IE Browser Issue

[Bob]

My IE is somehow having it's home page dynamically being
changed! I can plug whatever home page I want and it will
change either by the time I exit IE or when I exit IE.
Sometimes a porn website is placed in the home page, this
usually happens when I've logged off the machine and back
on again. Also, shortcuts are placed on my desktop when I
exit IE. Anyone have any ideas? I'm running WIN2000 on a
DELL Demension.
Now I can not let my kids use the PC for fear of what they
may see!
Whatever information anyone can provide will be greatly
appreciated.
You can reply directly to my personal e-mail.
Thanks,
Bob

 

[rick]

Your browser's been hijacked. Do a search for SPY BOT
(Search and Destroy) and install this free program. This
will eliminate those little nasties that have settled deep
inside your registry. Also, AD AWARE, similar to Spy Bot,
is another free program that's handy to have and install.
rick

 

[Guest]

Thanks Rick. I'll try it.
Bob

-----Original Message-----
Your browser's been hijacked. Do a search for SPY BOT
(Search and Destroy) and install this free program. This
will eliminate those little nasties that have settled deep
inside your registry. Also, AD AWARE, similar to Spy Bot,
is another free program that's handy to have and install.
rick


.

 

[BobI]

Well I've tried SpyBot and Ad Aware. They did find some
things that I cleaned up. But, I'm still having the
probelm with a porn site coming up as my home page after
I re-boot the system. The short-cuts did go away.
Anything else I can try?
Wife is upset!
Thanks,
Bob

 

[war17]

3. Some porn websites redirects links to their websites using your HOSTS
file. Do a search for the HOSTS (without extension) file and remove the
entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

 

[BobI]

Thanks Warren. I'll try it tonight.
Bob

-----Original Message-----
3. Some porn websites redirects links to their websites using your HOSTS
file. Do a search for the HOSTS (without extension) file and remove the
entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

--
Warren
For additional help, post in
http://groups.msn.com/HelpforInternetExplorerorWindowsME/ homepage




.

 

[BobI]

Warren,
Not quite sure how to put the HijackThis.log out here, so
I'll just cut and paste. Hope that does not make this too
difficult to read. I appreciate whatever help you can give
me.
The Log:
Logfile of HijackThis v1.97.7
Scan saved at 8:07:24 PM, on 2/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\PhotoPC 600\Image
Expert\IXApplet.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpoevm08.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Bin\hpoSTS08.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\MISC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL =
http://www.quiksearchgenealogy.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.quiksearchgenealogy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.quiksearchgenealogy.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.quiksearchgenealogy.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchURL =
http://www.quiksearchgenealogy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.quiksearchgenealogy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.quiksearchgenealogy.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
res://mshp.dll/index.html#11139
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.quiksearchgenealogy.com/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.2020search.com/search/9884/search.html
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = http://www.quiksearchgenealogy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = http://www.quiksearchgenealogy.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page_bak = http://www.quiksearchgenealogy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page_bak = http://www.quiksearchgenealogy.com/
O2 - BHO: (no name) - {17DA0C9E-4A27-4AC5-BB75-
5D24B8CDB972} - (no file)
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-
E79D4EC6F806} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-
5D24B8CDB972} - C:\DOCUME~1\bob\APPLIC~1\MICROS~1
\Office\Excel10.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-
4759FF704C22} - C:\Documents and Settings\bob\Application
Data\winpt\msiesh.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-
6B829A8A27CB} - C:\Program Files\McAfee\McAfee
VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program
Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32
\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program
Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Security Assistant]
C:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp
Killer\popupkiller.EXE
O4 - HKLM\..\RunServices: [Windows Security Assistant]
C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run:
[McAfee.InstantUpdate.Monitor] "C:\Program
Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Windows Security Assistant]
C:\WINNT\system32\rundll32.vbe
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra
Imaging\PhotoPC 600\Image Expert\IXApplet.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: winlogon.bak
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
swdir.cab
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI
DicomDir TreeView Control 2.0) -
file://D:\CDVIEWER\CdViewer.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37736.5184490741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?307
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
(McFreeScan Class) - http://download.mcafee.com/molbin/iss-
loc/vso/en-us/tools/mcfscan/1,5,0,4317/mcfscan.cab