Wrong Home Page is loading...

Recently every time i launch Internet Exporer the website http://global-finder.com/101/ comes up. I go to the Tools->Internet Options and type in http://my.yahoo.com/ as my default home page then hit the apply button and then hit the home icon on the tool bar just to verify that it has been reset. My problem is, every time I launch IE, it reverts back to the default webpage that I don't want. What is happening? Has some website planted some program on my computer to set their site as my homepage? When I look at what page is listed as my homepage it is blank, and goes to this site I don't want to use.

Any help would be greatly appreciated.

Thanks.

If it matters, my OS is Windows ME.

 

Here they are in my signiture
Once installed withing each program is an option to update
Very inportant
They are free -- just someday in the future contribute
Lonny

 

Whoops is see these two programs may not target the latest
the global-finder. hijack

You could get them anyway clean the systen of of badware
it make's the next part much much easyer then
restart the PC
spywareinfo has a tool Called hijackthis download it run it hit scan the scan button turns into a save log so save log and DO NOT FIX ANYTHING
as most are needed , and post the log here or at spywareinfo
Do you have a zip utility ?
hijackthisDownload: http://www.spywareinfo.com/~merijn/files/hijackthis.zip
here is an instrutional page PS dont post the startup list unless asked just the hijack.log
HijackThis Quick Start: http://www.tomcoyote.org/hjt/
Lonny

 

Here is my log...

Please advise me...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\msinfo.exe
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\PROGRAM FILES\FLT\FLT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe "
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Beautiful (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
O16 - DPF: DigiChat Applet - http://host6.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37721.3652662037
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://c.centralmedia.ws/MemoryMeter.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.movie-browser.com/tl4000.dll
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp

 

Hello

Before we even get started ,,Tell Us you did run spybot and scaned and cleaned up everything marked in red right ?
If not do so and restart the PC
and where is the top most portion of the log ?

looks like you need to run the cool web search removal tool to
Please , so post your log again afterwards thanks


"O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp "
did you set up a style sheet ?


here a link to the tool called CoolWebShredder.
http://www.spywareinfo.com/~merijn/
Lonny

 

Hello dude,

Looking at your log, all the "search" entries probably can go, but to verify that, you can go to forums that will analyze the entries.

Ad-Aware added a HijackThis forum here http://www.lavasoftsupport.com/index.php?showforum=44

Spywareinfo also will do so http://www.spywareinfo.com/yabbse/

HijackThis's removals can be backed up and restored, so be sure to set that option.

If you want to do this on your own, then my advice would be to remove the search entries a little at a time.

Regards - Charles

 

I don't think you allowed Spybot to remove anything, nor did you allow it to run at next boot, as you have Gator installed on your system, and that is one thing I know for certain it would have removed.
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe]
Then you have Ezula, more spyware, you got this by installing iMesh or KaZaa, it was in the EULA [End User License Agreement] if you read all the way through when installing. Get KazaaLite.
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
You also have Flashtrack, more adware with a Symnatec (Norton AV) page on it.
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\PROGRAM FILES\FLT\FLT.DLL
Some other spyware installed by Grokster. You're just a regular file sharer, aren't you? And now you are reaping the "benefits ".
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe "
Homepage Hikjacker here.
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe

Look here so you can see for yourself what else you have starting up you may not want, such as Support.Com.

 

Well we cant do anything till this person posts the topmost part of the log period it would be pure speculation

I dont know much about the coolweb search hijacker except it
does redirect to global-finder.com and tons of other places
when misspelled google serching it redirects and that it
mourphs itself to avoid detection,, meanung it hard to get rid of
and uses a stlyesheet(sometimes)

Best to have anyone with it go to
SpywareInfo Support Forums Spyware : http://forums.spywareinfo.com/

========================================
Another thought or comment to the administration of this forum
could you please make those links not hyper so that others dont get infected ? is it nessesary ? I would think so
========================================
Thanks
Lonny