My homepage has been taken over by tits.hardcore4ever.net and I can't change it back, and I have three Internet links which show up when I start up my computer - one a google bar, one some Anomymous Surfer and another one for Sex pictures - Despite using SpyBot and AdWare they still go un-detected. Also, to rememdy things I tried to lock the admin of my home page so it couldn't be changed except my the adminsitrator, but can't seem to find where I did this. Any suggestions.

Download HiJack This unzip and run. Click scan, it will shange to save log. Post the results

I have a similar problem, though the specific sites are different. I have tried Adaware, Spybot, and a dozen other programs and they haven't helped. I would really appreciate help. My HiJack This log says: Logfile of HijackThis v1.97.7 Scan saved at 6:37:33 PM, on 12/6/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\System32\pctspk.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\RUNDLL32.exe C:\Program Files\AIM\aim.exe C:\Program Files\America Online 8.0\aoltray.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Program Files\WinZip\WZQKPICK.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe C:\Documents and Settings\User\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Go!Zilla] "C:\Program Files\Go!Zilla\gozilla.exe" /tray O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: winlogon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37831.6546064815

jnicholas, Run HijackThis again and place a check in the box next to the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/ O4 - Global Startup: winlogon.exe

Thank you for the help. One small problem, though. I fixed the first few, but HijackThis will not allow me to delete O4 - Global Startup: winlogon.exe because it is "in use," and windows won't let me shut it down because it is a "critical system process." The deleting of the first few works, but only until I restart again. Any help would be appreciated.

Never mind... I just started in safe mode and deleted it... duh. Everything is fine now. Thanks for the help!

hiya. ive got the exact same problem. my homepage has been taken over by some web site www.search-space.com do not go anywhere near this website! its bad news! anyway i downloaded, unzipped n ran the hijack this program and plz find below the results of the scan. im wondering if any of you kind experts could advise me on what to delete from the list as i am not sure. any help wil lb greatly appreciated as this problem is proving really annoying! stephen Logfile of HijackThis v1.97.7 Scan saved at 22:46:18, on 16/12/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\MDM.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\WINDOWS\SYSTEM\RNAAPP.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\SYSTEM\MAINVIEWEX.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\ptsnoop.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe C:\WINDOWS\LOADQM.exe C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.exe C:\WINDOWS\SYSTEM\WIN32GB.exe C:\WINDOWS\SYSTEM\MSCNT.exe C:\WINDOWS\SYSTEM\E_S10IC2.exe C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.exe C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe C:\PROGRAM FILES\WILDTANGENT\DDC\DDCMANAGER\DDCMAN.exe C:\PROGRAM FILES\WILDTANGENT\DDC\ACTIVEMENU\DDCACTIVEMENU.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\MSHTA.exe C:\WINDOWS\WT\UPDATER\WCMDMGR.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe C:\WINDOWS\WINLOGON.exe C:\WINDOWS\SYSTEM\WINOA386.MOD C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\PROGRAM FILES\WINZIP\WINZIP32.exe C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.wowsearch.org/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://1-se.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://1-se.com/home.html (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://1-se.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://1-se.com/srchasst.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://1-se.com/srchasst.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://1-se.com/home.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://1-se.com/home.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://1-se.com/srchasst.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://1-se.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://1-se.com/home.html (obfuscated) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.freeserve.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated) R3 - URLSearchHook: {0000031A-0000-0000-C000-000000000046} - - (no file) F1 - win.ini: run=c:\windows\system\mainviewex.exe O1 - Hosts: 209.132.200.78 auto.search.msn.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll O2 - BHO: (no name) - {23BC1CCF-4BE7-497F-B154-6ADA68425FBB} - C:\WINDOWS\SYSTEM\EXPEXT.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [UKVideo2] c:\program files\dialers\ukvideo2\ukvideo2.exe /noconnect O4 - HKLM\..\Run: [Adult_Chat1] C:\WINDOWS\Adult_Chat1.exe -n O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe O4 - HKLM\..\Run: [win32gb] c:\windows\system\win32gb.exe /noconnect O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S10IC2.exe /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64" O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\TEMP\NAVBROWSER.exe" /r /i "C:\WINDOWS\TEMP\NavLoad.ini" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [DDCM] "C:\PROGRAM FILES\WILDTANGENT\DDC\DDCMANAGER\DDCMan.exe" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\PROGRAM FILES\WILDTANGENT\DDC\ACTIVEMENU\DDCACTIVEMENU.exe" -boot O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [winmain] winmain.exe O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\SYSTEM\expup.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup -- O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe O4 - HKLM\..\RunServices: [Mainviewex] c:\windows\system\mainviewex.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe O8 - Extra context menu item: Web Search - c:\windows\ex.htm O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O13 - DefaultPrefix: http://193.125.201.50/?trk= O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx