1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

msn is no longer my main search engine

Discussion in 'Web & Email' started by guyrowles, Feb 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    when i first started using IE and i typed something in the address bar it automatically sent me to an msn search engine but now it sends me to some odd search engine that i dont want
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi guyrowles

    If you post your startup list we may be able to spot something

    Please post your startup list by doing the following :-

    Please go here and download startuplist 1.51 :-

    http://www.lurkhere.com/~nicefiles/

    Download to any folder or your desktop
    Unzip the zipfile
    Double click the exe file
    go to Edit - select all - copy - and paste the results in a new post here

    steam
     
  3. 0tbyn8r

    0tbyn8r

    Joined:
    Feb 14, 2003
    Messages:
    40
    Hi guyrowles

    Perhaps you've caught a case of browser hijacking. Go to internet options and check the address in the address field. If it's anything other than what you want either select 'use default' or otherwise enter the url for your favourite search engine.
    Out of interest, what search engine has it defaulted to?
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Well it sure looks like a browser hijack, as that's exactly what guyrowles is indicating.

    The best tool here would probably be Hijack This. It will allow you to view what search and start pages have been hijacked, and to what urls.

    It will also allow you to restore the defaults, and to remove startup entries, ActiveX objects and Browser plugins that may be involved.

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.

    Someone here will be happy to help you interpret the results.

    NOTE: A small help file for HijackThis is located at http://tomcoyote.org/hjt
     
  5. Deke40

    Deke40

    Joined:
    Jun 27, 2002
    Messages:
    6,095
    After you use SW's instructions you might want to go here Search\Customize\AutoSearch Settings(Bottom left of window) and see what you have there.
     
  6. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    thanks for all the quick replys

    i'll start with steamwiz first

    when you say start up list do you mean the programs that start up when i turn on the computer and load up windows. i have got deselected all the programs i dont want in msconfig so that i am left with

    ScamRegistry
    TaskMonitor
    SystemTray
    LoadPowerProfile
    SYSRUN32.DLL
    msn messenger


    i hope this helps you


    0tbyn8r

    the address in the address field is http://www.msn.co.uk/


    TonyKlein

    iwill down load that program in a minute


    Deke

    when i click customize it opens up a search page but with no address bar so i dont know what it is


    i hope this will help you to help me
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    SYSRUN32.DLL is no Windows file, and smacks of a virus or trojan.

    We'll be able to tell you more once you post the Hijack This log.
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    BTW, items you uncheck in Msconfig won't show in your Hijack This log, so if you RE-check them afterwards, possible nasties will once again load as Windows starts...
     
  9. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    TonyKlein

    i downloaded that "Hijack This" program, unzipped and it wont work

    i get a message saying that MSVBVM60.DLL is not present or something

    hope you can help
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No big thing.

    Download the MS visual basic 6.0 runtime files

    Just doubleclick after downloading, and let it install.

    You'll be able to run Hijack This after that.
     
  11. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    HI guyrowles

    The startup list would tell a lot about what "nasties" you may have running on your computer - you would need to download the program - run it and post the results for us to help you.

    As it looks like your browser has been hijacked - I would then have asked you to run "hijackthis" as Tony has asked you to do.

    steam
     
  12. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    here is the hijack this log

    Logfile of HijackThis v1.91.2
    Scan saved at 17:13:03, on 17/02/03
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.00 (5.00.2014.0200)

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.terafinder.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.terafinder.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
    O1 - Hosts: 193.125.201.50 msn.com
    O1 - Hosts: 193.125.201.50 search.msn.com
    O1 - Hosts: 193.125.201.46 thehun.net
    O1 - Hosts: 193.125.201.46 www.thehun.net
    O1 - Hosts: 193.125.201.46 thehun.com
    O1 - Hosts: 193.125.201.46 www.thehun.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Freeserve (HKCU)
    O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.net/
    O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerStub.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://217.145.76.6/PT/UK/AFFPP/InstantPleasure_500078.cab
     
  13. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Is your problem that Google.com is now your default Search engine?

    Personally, I wouldn't complain, as it's the best!

    However, if you insist on restoring the defauilt Search page, I'd go to Internet Options > Programs, and press "Reset WEb Settings.

    Cheers,
     
  14. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    here is the start up list

    StartupList report, 17/02/03, 17:27:35
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
    Detected: Windows 98 Gold (Win9x 4.10.1998)
    Detected: Internet Explorer v5.00 (5.00.2014.0200)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
    mode con codepage select=850
    keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys

    --------------------------------------------------


    Enumerating Download Program Files:

    [{4248083C-9656-11D2-8B7F-00105A17847A}]
    CODEBASE = http://downloads.mplayer.com/MplayerStub.exe

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{D53B810F-6219-11D4-95B6-0040950375E7}]
    CODEBASE = http://217.145.76.6/PT/UK/AFFPP/InstantPleasure_500078.cab

    --------------------------------------------------
    End of report, 2,923 bytes
    Report generated in 0.231 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  15. guyrowles

    guyrowles Thread Starter

    Joined:
    Feb 16, 2003
    Messages:
    7
    it says that it's google but its not

    i think it is www.terafinder.com

    will reset web settings do enything else like clear favourites
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/119172

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice