Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Zy web search has taken over my home page on my browser

Posted on 2004-08-20
13
Medium Priority
?
463 Views
Last Modified: 2006-11-17
I have run spy subtract pro and still am unable to get rid of the Zy search on my browser.  Here is the hijack this log:

Logfile of HijackThis v1.98.0
Scan saved at 4:42:57 PM, on 8/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PMLDRV.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
F1 - win.ini: run=hpfsched
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [NoAdware] "C:\PROGRAM FILES\NOADWARE\NOADWARE.EXE" /s
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604e0af321ebb700/netzip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)

0
Comment
Question by:MD0852
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
13 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11855902
Hello MD0852 =)

Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then Fix the follwoing entreis in Hijackthis !!!!!

========================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604e0af321ebb700/netzip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)
========================================================

Then reboot ur system in Safemode, and runt he above tools to delete everything they detect !!!!
then goto C:\Windows\System32 and delete the file explorer32.exe
then empty C:\Windows\Temp folder, and delete Temporary Internet Files, Cookies and History of IE !!!!

Reboot back in Normal Mode and check for the problem now ??

!! GOOD LUCK !!
0
 

Author Comment

by:MD0852
ID: 11857183
We followed all of your steps and were unable to find explorer 32.exe or any temp folder.  This is now our current hikack this registry:

Scan saved at 8:50:50 PM, on 8/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PMLDRV.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\NTAPI32D.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
F1 - win.ini: run=hpfsched
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [NoAdware] "C:\PROGRAM FILES\NOADWARE\NOADWARE.EXE" /s
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll

PLEASE HELP!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11858363
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
===========================================

fix these entries again !!!!
did u try running Stinger or ur personal AntiVirus software, it seeems ur system is infected with some kind of virus :-?
0
New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

 

Author Comment

by:MD0852
ID: 11864906
Fixed the entires several times with no luck.  Spysweeper keeps appearing stating it detected a new program Win32Explorer. Every time I remove it, it reappears. I've tried to locate the explorer32.exe file but have not been able to. Any Ideas?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11864956
hmmmmmmmm that's a tricky one :-?

u are fixing these entries in Normal Mode if im not mistaken..... if true, then boot into safemode, and then fix these entires !!!!!!

reboot back in Normal Mode and before connecting to Internet, performa Repair on IE !!!!!

How to Repair Internet Explorer 6 Using the Repair Tool
http://support.earthlink.net/mu/1/psc/img/walkthroughs/windows_9x_nt/browsers/ie_6.0/8458.psc.html

reboot again and now check for the problem now ??
0
 

Author Comment

by:MD0852
ID: 11898532
Still no luck on removing it.  The spy sweeper repeatedly asks to remove "win32explorer".  I remove it but it keeps coming back.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11898596
hmmmmmmmmm that's a tricky one =|

ok so when u download and runt his tool >> http://www.winpatrol.com/winpatrol.html
does it come up as clean or not..... ??
0
 

Author Comment

by:MD0852
ID: 11937880
No Luck...The win32explorer keeps returning.
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 11938002
here is a BHO with IE >> O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL

that's unknown..... so this time among those line sin hijakcthis,,,,, Fix this line also..... means these ones.....
=======================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
===========================================

but fix them in safmeode..... then reboot in normal mode to check for the problem ??

explorer32.exe basically related to W32.Kwbot.Worm..... but this worm doesnt name it as "Win32 Explorer".... it names it as "Windows Explorer Update Build 1142"

So im not thinking of that worm here..... :-\
0
 

Author Comment

by:MD0852
ID: 11985999
You had the right thought ! I have my browser home page back ! Thank you for all your help! :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11986019
Great news =)

so as the problem is solved for u,,,,, u can close this question, As u can see an Accept button infront of each comment which u got,,,, u have to hit the button for the comment which solved ur problem, and then assign a grade according to the quality of help u received :)

for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
Thanx :)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question