Help me fix my internet explorer

Reply

Join Date: Sep 2004
Posts: 1
Reputation: ask0500 is an unknown quantity at this point 
Solved Threads: 0
ask0500 ask0500 is offline Offline
Newbie Poster

Help me fix my internet explorer

 
0
  #1
Sep 29th, 2004
Hi,
my internet explorer - when i open it - previously it used to go to a search page ( because of adware) and then go to my homepage. After that today i ran spy sweeper to sweep off the adware and..after that i guess it removed teh link from adware to homepage..so now whenever i open a page..it goes to nothing
i deleted explorer, and got a new IE6 pack but not working..i downloaded Hijack This . Here are my scan results. Could anybody help me in figuring out whats wrong with my explorer?


Logfile of HijackThis v1.97.7
Scan saved at 11:13:19 AM, on 9/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\ngsrv.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\WINDOWS\System32\KsdkCORE.exe
C:\WINDOWS\PASSCFG16.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Ayalasomayajula\Desktop\shiva\ftp\HijackThis.exe
C:\WINDOWS\regedit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.begin2search.com/googlesidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tnstate.edu
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.begin2search.com/googlesidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.tnstate.edu
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no

file)
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - (no

file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program

files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} -

C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: (no name) - {6F8E442E-9245-0EE1-D755-16550FA92A34} - (no file)
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -

C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} -

C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} -

C:\Documents and Settings\Ayalasomayajula\Local Settings\Temp\t.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -

C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107}

- C:\WINDOWS\SYSTEM32\winb2s32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog

Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active

Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [MSN service] KsdkCORE.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\PASSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\PASSCFG16.EXE
O4 - HKLM\..\Run: [Microsoft DNS Query] msdns.exe
O4 - HKLM\..\RunServices: [MSN service] KsdkCORE.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program

Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tnstate.edu
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller

Control) - http://www.35mb.com/applet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet)

- http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Tnstate.edu
O17 - HKLM\Software\..\Telephony: DomainName = Tnstate.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Tnstate.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Tnstate.edu
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: Help me fix my internet explorer

 
0
  #2
Sep 29th, 2004
Hi! First off, if you haven't done so already, scan with Adaware and Spybot (reboot between each), and let them fix what they find. Also, you need to update hijackthis to version 1.98.2. After scanning and rebooting with Adaware and Spybot, scan again with the newer hijackthis and post a fresh log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Help me fix my internet explorer

 
0
  #3
Sep 30th, 2004
You need to go to Windows Update and get all the critical updates, that may help prevent some of the stuff you are getting (you don't even have SP1 yet).

Also, you are running HJT from your desktop, it should be put in it's own folder (like c:\hjt\hijackthis.exe). You can then put a shortcut to it on your desktop for easy access if you like.

One more thing, before scanning with HJT, close all open browser windows.

You can get the latest version of HJT from here:
http://www.softpedia.com/progDownlo...nload-5034.html

Another thing that will help prevent intrusions is SpywareBlaster, you can get it from here:
http://www.javacoolsoftware.com/
Update it right after you get it, then have it enable all protection.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 3438 | Replies: 2
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware alert analysis anti-malware anti-virussitesaccessissue antivirus attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cracking cybercrime ddos dialler dumbass education email encryption europe exam exploit explorer fake fancheckvirus firefox gaming google hacking halloween herss.exe hijack hjt hosting hosts ie8 internet links malware mcafee messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch pc police policeprovirusmba-mblockedinternetaccess president pro redirect report research rogueantivirus rootkit rsa samhain sans search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista war warning windows worm wscntfy.exe yahoo zero-day zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2010 DaniWeb® LLC