configuration warning at startup

[Guest]

for the past few days I have been receiving the following message when my computer starts up. I have WindowsXP Home Edition, IE6. Configuration Warning: an error occured reading the startup configuration file. Please contact your administrator. prefs.js,line30 SyntaxError:illegal character.user_pref("browser.startup.homepage","mysearchnow.com");\nuser_pref("browser.startup.page",1) I don't know why this started to happen. I had to reinstall msn messenger 6.1 and i think it started after that, but I don't know if that's the reason. I also have a new 'blue' search bar on all sites I go to, and I have to go to view,toolbars and uncheck my mcafee toolbar to get rid of this new search bar.It's quite annoying and I need help with this issue. Thanks in advance-I'm also a newbie so please be kind with your wording-thanks.

 

[Chuck]

for the past few days I have been receiving the following message when my computer starts up. I have WindowsXP Home Edition, IE6. Configuration Warning: an error occured reading the startup configuration file. Please contact your administrator. prefs.js,line30 SyntaxError:illegal character.user_pref("browser.startup.homepage","mysearchnow.com");\nuser_pref("browser.startup.page",1) I don't know why this started to happen. I had to reinstall msn messenger 6.1 and i think it started after that, but I don't know if that's the reason. I also have a new 'blue' search bar on all sites I go to, and I have to go to view,toolbars and uncheck my mcafee toolbar to get rid of this new search bar.It's quite annoying and I need help with this issue. Thanks in advance-I'm also a newbie so please be kind with your wording-thanks.

Mysearchnow.com is spyware.

Start by downloading LSP-Fix from <http://www.cexx.org/lspfix.htm>, and
CWShredder from <http://www.majorgeeks.com/download4086.html>.

First, run CWShredder.

Next check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://security.kolla.de/index.php?lang=en&page=download>.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it here):
<http://www.spywareinfo.com/forums/>
<http://forums.tomcoyote.org/>
<http://63.247.79.145/~coyote/forums/>
<http://www.wilderssecurity.com/>
<http://forums.net-integration.net/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Harden your operating system. Check at least monthly.
http://windowsupdate.microsoft.com/

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

so anyway-the previous is what i got from hijackthis-i figured i'd post it here for you to analyze-the only thing i noticed that didn't seem right-is the default search menu thingy-this was never here before-i mean every time i turn on my computer instead of have my rogers home page come up, this page comes up. I've changed it every time under tools,internet options but it never stays that way. I also get icons on my desktop that i never purposely put there and even though i delete them and send them to the recycle bin and empty it they appear each time i start my computer. the blue bar that i had previousley mentioned is gone but now i got this new thing. i did the spybot thing and the shredder. the cexx.org link gave me page not available. Thanks again for your assistance.

 

[Chuck]

so anyway-the previous is what i got from hijackthis-i figured i'd post it here for you to analyze-the only thing i noticed that didn't seem right-is the default search menu thingy-this was never here before-i mean every time i turn on my computer instead of have my rogers home page come up, this page comes up. I've changed it every time under tools,internet options but it never stays that way. I also get icons on my desktop that i never purposely put there and even though i delete them and send them to the recycle bin and empty it they appear each time i start my computer. the blue bar that i had previousley mentioned is gone but now i got this new thing. i did the spybot thing and the shredder. the cexx.org link gave me page not available. Thanks again for your assistance.

The previous didn't post. Try again please - you definitely have a problem.

Trying pinging www.cexx.org and see what you get.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

My second posting I can see here. I was talking about R1-HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.your-search.info/start.html and all related items listed with this yoursearch stuff. This is the newest problem that hijackthis came across. I reran it and 'fixed' anything that had 'yoursearch' in it and restarted my computer and it was still there-my home page was not rogers like its suppose to be. and those icons were still on my desktop. How do you ping www.cexx.org??? Once again thanks for any and all help in this matter.

 

[Chuck]

My second posting I can see here. I was talking about R1-HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.your-search.info/start.html and all related items listed with this yoursearch stuff. This is the newest problem that hijackthis came across. I reran it and 'fixed' anything that had 'yoursearch' in it and restarted my computer and it was still there-my home page was not rogers like its suppose to be. and those icons were still on my desktop. How do you ping www.cexx.org??? Once again thanks for any and all help in this matter.

Racket,

HijackThis looks for spyware by its traces. Running HJT, and fixing anything
immediately, is not recommended. Always save the HJT log, and post it for
expert interpretation. The components of mysearchnow.com that resurrect itself
after computer restart, almost certainly, will not be named anything with
"yoursearch" in it. Expert interpretation is always advised.

To ping www.cexx.org, Start - Run - cmd - "ping www.cexx.org".

Also, do a search of your system drive - Windows Explorer - right click on C:
drive, select Search. File name "hosts" (without the quotes), then under
Advanced options, select - "Search system folders", "Search hidden files and
folders", "Search subfolders". There should be ONE legit copy of hosts, in
"C:\WINDOWS\system32\drivers\etc\".

To review effective use of HijackThis:
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it here):
<http://www.spywareinfo.com/forums/>
<http://forums.tomcoyote.org/>
<http://63.247.79.145/~coyote/forums/>
<http://www.wilderssecurity.com/>
<http://forums.net-integration.net/>

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

the subject of this posting has changed although it still ( i think) relates to the original posting that I somehow fixed. Since the original posting has been mysteriously fixed (cause I don't know how I did it), my home page has been hijacked. I delete the IE sites that have found their way onto my desktop and into my favorites and I change my homepage back to what it is suppose to be (under internet options), but when I shut down or turn off my computer and restart it, my homepage is: www.your-search.info/start.html This is not my homepage; I'm with Hispeed.rogers.com Please help me with this issue. I have done the hijack this and posted it here my 2nd posting under this subject and I have done the spybot etc that was previously suggested (thanks Chuck). What can I do now about this hompage issue. It's making me crazy!

 

[Chuck]

the subject of this posting has changed although it still ( i think) relates to the original posting that I somehow fixed. Since the original posting has been mysteriously fixed (cause I don't know how I did it), my home page has been hijacked. I delete the IE sites that have found their way onto my desktop and into my favorites and I change my homepage back to what it is suppose to be (under internet options), but when I shut down or turn off my computer and restart it, my homepage is: www.your-search.info/start.html This is not my homepage; I'm with Hispeed.rogers.com Please help me with this issue. I have done the hijack this and posted it here my 2nd posting under this subject and I have done the spybot etc that was previously suggested (thanks Chuck). What can I do now about this hompage issue. It's making me crazy!

Racket,

Did you post the HJT log as "Racket", or as
"(e-mail address removed)"? I can only find 4 posts by "Racket",
none of which contain a HJT log.

Did you try the system drive search? This sounds like a Hosts file hijack, with
your inability to access www.cexx.org. The HJT log should help us identify the
stub that keeps resurrecting the home page hijack.

Try re posting the HJT log, and post it to spywareinfo too.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

I posted it under racket anonymous-anyhow i posted it again-i just noticed something here-your first post has no arrow and neither does my 2nd posting. yours did a little while ago-and mine never did. maybe that's why you couldn't find it.

 

[Guest]

Logfile of HijackThis v1.97.
Scan saved at 5:22:17 PM, on 3/21/200
Platform: Windows XP SP1 (WinNT 5.01.2600
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106

Running processes
C:\WINNT\System32\smss.ex
C:\WINNT\system32\winlogon.ex
C:\WINNT\system32\services.ex
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.ex
C:\WINNT\System32\svchost.ex
C:\WINNT\system32\LEXBCES.EX
C:\WINNT\system32\spoolsv.ex
C:\WINNT\system32\LEXPPS.EX
C:\WINNT\system32\netdde.ex
C:\WINNT\System32\msdtc.ex
C:\WINNT\system32\cisvc.ex
C:\WINNT\system32\clipsrv.ex
C:\WINNT\System32\dllhost.ex
c:\PROGRA~1\mcafee.com\vso\mcvsrte.ex
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.ex
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SY
C:\WINNT\system32\slserv.ex
C:\WINNT\System32\snmp.ex
C:\WINNT\System32\svchost.ex
C:\WINNT\System32\dllhost.ex
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINNT\System32\vssvc.ex
C:\WINNT\Explorer.EX
C:\WINNT\wanmpsvc.ex
C:\WINNT\System32\wbem\wmiapsrv.ex
C:\WINNT\System32\dmadmin.ex
C:\PROGRA~1\mcafee.com\agent\mcagent.ex
C:\PROGRA~1\mcafee.com\vso\mcvsshld.ex
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.ex
C:\Program Files\Common Files\Real\Update_OB\realsched.ex
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.ex
c:\progra~1\mcafee.com\vso\mcvsescn.ex
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.ex
C:\Program Files\Gateway Utilities\GWInkMonitor.ex
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
C:\Program Files\QuickTime\qttask.ex
C:\Program Files\Winamp\winampa.ex
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.ex
C:\Program Files\Messenger Plus! 2\MsgPlus.ex
C:\Program Files\Lexmark X1100 Series\lxbkbmon.ex
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.ex
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.ex
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.ex
C:\WINNT\System32\hkcmd.ex
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.ex
C:\PROGRA~1\BYTEBI~1\file dale stop.ex
C:\Program Files\Netscape\Netscape\Netscp.ex
C:\Program Files\MSN Messenger\msnmsgr.ex
c:\progra~1\mcafee.com\vso\mcvsftsn.ex
C:\Program Files\Messenger\msmsgs.ex
c:\PROGRA~1\mcafee.com\vso\mcshield.ex
C:\WINNT\system32\cidaemon.ex
C:\Program Files\Internet Explorer\IEXPLORE.EX
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.ex

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.your-search.info/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hispeed.rogers.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.your-search.info/start.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.your-search.info/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.your-search.info/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.your-search.info/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.your-search.info/start.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.your-search.info/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.your-search.info/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.your-search.info/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.your-search.info/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Interne
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://cache:808
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {103297E0-0D97-E33D-7D80-B83966423A9A} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - C:\Program Files\Rogers Hi-Speed Internet\RHSI Toolbar\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Name dart] C:\PROGRA~1\BYTEBI~1\file dale stop.exe
O4 - HKLM\..\Run: [system32.dll] C:\WINNT\system\systeminit.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers Hi-Speed Internet\RHSI SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1074125675248
O16 - DPF: {35F49483-7BB9-46A0-90EB-9278FE8771F7} (Project1.AddChild) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/addchild/addchild.cab
O16 - DPF: {3734A957-FBD5-4F87-A404-4289C6F3DDFF} (DownloadScanEngine.ctlDSE296315) - http://downloads.rogershelp.com/updates.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeua

 

[Guest]

I also just noticed that the one i just posted is different from the original-i tried to repost the original-did it work for you. since the original posting of my hijackthis log i installed Webroot Spy Sweeper and followed it's directions-maybe that's why the two are different. This spysweeper does bring back my homepage but it tells me that my home page has been changed to your-search.info and gives me the option to change it back to what I want it as before IE starts. Just thought maybe this info might be important. Sorry for all the postings-is there somewhere else we can get together and figur this out or is this location fine for multiple postings?!

 

[Chuck]

<SNIP>

Racket,

Well, I found a few interesting items. You can check them before deleting -
start from <http://www.help2go.com/modules.php?name=News&file=article&sid=153>.

Found various pieces of:
MyWebSearch
TV Media
CometCursor


All of these that are not preceded by "??" are known baddies. The "??" item is
one which you might recognise, in which case you don't want to delete it.

Start by killing these processes from Task Manager:
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe

Then kill these from HJT:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.your-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.your-search.info/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.your-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.your-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.your-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.your-search.info/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.your-search.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.your-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.your-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.your-search.info/search.html
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no
file)
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} -
C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program
Files\TV Media\TvmBho.dll
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
/onreboot
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
?? O9 - Extra button: PartyPoker.com (HKLM)
?? O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) -
http://dm.cometsystems.com/dm/dm_286.cab

When you start HijackThis, go to Config, and make sure "Make backups before
fixing items" is checked. Check all of the above to be fixed, hit Fix checked.
Close HJT, reboot. Rerun HJT, post new log.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Thank you for the reply and new directions! I will try this and get back to you. Again greatly appreciated.

 

[Chuck]

Thank you for the reply and new directions! I will try this and get back to you. Again greatly appreciated.

Racket,

No sweat. I've been learning how to interpret HijackThis logs for a while -
this is the first time I've interpreted a log with so many examples of bad
stuff.

Looking forward to seeing how well this resolves your problems.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Hey there! I tryed starting a new posting in regards to this hijacked home page and a couple other people replied. They did not have anything useful information to provide me. I did install ad-aware and did as they suggested, however, my issue still occurs. I apologize for not getting back to you sooner, as I've been busy. The webpage icons still appear on my desktop and are still incorporated into my favorites list and HJT still has your-search.info etc listed in it's findings. Got anything else? I was going to post my HJT findings at the forums you suggested, unfortunately they did not look to promising or very professional. I have to say that as someone knew the computer world, that I am not impressed by the pesonel at some of these forums. Do you know of any Professional places I can contact who might be of greater assistance if you cannot come up with anything thing else in regards to my computer issue? I do appreciate your kindness and patience,which is not something I'm seeing much of here at this forum. Thanks again!!!!