Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ahem, tiny problem


  • Please log in to reply

#1
sdhaliwal

sdhaliwal

    Member

  • Member
  • PipPip
  • 26 posts
Hello again

I restored my computer because it crashed and yeah, it's running a bit better but as always something has to go wrong. This time, I cannot just type in www.whatever.com and go to a site, I have to type in the whole http:// and that's a bit annoying, i mean, I can live with it. If its something easily fixable, then can you help me if not, it's all good <_<

Thanks so much

mwwwwwwwwwuah
  • 0

Advertisements


#2
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
sdhaliwal

sdhaliwal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Logfile of HijackThis v1.98.2
Scan saved at 8:35:40 PM, on 8/27/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZERO KNOWLEDGE\TELUS SECURITY SERVICE\FREEDOM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DLLHLP.EXE
C:\PROGRAM FILES\EWARE\IWARE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\COMMON FILES\COMMAND SOFTWARE\DVPAPI9X.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com...e-finder.cc/hp/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TELUS Internet Service
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &i-Search.us - {8F5A62E2-71F2-72D3-E045-DDF234CAE228} - C:\WINDOWS\SYSTEM\ISEARCH2.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
O4 - HKLM\..\Run: [TELUS Security service] C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [MSSVC] "C:\WINDOWS\SYSTEM\svcsys.exe" 8192
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEeng.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.ultraload.net/msits.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8819d33c3794247
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.184.22/test.chm::/Eve.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsy...291092682557500
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab

Damnnnnnnnn there's so many search things on my computer... don't know how they sneek in even with anti virus ... grrr :D

but thanks for taking a loook <_<
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,489 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com...e-finder.cc/hp/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL
O3 - Toolbar: &i-Search.us - {8F5A62E2-71F2-72D3-E045-DDF234CAE228} - C:\WINDOWS\SYSTEM\ISEARCH2.DLL
O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [MSSVC] "C:\WINDOWS\SYSTEM\svcsys.exe" 8192
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEeng.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.ultraload.net/msits.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8819d33c3794247
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.184.22/test.chm::/Eve.exe

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\SYSTEM\ISEARCH2.DLL
C:\PROGRAM FILES\WINDUPDATES <- this folder
c:\windows\svchost.exe
c:\windows\dllhlp.exe
C:\WINDOWS\SYSTEM\svcsys.exe
C:\Program Files\Internet Explorer\IEeng.exe
C:\WINDOWS\MSXMIDI.EXE

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP