1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

getting rid of search.findwhatevernow.com homepage

Discussion in 'Web & Email' started by owholmes3, Sep 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. owholmes3

    owholmes3 Thread Starter

    Joined:
    Jul 8, 2002
    Messages:
    13
    Does anyone know how I can get rid of the "search.findwhatevernow.com homepage"? I have been hijacked and I cannot get rid of this homepage. Further, everytime I put msn.com or google.com or any other mainstream URL in the address bar, my browser reverts to I get an error message and the browser will revert to "search.findwhatevernow.com" whenever I click on more information about this error.

    Any ideas about this browser hijacker?

    Thanks a ton!

    owholmes3 (y)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run these tools in the following order with nothing else running in
    background:

    1. CWShredder (fix all found)

    2. Ad-Aware (fix all found)

    3. Spybot (RTFM but generally fix everything in red)

    Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each and every use, even "right out of the box". But even they can't catch
    everything, 24/7.
    When all else fails, HijackThis
    http://www.majorgeeks.com/download3155.html is the preferred
    tool to use. It will help you to both identify and remove any
    hijackware/spyware.
    Run a Hijack This scan and post your log in this thread. Someone will look at it and let you know what things need to be fixed. :)
     
  3. dm_sous

    dm_sous

    Joined:
    Oct 21, 2004
    Messages:
    1
    Does anyone know how I can get rid of the "search.findwhatevernow.com homepage"? I have been hijacked and I cannot get rid of this homepage. Further, everytime I put msn.com or google.com or any other mainstream URL in the address bar, my browser reverts to I get an error message and the browser will revert to "search.findwhatevernow.com" whenever I click on more information about this error.

    attached below ismy log file....

    *****************************
    Logfile of HijackThis v1.98.2
    Scan saved at 2:03:30 PM, on 10/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    c:\bacula\bin\bacula-fd.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\OfficeScan NT\pccntupd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Stuff\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: C:\WINDOWS\lbbho.dll - {12A99005-4CA7-454F-A492-E2B1B89F1ED8} - C:\WINDOWS\lbbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Bacula] "c:\bacula\bin\bacula-fd.exe" /servicehelper
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Netvision Cable Connect.url
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...compaq.com/html/interactive/nx5000/model.html
    O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://telsysrv/officescan/clientinstall/setupini.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://telsysrv/officescan/clientinstall/setup.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03af4897647e70611105/netzip/RdxIE601_fr.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://telsysrv/officescan/clientinstall/RemoveCtrl.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{10E8084C-9D47-4C4A-9C5A-47357159830D}: NameServer = 209.47.15.118,64.157.143.38,194.90.93.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{10E8084C-9D47-4C4A-9C5A-47357159830D}: NameServer = 209.47.15.118,64.157.143.38,194.90.93.5

    Could you please tell me what to remove ,
    I am using HijackThis.exe tool.

    I will apprichiate your help.

    [email protected]
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Start a new thread and post your Scanlog in the Security forum. I would split and move it there, but you'd probably miss it.
     
  5. robdagg

    robdagg

    Joined:
    Jan 13, 2005
    Messages:
    1
    If you connect through a LAN then this hijack changes your DNS server ip addresses to point to its own servers so that when you search for popular pages e.g. google.com or msn/microsoft it redirect you to its ******* replica msn site...

    Best solution,

    Run cwshredder.exe, adware, then spybot. Then BEFORE opening any browsers, change back your DNS settings to original. Otherwise youll be redirected back, and have to start again...

    Hope this helps.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269564

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice