searchingtheweb.com

Discussion in 'privacy problems' started by brendan49, Oct 27, 2003.

Thread Status:
Not open for further replies.
  1. brendan49

    brendan49 Registered Member

    Joined:
    Oct 27, 2003
    Posts:
    2
    hello
    i recently discovered spyware blaster while searching for a solution to a problem that showed up one day: the top bar of internet explorer says the title of the page i am on plus "www.searchingtheweb.com". now sometimes when i type in an address it instead sends me to www.searchingtheweb.com. i ran spyware blaster to see if it could stop this problem. under tools/ browser pages, it listed many pages that included searchingtheweb.com as part of the address. i changed them all to www.google.com to see if that would change anything. maybe a mistake? but anyway, it still says www.searchingtheweb.com on the top of all pages. any advice on how to fix this, or on what the tools/ browser pages allows you to do? thanks very much
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi brendan49,

    Could you post your HijackThis log
    Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. brendan49

    brendan49 Registered Member

    Joined:
    Oct 27, 2003
    Posts:
    2
    Logfile of HijackThis v1.97.3
    Scan saved at 4:21:18 PM, on 10/27/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\TABLET.EXE
    C:\WINDOWS\SYSTEM\SVCINIT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\MK9805.EXE
    C:\PQSC\PROGRAM\CPCTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\WINDOWS\SYSTEM\MSREXE.EXE
    C:\WINDOWS\SYSTEM\PRINTRAY.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SPYWAREBLASTER\SPYWAREBLASTER.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/accounts/manageaccount.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL
    O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CHotKey] mk9805.exe
    O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
    O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O15 - Trusted Zone: *.pluginaccess.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi brendan49,

    Before I forget again: welcome at Wilders. :)

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web: www.searchingtheweb.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.searchingtheweb.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\MADISE.DLL
    O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL

    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE

    O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe

    O15 - Trusted Zone: *.pluginaccess.com

    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -

    Then reboot and delete:
    C:\WINDOWS\svcinit.exe
    C:\WINDOWS\SYSTEM\MSREXE.EXE

    Then download Ad-Aware at lavasoft.usa.com
    After installing AAW, and before running the program, update by using the Globe icon.
    Shut down and restart Ad-Aware.
    Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives.
    It will find a number of "bad" files and registry keys. Click 'Next' again.
    Rightclick in that pane and choose "select all" and click 'next'.
    It will ask you whether you'd like to remove all checked items. Click OK.
    Finally, close Ad-Aware, and reboot.

    Check for further details on MSREXE.EXE:
    http://vil.nai.com/vil/content/v_99793.htm

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.