| View Question |
|
|
 | ||
|
| Subject:
hijacked Internet Explorer home page
Category: Computers > Software Asked by: harlequin3-ga List Price: $5.00 |
Posted:
19 Jun 2004 14:09 PDT
Expires: 19 Jul 2004 14:09 PDT Question ID: 363446 |
I?m running Windows XP professional and IE 6.0.28. I have a DSL
connection to the internet. My internal explorer has been hijacked! I
assume this occurred while I was surfing the net and Norton antivirus
detected a virus which I deleted as they recommended. Unfortunately
now my home page on Internet Explorer has been reset to;
res://grrmr.dll/index.html#23999 . I normally use google as my home
page. Now I cannot get it back as my home page. I can access google
manually however.
When accessing Internet Explorer the bad address mentioned above
automatically reappears even though I have deleted it from the ?you
can change what page you use as your home page? box and replaced it
with google. I have found the ?grrmr.dll? file listed as an
application extension in the System 32 folder. I tried deleting this
to the recycle bin but the problem persists. I have also run Norton
antivirus, Spybot, and Adaware without success. Attempting to reset
the home page under the ?general? tab of Internet Options doesn?t work
as I mentioned above. Neither does the ?reset web settings? under the
?programs? option under Internet Options. Clicking the ?restore
default? button in the Internet Options site merely again restores the
unwanted address as the default home page. Please help me get rid of
the bad file and be able to reset my home page to what I wish. |
| ||
|
| Subject:
Re: hijacked Internet Explorer home page
Answered By: aceresearcher-ga on 24 Jun 2004 13:30 PDT Rated:  |
reetings, harlequin! Your computer has been taken over by "Homesearch Assistant" a new variant of the CoolWebSearch adware / spyware. Start up AdAware. In the bottom right-hand corner, it should say "AdAware 6.0 Personal, Build 6.181". Up above, under "Initialization Status", it should say "Reference file 01R324 22.06.2004 loaded". If your settings for either of these do not match, click "Check for updates now". Once the update has completed, if one or both of these still doesn't match the settings I listed, you may need to uninstall AdAware, and then download and install the latest version from http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button Once that's installed, be sure to click "Check for updates now" to get the latest reference files. Once you have the latest Build and Reference file, try running AdAware again and remove the recommended items. Then, start up Spybot Search & Destroy. Pull down the "Help" menu and select "About". You should see Spybot Search & Destroy 1.3 Latest detection update: 2004-06-23. If your settings for either of these do not match, click the "Update" icon menu on the left-hand side of the screen, and then click on "Search for Updates" near the top of the page. You'll need to exit Spybot and restart it to check the "About" information page. If this doesn't work, you may need to uninstall Spybot, and then download and install the latest version from http://www.safer-networking.org/index.php?page=mirrors Once you have the latest Version and Detection Update, try running Spybot again and remove the recommended items. *** IMPORTANT *** Each time you run Spybot and/or AdAware, be sure to download the latest updates first! ***************** Then, open up your Norton Anti-Virus dialog box and select "LiveUpdate" in the upper left-hand corner to download any needed additions to the program and its virus definitions. If NAV wants you to restart your system, let it do so. Then, from the NAV dialog box, click "Full System Scan" and "Scan Now". Then, download and run HijackThis! http://www.spychecker.com/program/hijackthis.html Once the Scan is completed, click "Save log", and copy and paste here a copy of your HijackThis! scan log. Something to keep in mind is that even if these programs give your system a "clean bill of health", it does *not* mean that you can be absolutely sure that your system is clean. It is only a *reasonable assurance* that it is clean. Please let me know whether these steps resolve your problem, or whether you need more assistance. Before Rating my Answer, if you have any Questions about the above information, please post a Request for Clarification, and I will be glad to see what I can do for you. Regards, aceresearcher |
| harlequin3-ga
rated this answer:
|
| ||
|
| Subject:
Re: hijacked Internet Explorer home page
From: justanaveragenewbie-ga on 23 Jun 2004 22:53 PDT |
Two programs which I would recommend you try are HijackThis (Most likely to solve your problem, difficult to use) and CWShredder.(Automated like Spybot, probably won't pick up your problem though) |
| Subject:
Re: hijacked Internet Explorer home page
From: casey001-ga on 11 Jul 2004 08:13 PDT |
i too am having this problem. Here is what hijackthis's scan log looks like when I ran it: Logfile of HijackThis v1.97.7 Scan saved at 10:08:06 AM, on 7/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Documents and Settings\casey wilson\My Documents\Winamp\winampa.exe C:\Program Files\McAfee.com\MPS\mscifapp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\sysupd.exe C:\Documents and Settings\casey wilson\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O4 "usb1" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [EPSON Stylus Photo RX500 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P33 "EPSON Stylus Photo RX500 (Copy 1)" /O6 "USB001" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\casey wilson\My Documents\Winamp\winampa.exe O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.2705439815 |
| Subject:
Re: hijacked Internet Explorer home page
From: casey001-ga on 11 Jul 2004 08:55 PDT |
i ran the spybot and adware and hijackthis program, and rebooted, but am still getting the same webpage to pop up that I'm trying to get rid of. very very frustrating. and I've got sites added to my favorites everytime too |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |