Hi, I installed SpywareBlaster due to some porn nasties that hijacked my address bar. This and upgrading to IE6 latest version and deleting hkey_current_user\software\microsoft\internetexplorer\toolbar with regedit seems to have fixed all problems. However I noticed when I go to tools in Blaster, there is some nasty urls in my browser page list. Is there a way of deleting them. I used the change option to change them to friendly urls. But if I go to one of those "friendly" sites, the nasty url appears as an alias in history. I guess changing the browser urls to something invalid which I won't use will stop it appearing in history, but would prefer to remove it off possible. Thanks Steve
Hi Steve, You probably have a browser hijack that needs to be repaired in other ways then just trying to over write those URLs. Posting a log from the program HijackThis will give the people here a chance to help you repiar these problems completely. Go to http://www.tomcoyote.org/hjt and download "HijackThis!". Unzip it. Run the HijackThis.exe file and press the [Scan] button... When the scan is finished, the [Scan] button will change into a [Save Log] button. Press that, save the log somewhere and paste the contents into a post here for us to look at. Note that much of what will be listed there is correct and should not be fixed. So, just post the output here and let's see if the people here can help identify the problem.
Hi, It seems that typed urls are still being hijacked to porn sites. Here is the scan from hijack this. ps. adaware scan came back clean. Logfile of HijackThis v1.96.0 Scan saved at 6:58:58 PM, on 6/08/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Real\RealPlayer\realplay.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\hh.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\DOCUME~1\dad\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = a R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://vrape.hardloved.com/top/search.php?id=2&s= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = a R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.members.optusnet.com.au/sdag1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = a R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = a R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = a R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = a R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 0;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = a R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\dad\LOCALS~1\Temp\mslhig.dll O2 - BHO: AdIteFiltr - {3FF41DB4-33EA-4D77-9D24-180754FF76F2} - C:\PROGRAM FILES\ADIEFILTR\ADIEFLTR.DLL O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - C:\WINDOWS\BPBOH.DLL O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM32\NZDD.DLL O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Exif Initializer Ver.1.0] C:\Program Files\FUJIFILM\Exif Initializer Ver.1.0\EXIFINIT.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Atomica... - file:C:\PROGRA~1\ATOMICA\ATOMIC~1\Html\griemenu.htm O8 - Extra context menu item: IE_Speakster - C:\Windows\IE_Speakster.htm O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm O9 - Extra 'Tools' menuitem: AdIeFiltr Options (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: SurfSaver (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O13 - DefaultPrefix: http://vrape.hardloved.com/top/search.php?id=2&s= O13 - WWW Prefix: http://vrape.hardloved.com/top/search.php?id=2&s= O16 - DPF: Win32 Classes - O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {5A3C6507-730A-43B2-8EAC-4C430F2EF35E} (PortfolioManager Class) - https://portfoliomanager.westpac.com.au/portfoliomanager/portfoliomanager.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://66.28.45.60/FreeMP3_v2.0.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37788.9113310185 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B29E62-33E5-48CC-A4D8-78FD66BAC1BC}: NameServer = 198.142.0.51 203.2.75.132 thanks Steve
Hi dags, Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = a R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://vrape.hardloved.com/top/search.php?id=2&s= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = a R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = a R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = a R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = a R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = a R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\dad\LOCALS~1\Temp\mslhig.dll O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - C:\WINDOWS\BPBOH.DLL O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - (no file) O13 - DefaultPrefix: http://vrape.hardloved.com/top/search.php?id=2&s= O13 - WWW Prefix: http://vrape.hardloved.com/top/search.php?id=2&s= O16 - DPF: Win32 Classes - O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://66.28.45.60/FreeMP3_v2.0.exe Reboot after doing so, and make a new log to see if everything I listed is really gone. Do you use this program: http://www.utils32.com/adiefiltr.asp ? Just for my curiosity. Regards, Pieter
Thanks Pieter, That worked beautifully. Typed url's now going where they should. I also noticed in that report 8 lines of code that end in "= a". I actually changed all the nasty urls that appeared in the Spyblaster browser page list to just "a". Do you think I should remove those as well? Re Adielfiltr, It's installed, but I've never really set it up properly. Do you recomend using it or removing.
It's best to have HijackThis repair them. The unnecessary ones will be removed and the others will get reset to blank or default. I'm not sure about AdIeFilter. I just asked because I had never seen this one before: O2 - BHO: AdIteFiltr - {3FF41DB4-33EA-4D77-9D24-180754FF76F2} - C:\PROGRAM FILES\ADIEFILTR\ADIEFLTR.DLL Never heard anything good or bad about it, so if you like it, keep it and if you don't, uninstall it. If you choose to uninstall check with HijackThis if the abovementioned entry disappears or gets set to (no file). It should disappear if the uninstall is any good, but you never know. Regards, Pieter
Hi, since this problem, I've started getting browser shutdowns with "urlmon.dll" exception errors. Not sure if this is related to the hijacking, my upgrade to IE6 SP1 or something else again. I've tried restoring to previous IE version I tried this fix I found mentioned somewhere "regsvr32 urlmon.dll", but the problem is still happening. Any ideas, or should I raise this as a new question in a different forum. Maybe, I'll just start using netscape Thanks Steve
Hi dags! I am not an expert but here's some info that might help. DLL File: urlmon or urlmon.dll DLL Name: OLE32 Extensions for Win32 Description: Contains functions used by Microsoft OLE (Object Linking and Embedding) System DLL: Yes Common Errors: File Not Found, Missing File, Exception Errors Note: Many of these problems are caused by uninstalling an app which used this dll. If the DLL is missing, download it to your windows system folder from: http://www.dll-files.com/ Best of luck to you from Larry
Hi dags, Also have a look at this site: http://www.theeldergeek.com/repair_reinstall_ie_and_oe_6.htm Regards, Pieter