www.startsearches.net has taken over my IE - most of the time, I can't open web pages : every page goes to www.startsearches.net page.
I looked in the forums and saw that others had the same problems as I do - I read that I should first do some "standard" activities (CleanUp!, ad-aware, CWShredder, Spybot S&D, anti-virus, windows update) - they found ceratin things, I deleted the relevant files but I have the same problem !
Thanks in advance,
Dudu Agasi
p.s. - a week ago a experienced a very similar thing - www.quicksearch.com has taken over my IE but running McAfee solved it ! It doesn't slove the problem i have right now !
Log :
Logfile of HijackThis v1.99.1
Scan saved at 11:15:41 PM, on 5/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\soundman.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\windows\Twain_32\4100\HotKey.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
J:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
D:\MATLAB_6_5\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
d:\matlab_6_5\bin\win32\matlab.exe
J:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\windows\System32\shnlog.exe
C:\windows\System32\intmon.exe
C:\windows\popuper.exe
C:\windows\System32\intmonp.exe
C:\windows\System32\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Agasi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsear...earch.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsear...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R3 - URLSearchHook: (no name) - {A1B39585-C871-46F8-A4A9-AF186D545944} - (no file)
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\windows\System32\hpB160.tmp
O3 - Toolbar: (no name) - {A1B39585-C871-46F8-A4A9-AF186D545944} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\ragui.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Turbo Memory Charger] C:\Program Files\Turbo Memory Charger\TurboMemoryCharger.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wncjqdkn] C:\WINDOWS\wncjqdkn.exe
O4 - HKLM\..\Run: [pcx] C:\WINDOWS\pcx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [HotKey] C:\windows\Twain_32\4100\HotKey.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe ams491.dat,Execute
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Skype] "J:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {CA0D372A-2C02-40D6-AB21-930BC3A3DDB2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA0D372A-2C02-40D6-AB21-930BC3A3DDB2} - (no file) (HKCU)
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2469D195-2068-3D41-688B-11DD09749EFF} - http://216.118.71.185/1/rdgIL1828.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.../SISActiveX.cab
O16 - DPF: {37F59CC7-717C-4949-BA8F-6C70D6DA0651} (BlindChat Control) - http://www.blind-dat...p/BlindChat.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099043759709
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://cet.akt.co.il...aDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://irc.tapuz.co....ew/launcher.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co....e/Installer.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co....ew/launcher.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - http://shiran:2002/activex/RACtrl.cab
O20 - AppInit_DLLs: LMIinit.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB_6_5\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe" /service (file missing)