Link to home
Start Free TrialLog in
Avatar of MD0852
MD0852

asked on

Zy web search has taken over my home page on my browser

I have run spy subtract pro and still am unable to get rid of the Zy search on my browser.  Here is the hijack this log:

Logfile of HijackThis v1.98.0
Scan saved at 4:42:57 PM, on 8/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PMLDRV.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
F1 - win.ini: run=hpfsched
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [NoAdware] "C:\PROGRAM FILES\NOADWARE\NOADWARE.EXE" /s
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604e0af321ebb700/netzip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
Hello MD0852 =)

Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then Fix the follwoing entreis in Hijackthis !!!!!

========================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604e0af321ebb700/netzip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)
========================================================

Then reboot ur system in Safemode, and runt he above tools to delete everything they detect !!!!
then goto C:\Windows\System32 and delete the file explorer32.exe
then empty C:\Windows\Temp folder, and delete Temporary Internet Files, Cookies and History of IE !!!!

Reboot back in Normal Mode and check for the problem now ??

!! GOOD LUCK !!
Avatar of MD0852
MD0852

ASKER

We followed all of your steps and were unable to find explorer 32.exe or any temp folder.  This is now our current hikack this registry:

Scan saved at 8:50:50 PM, on 8/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PMLDRV.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
F1 - win.ini: run=hpfsched
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [NoAdware] "C:\PROGRAM FILES\NOADWARE\NOADWARE.EXE" /s
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll

PLEASE HELP!
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
===========================================

fix these entries again !!!!
did u try running Stinger or ur personal AntiVirus software, it seeems ur system is infected with some kind of virus :-?
Avatar of MD0852
MD0852

ASKER

Fixed the entires several times with no luck.  Spysweeper keeps appearing stating it detected a new program Win32Explorer. Every time I remove it, it reappears. I've tried to locate the explorer32.exe file but have not been able to. Any Ideas?
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
hmmmmmmmm that's a tricky one :-?

u are fixing these entries in Normal Mode if im not mistaken..... if true, then boot into safemode, and then fix these entires !!!!!!

reboot back in Normal Mode and before connecting to Internet, performa Repair on IE !!!!!

How to Repair Internet Explorer 6 Using the Repair Tool
http://support.earthlink.net/mu/1/psc/img/walkthroughs/windows_9x_nt/browsers/ie_6.0/8458.psc.html

reboot again and now check for the problem now ??
Avatar of MD0852
MD0852

ASKER

Still no luck on removing it.  The spy sweeper repeatedly asks to remove "win32explorer".  I remove it but it keeps coming back.
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
hmmmmmmmmm that's a tricky one =|

ok so when u download and runt his tool >> http://www.winpatrol.com/winpatrol.html
does it come up as clean or not..... ??
Avatar of MD0852
MD0852

ASKER

No Luck...The win32explorer keeps returning.
ASKER CERTIFIED SOLUTION
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MD0852
MD0852

ASKER

You had the right thought ! I have my browser home page back ! Thank you for all your help! :)
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
Great news =)

so as the problem is solved for u,,,,, u can close this question, As u can see an Accept button infront of each comment which u got,,,, u have to hit the button for the comment which solved ur problem, and then assign a grade according to the quality of help u received :)

for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
Thanx :)