Why is my Homepage changing?????
21 July 2004, 02:39 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 2001
Posts: 1,214
Likes: 0
Received 0 Likes
on
0 Posts
Why is my Homepage changing?????
My IE Homepage (Google.co.uk) keeps changing everytime my PC boots up. Something keeps changing it back when I revert it back to Google.
Any ideas
Craig.
Any ideas
Craig.
21 July 2004, 03:42 PM
#5
Scooby Regular
Join Date: Mar 2000
Location: Aberdeen
Posts: 633
Likes: 0
Received 0 Likes
on
0 Posts
I had similar and (off this site,) was advised to find a program called "Hijack This". Use a Search Engine. Note: This is a very powerful program, so do EXACTLY what they tell you to do as it alters your Registry if you do not follow instructions. Certainly got mine fixed.
Trending Topics
21 July 2004, 06:28 PM
#8
Scooby Regular
Join Date: Jun 2004
Posts: 157
Likes: 0
Received 0 Likes
on
0 Posts
Hi Craig
I has the same problem- even though i run both adware and spyware and LOADS of other, still the same problem.
In the end i brought a spy sweeper program (from e-bay £8!) which has cleared it all for me.
i can try and attach the program in a e-mail if you need it, cant promise as i'm not a computer boff (no offence if anyone considers themself this!!)
I has the same problem- even though i run both adware and spyware and LOADS of other, still the same problem.
In the end i brought a spy sweeper program (from e-bay £8!) which has cleared it all for me.
i can try and attach the program in a e-mail if you need it, cant promise as i'm not a computer boff (no offence if anyone considers themself this!!)
Last edited by Pixxie; 21 July 2004 at 06:32 PM.
21 July 2004, 06:33 PM
#9
Scooby Regular
Join Date: Jun 2004
Posts: 157
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Pixxie
Hi Craig
I has the same problem- even though i run both adware and spyware and LOADS of other, still the same problem.
In the end i brought a spy sweeper program (from e-bay £8!) which has cleared it all for me.
i can try and attach the program in a e-mail if you need it, cant promise as i'm not a computer boff (no offence if anyone considers themself this!!)
I has the same problem- even though i run both adware and spyware and LOADS of other, still the same problem.
In the end i brought a spy sweeper program (from e-bay £8!) which has cleared it all for me.
i can try and attach the program in a e-mail if you need it, cant promise as i'm not a computer boff (no offence if anyone considers themself this!!)
21 July 2004, 07:50 PM
#10
Scooby Regular
Thread Starter
Join Date: Oct 2001
Posts: 1,214
Likes: 0
Received 0 Likes
on
0 Posts
For those of you that know about "Hijack This" can you advise which of the following from the log need to be checked / fixed.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://deeklo.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://deeklo.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KMEKE9801] C:\PROGRA~1\T-Media\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\tsmzzgz.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Services] servicess.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Services] servicess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Preventon Personal Firewall.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDBA86B-16B4-4E55-A9DC-438A47FE9001}: NameServer = 62.241.160.200 158.43.240.3
Cheers,
Craig.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://deeklo.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://deeklo.t.muxa.cc/s.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://deeklo.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KMEKE9801] C:\PROGRA~1\T-Media\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\tsmzzgz.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Services] servicess.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Services] servicess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Preventon Personal Firewall.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDBA86B-16B4-4E55-A9DC-438A47FE9001}: NameServer = 62.241.160.200 158.43.240.3
Cheers,
Craig.
21 July 2004, 11:11 PM
#13
Scooby Regular
Join Date: Feb 2003
Posts: 335
Likes: 0
Received 0 Likes
on
0 Posts
Have u run an up 2 date virus checker or even one of those on-line scan ones?
Not 100% sure but
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Services] servicess.exe
look a bit suspicious may be?
did u download latest version of spybot, 1.3 i think, 1.2 just seemed to stop finding updates or anything for that matter.
Not 100% sure but
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Services] servicess.exe
look a bit suspicious may be?
did u download latest version of spybot, 1.3 i think, 1.2 just seemed to stop finding updates or anything for that matter.
Last edited by krazy; 21 July 2004 at 11:20 PM.
22 July 2004, 07:57 AM
#14
Scooby Regular
Join Date: Mar 2000
Location: Aberdeen
Posts: 633
Likes: 0
Received 0 Likes
on
0 Posts
Craigfin,
Did you also post your "log" on the site referred to in Hijack This?
That is what I did and somebody gave me excellent advice as to what to remove, very quickly.
Did you also post your "log" on the site referred to in Hijack This?
That is what I did and somebody gave me excellent advice as to what to remove, very quickly.
22 July 2004, 08:06 AM
#15
Scooby Regular
Join Date: Jul 2001
Location: deep inside your imagination
Posts: 24,057
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by krazy
Have u run an up 2 date virus checker or even one of those on-line scan ones?
Not 100% sure but
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Services] servicess.exe
look a bit suspicious may be?
did u download latest version of spybot, 1.3 i think, 1.2 just seemed to stop finding updates or anything for that matter.
Not 100% sure but
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd12\od-stnd12_gb.exe -remove
O4 - HKCU\..\Run: [Services] servicess.exe
look a bit suspicious may be?
did u download latest version of spybot, 1.3 i think, 1.2 just seemed to stop finding updates or anything for that matter.
servicess.exe is W32.HLLW.Soft6 (aka W32.HLLP.Soft6, W32.Soft6, W32/Soft6.worm, W32.Hi2000)
HaldexLtd (sws.exe) is a premium rate dialler for **** sites
wmmon32.exe is WORM_RBOT.JF
23 July 2004, 05:07 PM
#16
Scooby Regular
Join Date: Aug 2003
Location: Epsom
Posts: 5,832
Likes: 0
Received 0 Likes
on
0 Posts
YOU'RE TOAST MATE!
sorry to be like that but you clearly havent been running anti-virus/firewall and patching critical updates. This is a hard lesson as to what happens when you dont. Get yourself a free trail version of some av software and clean up your pc - free personal firewall from www.sygate.com, and get latest ad-aware from http://www.lavasoftusa.com/software/adaware/. Also go to windowsupdate.microsoft.com.........
If you ever come across coolwebsearch - thats a really hard one to shift....
sorry to be like that but you clearly havent been running anti-virus/firewall and patching critical updates. This is a hard lesson as to what happens when you dont. Get yourself a free trail version of some av software and clean up your pc - free personal firewall from www.sygate.com, and get latest ad-aware from http://www.lavasoftusa.com/software/adaware/. Also go to windowsupdate.microsoft.com.........
If you ever come across coolwebsearch - thats a really hard one to shift....
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM