Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Internet Explorer Home Page redirected

Posted on 2004-08-20
2
202 Views
Last Modified: 2013-12-04
Greetings experts of the computer world,

I have found my internet explorer being hijacked and I can't remember how to solve this problem.

It is being directed to this page: res://C:\WINDOWS\system32\eahxs.dll/index.html#96676

Help please....


John
Portland OR
 
0
Comment
Question by:eslerjjj
2 Comments
 

Author Comment

by:eslerjjj
ID: 11857842
If it is any help I ran HIJACK THIS.  See log below.

Thanks in advance,

John
Portland OR

Logfile of HijackThis v1.97.7
Scan saved at 10:48:12 PM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mfcbo32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\system32\iecf.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\John Esler\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
O2 - BHO: (no name) - {131BF8BB-81BA-2059-36D4-F6347DFAFF17} - C:\WINDOWS\system32\sdkgc.dll
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mfcbo32.exe] C:\WINDOWS\mfcbo32.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0A1FBD-61A1-4A76-B12A-2237B8327776}: NameServer = 205.188.146.146

0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 11858336
ok so First Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then TURN OFF ur System Restore and then fix the following entries !!!!!!

========================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\eahxs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eahxs.dll/sp.html#96676
O2 - BHO: (no name) - {131BF8BB-81BA-2059-36D4-F6347DFAFF17} - C:\WINDOWS\system32\sdkgc.dll
O4 - HKLM\..\Run: [mfcbo32.exe] C:\WINDOWS\mfcbo32.exe
======================================================================

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe.

U can Also check this site for getting rid of res://  hijakcer >> http://www.pchell.com/support/onlythebest.shtml
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question