| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56127 | 2005-03-28 02:22:00 | Help, my internet has been taken over! | milkit (7724) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 338686 | 2005-03-28 02:22:00 | I am having a problem with my internet. Something has taken it over, and it wont let me look at the internet. Basically what happens is when I try to go onto google, another page comes up advertising pharmacy stuff. It wont let me look at any pages whatsoever. I have tried to reset my homepage, and it just resets it automatically to a blank page. I have run ad-aware and also run the free AVG virus scanner. I had a couple things on my computer and erased them. I also ran these programs with system restore off, just to make sure they were not hiding in there. I know it must be some kind of a virus or something, but AVG does not find anything. Can anyone help me please? I am running Windows ME if that matters. I am also using Internet Explorer. |
milkit (7724) | ||
| 338687 | 2005-03-28 02:27:00 | Welcome to PressF1, have you try using Spybot S & D? (http://www.safer-networking.org) Cheers :) | Renmoo (66) | ||
| 338688 | 2005-03-28 02:42:00 | Go to the FAQs (on the blue toolbar at the top) and have a look at the one about "homepage hijacking" and while you're at the ones about spyware/malware/adware and security. They are excellent. |
mark c (247) | ||
| 338689 | 2005-03-28 03:49:00 | I have tried using Spybot and it removed some stuff but did not solve the problem. I have looked at the FAQ and am now on the step where you have to type in MSCONFIG in the run program, however I do not know what is bad or what is good. I am lucky that I havea second computer to post from or I would not be able to get on the internet at all with this problem. Does anyone have any other solutions, the FAQ is not helping. |
milkit (7724) | ||
| 338690 | 2005-03-28 03:55:00 | Try Hijackthis and makesure adaware and spybot are up to date also i find that scaning in safe mode (hold down F8 at start up) can help |
sambaird (47) | ||
| 338691 | 2005-03-28 04:03:00 | I just tried the CWShredder program and it said that what is causing the problem is "coolwebsearch." When I ran Shredder it did not solve the problem though. It says the file is something like CWS.Smartsearch.2. Does anyone have any idea what I can do to remove this, can I just delete a file or something? Thanks again, this is frustrating. | milkit (7724) | ||
| 338692 | 2005-03-28 04:03:00 | Get this www.merijn.org From here www.spywareinfo.com Make a folder called HJT, on your hdd, unzip this file into it. Run this file, do a scan and post the log here. Sounds like something may have changed the hosts file. Or download this dl.filekicker.com From here www.simplysup.com Make sure it is updated, do a scan. Altho if the other PC cant get on the net, or theyre not networked, it maybe a bit hard putting this file on the PC that has probs. Also (if u can get this file on the other pc), do the above, and use the 3rd and 4th option under the utitlities menu. |
Speedy Gonzales (78) | ||
| 338693 | 2005-03-28 04:11:00 | Not sure what I am supposed to post, I think it is this though? Logfile of HijackThis v1.99.1 Scan saved at 9:02:52 PM, on 27/03/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\POWERSTRIP\PSTRIP.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE C:\WINDOWS\STISVSQ.EXE C:\WINDOWS\SVSHOST.EXE C:\WINDOWS\MSQDEVL.EXE C:\WINDOWS\LSSAS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\IAU.EXE C:\WINDOWS\MSERVICE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://127.0.0.1:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HOTBAR\BIN\4.5.0.0\WEATHERONTRAY.EXE O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\HOTBAR\BIN\450~1.0\SBInst.exe O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKLM\..\Run: [Games Acceleration] svshost.exe O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKCU\..\Run: [Games Acceleration] svshost.exe O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - www5.incredimail.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - www.ravantivirus.com |
milkit (7724) | ||
| 338694 | 2005-03-28 04:22:00 | You SHOULD have replied to your other post that has the prob, so this and the other one are together. And posted this log into it. |
Speedy Gonzales (78) | ||
| 338695 | 2005-03-28 04:25:00 | Help him Speedy, I can't stand the suspense anymore! | zqwerty (97) | ||
| 1 2 | |||||