View Full Version : searchingtheweb.com
brendan49
October 27th, 2003, 04:16 PM
hello
i recently discovered spyware blaster while searching for a solution to a problem that showed up one day: the top bar of internet explorer says the title of the page i am on plus "www.searchingtheweb.com". now sometimes when i type in an address it instead sends me to www.searchingtheweb.com. i ran spyware blaster to see if it could stop this problem. under tools/ browser pages, it listed many pages that included searchingtheweb.com as part of the address. i changed them all to www.google.com to see if that would change anything. maybe a mistake? but anyway, it still says www.searchingtheweb.com on the top of all pages. any advice on how to fix this, or on what the tools/ browser pages allows you to do? thanks very much
Pieter_Arntz
October 27th, 2003, 04:19 PM
Hi brendan49,
Could you post your HijackThis log (http://www.tomcoyote.org/hjt/)
Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
Don´t fix anything yet. Most of what it finds is harmless.
Regards,
Pieter
brendan49
October 27th, 2003, 04:23 PM
Logfile of HijackThis v1.97.3
Scan saved at 4:21:18 PM, on 10/27/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\SVCINIT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\PQSC\PROGRAM\CPCTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SPYWAREBLASTER.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/accounts/manageaccount.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.pluginaccess.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
Pieter_Arntz
October 27th, 2003, 04:48 PM
Hi brendan49,
Before I forget again: welcome at Wilders. :)
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe
O15 - Trusted Zone: *.pluginaccess.com
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
Then reboot and delete:
C:\WINDOWS\svcinit.exe
C:\WINDOWS\SYSTEM\MSREXE.EXE
Then download Ad-Aware at lavasoft.usa.com (http://www.lavasoftusa.com/software/adaware)
After installing AAW, and before running the program, update by using the Globe icon.
Shut down and restart Ad-Aware.
Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Rightclick in that pane and choose "select all" and click 'next'.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.
Check for further details on MSREXE.EXE:
http://vil.nai.com/vil/content/v_99793.htm
Regards,
Pieter
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums