hello i recently discovered spyware blaster while searching for a solution to a problem that showed up one day: the top bar of internet explorer says the title of the page i am on plus "www.searchingtheweb.com". now sometimes when i type in an address it instead sends me to www.searchingtheweb.com. i ran spyware blaster to see if it could stop this problem. under tools/ browser pages, it listed many pages that included searchingtheweb.com as part of the address. i changed them all to www.google.com to see if that would change anything. maybe a mistake? but anyway, it still says www.searchingtheweb.com on the top of all pages. any advice on how to fix this, or on what the tools/ browser pages allows you to do? thanks very much
Hi brendan49, Could you post your HijackThis log Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post. Don´t fix anything yet. Most of what it finds is harmless. Regards, Pieter
Logfile of HijackThis v1.97.3 Scan saved at 4:21:18 PM, on 10/27/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\TABLET.EXE C:\WINDOWS\SYSTEM\SVCINIT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\MK9805.EXE C:\PQSC\PROGRAM\CPCTRAY.EXE C:\WINDOWS\ptsnoop.exe C:\WINDOWS\STARTER.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE C:\WINDOWS\SYSTEM\MSREXE.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SPYWAREBLASTER\SPYWAREBLASTER.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/accounts/manageaccount.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/ F1 - win.ini: run=C:\WINDOWS\svcinit.exe O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.ExE O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CHotKey] mk9805.exe O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Startup: PowerReg SchedulerV2.exe O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O15 - Trusted Zone: *.pluginaccess.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
Hi brendan49, Before I forget again: welcome at Wilders. Check the following items in HijackThis. Close all windows except HijackThis and click Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/ F1 - win.ini: run=C:\WINDOWS\svcinit.exe O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe O15 - Trusted Zone: *.pluginaccess.com O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) - Then reboot and delete: C:\WINDOWS\svcinit.exe C:\WINDOWS\SYSTEM\MSREXE.EXE Then download Ad-Aware at lavasoft.usa.com After installing AAW, and before running the program, update by using the Globe icon. Shut down and restart Ad-Aware. Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives. It will find a number of "bad" files and registry keys. Click 'Next' again. Rightclick in that pane and choose "select all" and click 'next'. It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and reboot. Check for further details on MSREXE.EXE: http://vil.nai.com/vil/content/v_99793.htm Regards, Pieter