Full Screen Search

  AJ28 15:25 06 Mar 05
Locked

As i have another computer in the house i do not use this one with the problem so often, but others do frequently and when used i can see how irritating it really is.

When first starting up internet explorer, after the computer has been closed down and then turned on, upon opening explorer a full screen page comes on after about 20 seconds or so, the page states 'Your Search Page' with hundreds of links on it, linking to completly random searches such as trampolies... There is an x in the corner which would be nice to close, but it is grayed out and cannot be pressed. The only way to close this page is to control alt and delete and close down all aspects of explorer open.

We have had this problem for a while, and using adaware and virus checkers it doesnt seem to solve it. Although after finding spyware and deleting it does seem to not come up first time, then it comes back after the next time.

Can anyone suggest something that is wrong, or some way i might be able to banish this problem away. thankyou for reading.

  stalion 15:35 06 Mar 05

looks like your browser has been hijacked.Post a hijack this log.Download hijack this to it's own folder and run it and post the result on here,break the result up in to parts as there is a 800 word limit to one post also double space between the lines please
click here

  AJ28 16:39 06 Mar 05

Logfile of HijackThis v1.99.1
Scan saved at 16:15:52, on 06/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\My Documents\Setups\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = click here

  AJ28 16:42 06 Mar 05

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = click here
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [SystemSearch] C:/WINDOWS/REGEDIT.EXE -s C:/WINDOWS/system.reg
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

  AJ28 16:42 06 Mar 05

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - click here
O16 - DPF: {11111111-1111-1111-1111-111300000000} - mhtml:C:\\NO_SUCH_MHT.MHT!click here
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - click here
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here
O16 - DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} (Whale Attachment Wiper ) - click here
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

  AJ28 16:43 06 Mar 05

Well theres plenty there... And lots of search assistants which have always been the problem.

  stalion 16:47 06 Mar 05

thanks for posting please be patient now, I am not able to deal with this the person that is experienced regarding these may not be around until later she is Nellie2.
Regards

  AJ28 16:49 06 Mar 05

Thanx alot for the help

  GANDALF <|:-)> 17:04 06 Mar 05

click here and download MS antispy from click here and run it. The run Ccleaner click here and delete all it finds. Turn sys restore baqck on and set a restore point.

I visited a computer on Thursday that has HotSearchBox on it and the above sorted it quickly.

G

  Nellie2 17:53 06 Mar 05

MS Antispy can clean up a lot of stuff... when you have followed Gandalf's advice can you post a fresh log just to check if there is anything left to deal with

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

The Pantone Colour of the Year 2017 is Green

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…