something has hijacked my home page

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PearlM

Thread Starter
Joined
Dec 28, 2002
Messages
19
I use IE v.6 and something has hijacked my home page. I see that other people have had the same problem, so I ran HijackThis. The following is my log. I would appreciate it if someone would tell me what to delete.

Logfile of HijackThis v1.97.2
Scan saved at 8:45:21 AM, on 9/13/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINPUP32.EXE
C:\WINDOWS\APPLICATION DATA\CHHKFCKO.EXE
C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TEMP\FAK80F6.TMP
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://A6547.wabu.com/passthrough/index.html?http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {3ce85035-2ba7-4f60-8b35-a84746314337} - C:\WINDOWS\APPLICATION DATA\PCRZWOOEG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
O3 - Toolbar: hieouwchckx - {ff303cee-8bfe-494f-9a78-0d24c28c00f4} - C:\WINDOWS\APPLICATION DATA\PCRZWOOEG.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TaskPlus] C:\PROGRAM FILES\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [win32app] C:\WINDOWS\System\winpup32.exe
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\Program Files\SafeSurfing\SSUpdate.exe
O4 - HKLM\..\Run: [oaooecr] C:\WINDOWS\APPLIC~1\chhkfcko.exe -QuieT
O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bffihcb] "C:\WINDOWS\SYSTEM\BFFIHCB.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\SYSTEM\aupdate.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab
O16 - DPF: {7C21AFD6-758E-4011-8204-6405AB90D5C7} (nsBrowserConfig Class 2) - https://www.marketscore.com/globalconfig/nsconfig.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://bobvila.view22.com/view22/View22RTE.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1041310444920
O16 - DPF: {E473E9ED-DA16-11D2-BE81-00C0F014D22D} (Virtue3D Player) - http://www.virtue3d.com/roomdesigner/player/VRenderX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...ata/bhg/category/data/coloraroom_bedroom1.xml
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/database/actimage30530.cab
O16 - DPF: {B69F2A98-E470-11D3-AFA3-525400DB7692} (Actimage Pattern Control) - http://ib.armstrong.com/ib/database/actimage30717.cab
 
Joined
Nov 10, 2002
Messages
1,344
Scan with HijackThis, put a checkmark at and "Fix checked" the following entries. Close all windows except HijackThis before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://A6547.wabu.com/passthrough/i...://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {3ce85035-2ba7-4f60-8b35-a84746314337} - C:\WINDOWS\APPLICATION DATA\PCRZWOOEG.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: hieouwchckx - {ff303cee-8bfe-494f-9a78-0d24c28c00f4} - C:\WINDOWS\APPLICATION DATA\PCRZWOOEG.DLL
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [win32app] C:\WINDOWS\System\winpup32.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\Program Files\SafeSurfing\SSUpdate.exe
O4 - HKLM\..\Run: [oaooecr] C:\WINDOWS\APPLIC~1\chhkfcko.exe -QuieT
O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
O4 - HKLM\..\Run: [bffihcb] "C:\WINDOWS\SYSTEM\BFFIHCB.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\SYSTEM\aupdate.exe
O16 - DPF: {7C21AFD6-758E-4011-8204-6405AB90D5C7} (nsBrowserConfig Class 2) - https://www.marketscore.com/globalconfig/nsconfig.cab

Restart your computer.

Download Spybot S&D. Update SS&D via the "Online" tab. Search for and download all updates. Close all windows except SS&D, hit "Check for problems". After scan hit "Fix selected problems".
 

PearlM

Thread Starter
Joined
Dec 28, 2002
Messages
19
Thanks, it worked beautifully. I'm about to download spybot S&D to complete your instructions. Again, thanks much!
 

PearlM

Thread Starter
Joined
Dec 28, 2002
Messages
19
I ran Spybot and it found a potload of stuff, which I quickly got rid of. Thanks, again!!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top