Solved

Internet Explorer Home Page redirected

Posted on 2004-08-20
2
203 Views
Last Modified: 2013-12-04
Greetings experts of the computer world,

I have found my internet explorer being hijacked and I can't remember how to solve this problem.

It is being directed to this page: res://C:\WINDOWS\system32\eahxs.dll/index.html#96676

Help please....


John
Portland OR
 
0
Comment
Question by:eslerjjj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:eslerjjj
ID: 11857842
If it is any help I ran HIJACK THIS.  See log below.

Thanks in advance,

John
Portland OR

Logfile of HijackThis v1.97.7
Scan saved at 10:48:12 PM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mfcbo32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\system32\iecf.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\John Esler\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
O2 - BHO: (no name) - {131BF8BB-81BA-2059-36D4-F6347DFAFF17} - C:\WINDOWS\system32\sdkgc.dll
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mfcbo32.exe] C:\WINDOWS\mfcbo32.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0A1FBD-61A1-4A76-B12A-2237B8327776}: NameServer = 205.188.146.146

0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 11858336
ok so First Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then TURN OFF ur System Restore and then fix the following entries !!!!!!

========================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
O2 - BHO: (no name) - {131BF8BB-81BA-2059-36D4-F6347DFAFF17} - C:\WINDOWS\system32\sdkgc.dll
O4 - HKLM\..\Run: [mfcbo32.exe] C:\WINDOWS\mfcbo32.exe
======================================================================

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe.

U can Also check this site for getting rid of res://  hijakcer >> http://www.pchell.com/support/onlythebest.shtml
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question