rdodson4
asked on
Default Home page now: http://any-find.com/index.htm
Some pesky (PAIN IN THE #%&$@*) spyware or something has changed my home page to: http://any-find.com/index.htm................I have done several GOOGLE searches looking for ways to remove this bug. BUT, it keeps coming back. It seems that my McAfee virus scan will not see it. Spybot dose not see it either. Does someone have an idea of how to remove this THING, short of doing a reformat?
Logfile of HijackThis v1.98.2
Scan saved at 2:11:54 PM, on 11/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuaucl t.exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\PROGRA~1\mcafee.com\age nt\mcagent .exe
C:\Program Files\Startup Mechanic\StartupMonitor.ex e
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winl gn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\Hij ackThis.ex e
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://any-find.com/index.htm
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://any-find.com/index.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Provided by Teleport.cc
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.ex e
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\McUpdat e.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: winlgn.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-0 0104BD12D9 4} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1 C3FF18524C 9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{F 4647A57-7F E0-41C9-BF E3-022DF87 9E999}: NameServer = 209.244.0.3 209.244.0.4
Thanks. Richard
Logfile of HijackThis v1.98.2
Scan saved at 2:11:54 PM, on 11/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
c:\PROGRA~1\mcafee.com\vso
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuaucl
C:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\mcafee.com\age
C:\Program Files\Startup Mechanic\StartupMonitor.ex
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\progra~1\mcafee.com\vso
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winl
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\Hij
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.ex
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: winlgn.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-0
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1
O17 - HKLM\System\CCS\Services\T
Thanks. Richard
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, now that I read the other comments, zeropoint also mention that paticular file.... Opps
ASKER
THANKS, a combination of the Answers seem to have Fixed the problem.
1: Turn off System Restore 2: Use Task Manager to stop The file winlgn.exe
3: use http://www.hijackthis.de/index.php?langselect=english to select files to fix. 4: Reboot.
THANKS TO ALL.
1: Turn off System Restore 2: Use Task Manager to stop The file winlgn.exe
3: use http://www.hijackthis.de/index.php?langselect=english to select files to fix. 4: Reboot.
THANKS TO ALL.
ASKER