Browser hijack, restrictions applied, possibly because a website I visited

[dairyman]

Hi,

Using Windows XP SP2.
Here is my problem: My IE homepage has being hijacked!

I just ran a full scan with Spybot - Search & Destroy, and it found:

CoolWWWSearch

AND

AntiSpyWare2007

So here is the HJT log.

The following programs have already being removed:

Vidalia Bundle (With Tor, Torbutton and Privoxy)
TC-Spy (Reported false-positives)

Also, that Proxy Server is something I tried to get working while I was still using IE. Search for it and the first result should be from "users.pandora.be".

Thanx. 

[saving space - attachment deleted by admin]

[dairyman]

In case you're wondering, I use IE so I can view SWI Forums (where I'm trying to learn how to read HJT logs). Also used so I can log into the McAfee SiteAdvisor website.

[evilfantasy]

You need to stay away from warez/keygens!!!

Firefox works just fine on the SWI forums and site advisor web site.

You need to do the other scans from this post and supply the logs.

[dairyman]

Hi evilfantasy,

I will stay away from warez/keygens.

ESET Online Scanner says it is not compatible with Firefox.
I will download SUPERAntiSpyware and post the log.

[evilfantasy]

ESET Online Scanner says it is not compatible with Firefox.

Then use this one and post the log from it.

Trend Micro Housecall Scan for Firefox

1. Click Scan Now. It's Free
2. Read and put a Check next to Yes, I accept the Terms of Use
3. Then click Launch HouseCall Wait for the Java-Based Housecall Kernel Test
4. Click Starting Housecall and wait for the updates to finish.
5. Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.

* It will download the latest scan engine and pattern files. When the definitions have been downloaded, the scan will start.
* Please wait while HouseCall scans your system…
* Once the scan is complete, it will take you to the summary page.

6. Under Cleanup options choose Clean all detected infections automatically
7. Click the Clean now>> button.
8. When presented with a notification According to your instructions, all detected infections were cleaned..., click OK

* The Housecall log is saved to C:\Documents and Settings\UserName\.housecall6.6\log

Add the log as an attachment in the post along with the SUPERAntiSpyware log and the new HijackThis log.

[dairyman]

These are the sort of scans that really use up my ISP's data allowance.

I noticed that the modem lights where blinking wildly.

I hope you don't get mad because I asked this, but since most sites are compatible with Opera, would it be OK if I just keep using Opera?

I don't use IE anymore. In fact, I've being planning to uninstall IE.

[evilfantasy]

If you are having problems with the online scans do to your ISP then you can hold off on it. In fact it is better that we know you have download limits and such so we can try to work around that.

But the SUPERAntiSpyware scan should not have that problem. Have you gotten that log?

[dairyman]

Sorry, I forgot about that.

Next reply will have a SUPERAntispyware log if I can find it.

[evilfantasy]

*  To retrieve the removal information please do the following:
+  After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+  Click Preferences. Click the Statistics/Logs tab.
+  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+  It will open in your default text editor (such as Notepad/Wordpad).
+  Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
*  Click close and close again to exit the program.
*  Please add the log as an attachment along with a new HijackThis log in the next post.

[dairyman]

Here are the SUPERAntispyware and HijackThis log files.

[saving space - attachment deleted by admin]

[evilfantasy]

Open HijackThis and place a check mark next to

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Serial99.com

Close all windows and click Fix checked.


Are you still having any problems?

[dairyman]

No problems.

Thanks!! 
Won't download any keygens/warez again.