General SecurityPost any general questions related to security, viruses or spyware here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
HI THERE, Even after I use SpyBot, Ad-Aware, Hi-jack this etc, I'm still having my home page hi-jacked. Can someone tell me please, how to stop this. Also, can you tell me the quickest way to post a logfile here, which I'm sure you'll be asking for.
Many Thnaks..
GPS. is this the logfile?...
Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0FC099C1-D4D6-11D8-AAD8-5254431985A1}
CoolWebSearch Object recognized!
Type : File
Data : hphla.dll
Object : c:\windows\system\
FileSize : 30 KB
Created on : 13/07/04 13:08:16
Last accessed : 14/07/04 23:00:00
Last modified : 13/07/04 13:08:18
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0FC099C2-D4D6-11D8-AAD8-5254B3CB1BD6}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FC099C2-D4D6-11D8-AAD8-5254B3CB1BD6}
Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 15
Objects found so far: 16
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@counter7.sextracker[1].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@paycounter[1].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 06:55:19
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 06:55:20
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@sexlist[2].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:24:43
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:24:44
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@counter2.sextracker[1].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@sextracker[2].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@hg1.hitbox[1].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:33:21
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:33:22
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@hitbox[2].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:33:21
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:33:22
Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@xxxcounter[1].txt
Object : C:\WINDOWS\Cookies\
Created on : 15/07/04 07:34:53
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:34:54
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Didn't find the information you thought to find? Check out these Similar Threads
HijackThis fixes nothing unless instructed to - best you don't either without advice from here
First download the latest version 1.98 through Quicklinks in my signature and save it to a folder on your HD.
Run the exe file and hit the Scan button. When the scan has finished the Scan button changes to Save log. Hit this and a Save dialogue box opens defaulting (in XP at least) to My Documents. Accept the default name for the log - or change it if you like and save. The log opens in Notepad. Edit > Select all, copy and paste into a post here.
Hi Pete, thanks for such a swift reply, as usual.
Here is the logfile you asked me to paste:-
Logfile of HijackThis v1.98.0
Scan saved at 13:06:27, on 15/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Try cwsredder first
Fist Download, then close all open windows and run CWShredder 1.59.1 http://www.net-integration.net/tools...tml#cwshredder <<from there
Click Fix, don't just scan. You have several CoolWebSearch components which it should remove.
If you already have it, just download another copy and overwrite the old one..To ensure its the latest version. currently its ver 1.59.1 as of 6/28/2004
Then restart the PC
come back then scan and repost another Hijackthis Log
