

O4 - Startup: NTUSER.DAT

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Startup: SCLSk.bet_hongkongjockeyclub_com

O4 - Startup: tnsa.bet_hongkongjockeyclub_com.cfg

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029

O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB66A29B-F3D6-4E4A-8684-2E6C16BD49AA}: NameServer = 195.93.50.134

 

 

 

the last line (the O17 one) is one of the lines you told me to delete, and it came up again.. is this suppose to happen???

 

thanks for the help! :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0