1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

internet web page wont go away

Discussion in 'All Other Software' started by xeno, Apr 18, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. xeno

    xeno Thread Starter

    Joined:
    Oct 17, 2002
    Messages:
    86
    hey my homepage keeps reseting to some search engine ive tried running ad-aware 6.0 several times but its still there how do i get rid of it?..and another thing what happened to the forum serch engine???
     
    xeno, Apr 18, 2004
    #1
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Download CWShredder:
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    Unzip, run and hit the ->fix tab to fix all found problems

    CWShredder takes advantage of seurity holes in windows so you should install all critical as well as hotfixes available from windows update.


    Then repost a fresh Hijack this log .

    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ and save it to a folder on your desktop.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
     
    mobo, Apr 18, 2004
    #2
  3. xeno

    xeno Thread Starter

    Joined:
    Oct 17, 2002
    Messages:
    86
    ok this is what i got


    Logfile of HijackThis v1.97.7
    Scan saved at 3:05:55 PM, on 4/19/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
    C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
    C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\CCHELPER.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: LINKFILMOPTION - {ADD57C98-A3A8-CBA1-0E6E-8394A2292C4B} - C:\PROGRAM FILES\LOVE BAGS\COAL README.DLL (file missing)
    O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020SEARCH2.DLL (file missing)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\POPUPUS.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\SYSTEM\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\VERSION.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYHOST.exe
    O4 - HKLM\..\Run: [LoadGolfCourses] C:\Program Files\Mini-Golf\LoadGolfCourses.exe
    O4 - HKLM\..\Run: [LimeShop] C:\Program Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
    O4 - Global Startup: stamp.dat
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37996.9018287037
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/119a36cc547c71749105/netzip/RdxIE601.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
    O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_04) -
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
     
    xeno, Apr 19, 2004
    #3
  4. wizzkid

    wizzkid

    Joined:
    Jan 7, 2003
    Messages:
    662
    Hi,

    The nasty in this case is:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html


    This can be sorted out by Hijackthis and here is a link for manual removal and some information on the critter. I recommend you wait....Do not remove anything, until some-one with more knowledge on this matter replies


    http://www.kephyr.com/spywarescanner/library/searchexe/index.phtml


    Wizzkid
     
    wizzkid, Apr 20, 2004
    #4
  5. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan and put a check next to each of these then close all browser windows and click "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\CCHELPER.DLL (file missing)

    O3 - Toolbar: LINKFILMOPTION - {ADD57C98-A3A8-CBA1-0E6E-8394A2292C4B} - C:\PROGRAM FILES\LOVE BAGS\COAL README.DLL (file missing)
    O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020SEARCH2.DLL (file missing)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\POPUPUS.DLL (file missing)

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\VERSION.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYHOST.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/119a36cc547c71749105/netzip/RdxIE601.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab

    then rebot into safe mode and delete:
    C:\PROGRAM FILES\LOVE BAGS
    C:\PROGRAM FILES\MYWAY
    C:\WINDOWS\2020SEARCH
    c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING
    C:\WINDOWS\SYSTEM\VERSION.exe
    C:\WINDOWS\SYSTEM\KEYHOST.exe
    C:\PROGRAM FILES\COMMON FILES\CMEII
    C:\Program Files\Common Files\GMT\GMT.exe

    then post a fresh log when complete.
     
    mobo, Apr 20, 2004
    #5

  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221759

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice