Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

home page hijacked


  • This topic is locked This topic is locked

#1
suzy7

suzy7

    New Member

  • Member
  • Pip
  • 2 posts
hi can any one help me , my home page keep changing to http:// searchforinfo/browser and I can't change it back in my internet options, also I am receiving loads of pop ups and certain sites are attaching themselves to my favoritites.

I have download aboutbuster, CWShredder , D-Aware and Spybot S&D and run them. But I have not solved the problems.

I would be grateful for any help

Logfile of HijackThis v1.99.1
Scan saved at 12:28:25 PM, on 7/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\KODAK DIGITAL SCIENCE\PICTURE EASY SOFTWARE\PROGRAM\PEZDOWNLOAD.EXE
C:\PROGRAM FILES\USB PRODUCT DRIVER V2.12R012\SHWICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\ICASSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA9.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.Alcoa.com;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Picture Easy Download] C:\Program Files\Kodak Digital Science\Picture Easy Software\Program\PezDownload.exe
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t"Justrams\USB Product Driver v2.12r012"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\SYSTEM\ICASSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office (2).lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O21 - SSODL: JkrkL - {2655180B-8CFF-B2A1-556F-CF065CC08ED7} - C:\WINDOWS\SYSTEM\DVL.DLL

Attached Files


  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
suzy7

suzy7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you . I solved the problem. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP