problem with I.E.

  mikeyboy32 15:51 16 Jan 2005

I've just deleted some spyware from my pc with ad-aware.but every time i open I.E. it redirects to a diff site.
what can i do to stop this?

  Diemmess 16:32 16 Jan 2005

Almost certainly there is spyware or malware of some sort still there.

More detail please, like what else have you run beside Ad-aware and any clue like which site is it that actually connects when you try for I.E.?

  mikeyboy32 17:54 16 Jan 2005

it comes up with a webiste that just says 'search for...' in right hand corner and screen has a menu with differenct searches on it.
then a pop up comes on screen saying 'your pc is infected with spyware, please click here to remove.'
i've not clicked on this as i'm not sure if it will put something else unwanted on my hard drive.
what can i do about this?

  mikeyboy32 17:57 16 Jan 2005

by the way, i've run ad-aware, spybot,cwshredder and a virus checker called stinger.

  stalion 18:02 16 Jan 2005

looks like you will have to post a hijack this log.Do not post more than 800 words in one post so you will probably have to split it also please double space between lines.After posting you will need to wait for help.
click here

  Diemmess 18:21 16 Jan 2005

You seem to have tried very hard.

Suggest you download click here
........Run it, and take a look at the result.

At this point, save the logfile and you can do any of three things....

1) (This is for those who know what they are doing)- Look for weird lines, check their parentage with Google and note those that are rogue files. When you have been through the list run HijackThis again and tick the boxes that have the naughty files in them and fix them!

2) Post the Logfile here, hoping that Mark2 or Nellie2 will review it for you. They are amazingly helpful and clever, but you are dependant on their generous help.............. If you do this, it is wise to post the logfile in 2 postings otherwise you may run up against the 800 word limit. Also please make sure that you edit in a one line space between each line on the logfile, so that it separates them for easier reading.

3) There are sites on the web where you can have similar help in interpreting the Logfile and you could post your details there. Mark and Nellie come to the aid of the distressed on at least one there as well!

  mikeyboy32 18:23 16 Jan 2005

i've saved the hijack log but how do i cut and paste this as a message on this site?

  stalion 18:43 16 Jan 2005

have a look at the post further down this page called "hijack homepage" and follow Vog instructions for hijack this log

  Diemmess 18:44 16 Jan 2005

Open in notepad.... Hightlight half the file....... > edit > Copy.... then select a New response - Title it For Mark2 or Nellie2, and in the normal message part Edit > Paste that copy.

Send that post.

Now go back to the logfile and copy the last half and a second posting (labled 2 if you like) paste the second bit and post as before.

  mikeyboy32 19:38 17 Jan 2005

Logfile of HijackThis v1.99.0
Scan saved at 18:58:59, on 16/01/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = click here
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = click here
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by 08002go Internet
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\CopernicFind.dll
O2 - BHO: (no name) - {90FDA321-67C5-11D9-8E21-FF6811

  mikeyboy32 19:39 17 Jan 2005

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c9 -w
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Net Protected v2.20 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\MY DOCUMENTS\TEMP2\NP220 (file missing)
O9 - Extra 'Tools' menuitem: Net Protected v2.20 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\MY DOCUMENTS\TEMP2\NP220 (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE (file missing)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE (file missing)
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm
O12 - Plugin for .bpt: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - click here
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\ST2VA3UN\explorer30[1].cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!click here
O18 - Filter: text/plain - {97D0204C-67D3-11D9-8E21-A133CAE8EBC6} - C:\WINDOWS\SYSTEM\FBHJLC.DLL
O18 - Filter: text/html - {97D0204C-67D3-11D9-8E21-A133CAE8EBC6} - C:\WINDOWS\SYSTEM\FBHJLC.DLL

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Turn a photo into 16-bit pixel art

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?