Search not working right...
:sad: i cant search anymore by just typing in something in the address bar at the top, i used to be able to type something such as "dogs" (with out the quotation marks) then press enter and it would take me to the MSN page of results. now i cant do that and when i try to search through YAHOO or any other site, once i fill in what i want to search for, then hit enter, it says things like... The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
help me!!! im going insane!!!
also google seems to work but you cant scroll all the way down the pages displaying the search reults, or even when you click on a search result, you cant scroll all the way down the webpage you clicked on either?!?!?!
im so confused, i downloaded some patch from the msn page when i read this (which comes up when you type in just www.google.com )
"A message from Server Admin: Some people have reported arriving at our error page after typing in or clicking a link to a major search engine. After extensive research into the issue we have found that one of our server I.P. addresses has been targeted by a virus which you may have on your computer called "QHosts". This virus was made several months before we were allocated the server I.P. addresses we have now, and therefore we have no control over it (much to our dismay as it causes disruption to our servers on a regular basis, however it is gradually diminishing.) The Microsoft cumulative patch for this vulnerability is available here."
when you click on the link to google it has at the bottom of this page, it takes you to http://justtemplates.com/google.html
im so confused!!!!!!!
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
also, some wierd blue and red screen (looks like the DOS screen format with the block lettering and all) comes up every once and a while telling me i have a trojan virus... my AVG virus checker told me i have it as well telling me it was a trojan horse downloader c:\_restore\temp\a0000736.cpy vb.dq in my c:\_restore\temp\a0000722.cpy and c:\_restore\temp\a0000735.cpy but that has just started coming up and now the virus checker has not found any lately.... but when it did find those, it said it couldnt heal them...
this is seperate from my searching problem i think, because it just started, and my searching problem has been going on for almost 5 months, i have been trying to fix it forever!!!!!!!!!
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
First of all you need to flush your system restore to get rid of the virus. Switch off system restore (Note that a new one will be created from here on & you will lose all previous restore points) & Go here for an on-line scan & set it to autoclean for you.
Next we need to do a few things before switching restore back on.
Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Download HijackThis from here & unzip it into it's own, permanent folder, (not a temporary folder & not on the desktop). Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is harmless & even necessary to the running of your system.
crunchie
Most Valuable Poster
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
ok how do i switch off system restore? i remember trying to use it to go back to an earlier date when that trojan horse download red and blue screen first popped up... but it wouldnt go back it said i could only restore it to one day before or something... i just dont know how to switch it off...? sorry, im usually good about fixing computer problems but this is just beyond me... ive been trying for over 6 months with the search problem
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
im doing the auto clean online scan thing right now... and some files are coming up "non cleanable" what do i do about them?!?!
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
Just navigate to their location & delete them. Then follow the instructions from my first post. If anything is left over it should be picked up by hijackthis.
crunchie
Most Valuable Poster
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
how do i Select 'activate in-depth scan' before starting scan... i dont see where it is
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
i got it nevermind... im scanning now... thanks for putting up with all my little questions!!! ill let you know how it works!?!???
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
:o took me a whole day ( I had school and work) but i did get it all!!!!! here is the hijack this part...
Logfile of HijackThis v1.97.7
Scan saved at 4:45:50 AM, on 4/29/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\MSYSTEMM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38039.3870833333
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
now i definitely need to know what to do from here... if you have time... thanks SOOOO much!!
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\MSYSTEMM.exe< this one.
Reboot normally.
Disable system restore following the instructions given here & then set a new restore point. Note that all previous restore points will be lost.
Go & have another online scan & report back the results plz.
crunchie
Most Valuable Poster
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
i cant find this one on the list
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
also at the end, should i enable system restore? its already disabled i think from the beginning...
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
i cant find this one on the list
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
>>>>>>O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe<<<<<
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Its right there in the middle of the last few 04's
You should not reactivate you system restore untill you get rid of all baddies !:)
caperjack
I hate 20 Questions
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
yeah... thats the text copy i pasted into this... its not on the actual hijack this thing for me to check off... im confused...
sorry im not smart with this kinda stuff... i need help!!!:cry:
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE
this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.
caperjack
I hate 20 Questions
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
did i do it right this time? i saved it to a file in C called HJT... but it never told me to unzip anything... but the folder icon did have a zipper on it but when i clicked on the hijack this icon it just opened up
Logfile of HijackThis v1.97.7
Scan saved at 8:31:01 PM, on 4/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\AIM\AIM95_C0\AIM.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\WINMX\WINMX.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSWP.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKGDCACH.EXE
C:\WINDOWS\SYSTEM\SPP32M.EXE
C:\WINDOWS\TEMP\TD_0004.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38039.3870833333
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE
this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
there is a line called O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe right under the line called O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
BUT no line called O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
i just tried searching for something on yahoo... and it worked!!! i didnt fix anything through hijack this yet though... also when i type in www.google.com ... it doesnt come up that stupid just templates thing before it like it used to... it came up normally!!!!!!
should i still fix things through hijack this?!?!
im so happy thank you so much... to everyone who left me instructions...
i just need to know about the hijack this part... thanks again!!!!!!
fitchfrog19
Junior Poster in Training
63 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
You are still running hijackthis out of a temporary folder. Create a new folder on your desktop & call it whatever you like, (HJT) go to hijackthis.exe & drag it into the folder you just created. Then run hijackthis from there & do the following:
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\SPP32M.exe< this one
Reboot normally after doing the above then post a fresh log plz.
crunchie
Most Valuable Poster
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
