Stubborn URL

I have a URL in my address bar of IE that I cannot get rid of despite running about 16 anti-spyware programs. Can anyone help me?

 

Hi Walad,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been tied up with work lately and cannot visit this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

I ran the suggestions in the "Read Me First" Tutorial twice and I still have this URL. I might note that I'm running Windows ME. I couldn't run the online scans from Safe Mode as when I reboot into Safe Mode I don't have the option "safe mode with networking support". I ran Trend Micro's Housecall (was clean), the Symantec Security Check page wouldn't load. I rebooted into Safe Mode and ran McAffee Avert Stinger and all of the other antispyware programs listed in the Tutorial. When I run Spybot I have two entries that I can't get rid of: Download Excellerator Plus Ads (2 entries) and a DSO Exploit hit.

I'll attach the Hijack This .txt file....

Thanks for your help with this.

 

Hi Walad,

Been so busy these days, I forgot to ask you the name of the Unwanted URL?

Let's do this:

Please scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msnbc.com/news/NEWS_Front.asp?0dm=T---N
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>

O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ---> Probably SpyBotSD, but remove it for now

O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/20217d55a6874210ab23/netzip/RdxIE.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/products/X1WebInstall.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} -
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -

Again, make sure All Browser Windows are Closed when you Click FIX.


NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com OR www.phillies.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Please rescan with HijackThis and submit a fresh Log. Also, let me know how things are running now.

Best luck
PP

 

Thanks Phillie, that did it! I live in PA about 60 miles north of Philly. If I ever see you at a Phillies game, I'll buy ya a $5 beer!

 

It's a deal!!

You can go ahead and reinstitute Spybot's protections now.

While you're here, have a peek at Chaslang's Recommendations!!

PP