MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: IE homepage keeps resetting
June 26, 2019, 11:15:49 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 26, 2019, 11:15:49 PM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: IE homepage keeps resetting  (Read 1430 times)
laneyboy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« on: August 20, 2004, 10:36:41 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:windows 2000 pro
Problem Application Name & Version:homepage keeps resetting
Problem Hardware Make & Model:
Error Messages:



my homepage keeps resetting to search-internet.net. I have ran all the spyware programs and only Hijack This will detect this beast. I run Hijack This and remove the problem and then as soon as I open up IE it starts all over again.Logfile of HijackThis v1.97.7
Scan saved at 3:55:15 PM, on 8/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\WINNT\winadm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-internet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-internet.net
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [winadm] C:\WINNT\winadm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38206.7256481481

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: August 20, 2004, 11:30:37 PM »

Ok I am seeing a variant of cool web search.Please download and run the following program

CWSHREDDER

http://www.majorgeeks.com/download4086.html

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

Then restart your computer.

IMPORTANT! To help prevent this from happening again, you should install all the Microsoft security patches and critical updates.
Then download the newest version of HJT from http://www.tomcoyote.org/hjt/

Make sure you unzip hijack this to its own folder such as C:\Program files as this is where the backups will be created.Run Hijack this but do NOT fix anything.Click save log and a log will open in notepad.


Then post new log.
« Last Edit: August 20, 2004, 11:34:10 PM by jvic » Logged

John Vickers
laneyboy
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: August 21, 2004, 05:12:44 PM »

I did as you requested jvic, thanks.Logfile of HijackThis v1.98.2
Scan saved at 12:12:58 PM, on 8/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\WINNT\winadm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-internet.net
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [winadm] C:\WINNT\winadm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: August 21, 2004, 06:46:32 PM »

HI Laneyboy, can you do me a favor, you have an entry in your log
that looks legit
O4 - HKCU\..\Run: [winadm] C:\WINNT\winadm.exe
Connected to "Parent's friend", but I think it may be the culprit, unless you remember installing it

Set Windows to Show Hidden Files and Folders
Navigate to this file
C:\WINNT\winadm.exe <--this file

Right click on it----properties---version
Do you know what it is related too?
Could you submit it to Kapersky's for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply use the Browse button to navigate to the file
Right click on it-----Select---Submit

Let me know if you can find it, if you can't find it follow these instructions, or if it is found bad

RESTART your computer into Safe Mode

Enter your task manager (Ctrl--Alt--Del)
End process on this if still running
C:\WINNT\winadm.exe

Navigate to the file winadm.exe--if found bad from Kapersky's delete it----if your unsure could you rename it
winadm.exe>>>winadm.old

In safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-internet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-internet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-internet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-internet.net
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O4 - HKCU\..\Run: [winadm] C:\WINNT\winadm.exe

RESTART your computer
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

I see you have SpywareGuard installed, if it gets in the way of changing your home page, you may have to disable it for now

Spybot is updated to version 1.3, if that's what your running could
you SEARCH FOR UPDATES---check for problems----Fix everything in RED
RESTART your computer if bad guys are found
I'm not sure if you uninstalled it or not
I seen this in your first log, but not the second, are you removing unnecessary entries?
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Another great Spyware Remover is the free version
of Ad-Aware
After installation-CHECK FOR UPDATES
Run a Full System Scan--Fix all critical objects
Again-Restart if bad guys found

Post back with a fresh hijackthis log
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 10, 2018, 03:30:22 PM