Hijacked homepage

Computing.Net > Forums > Windows XP > Hijacked homepage

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijacked homepage

Name: Jason
Date: December 7, 2003 at 21:20:12 Pacific
OS: XP Home
CPU/Ram: HP Pavilion/512 MB

Comment:

My homepage has keeps getting changed to search-space.com and I can't find the problem. Here's my Hijack log. If someone could help it would be appreciated.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.internet-search.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.comcast.net/comcast.html
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager\agent\syncagent.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\RunServices: [WndMsg] C:\WINDOWS\kl4.cap
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud7.sports.yahoo.com/java/y/mlbst8298_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud7.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://jobs.tntlogistics.com/CFIDE/classes/CFJava.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37961.8509953704
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros03/foxsports/wtinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -

Sponsored Link

Ads by Google

Response Number 1

Name: rc
Date: December 7, 2003 at 21:52:02 Pacific

Reply:

Jason,
No one is going to even look at your problem with out you doing some obvious things first and then you will have to repost it in the security/virus forum.
1) download adaware and do the upgrades and run it and do as it suggests
2) download spybot serch & destroy, upgrade it and run it and do as it suggests
3) then rerun hijack this and copy the log if you still need to
4) repost in security/virus forum and state that you have done all the above and then and only then post the hijack this log there and someone will be more than glad to give you a hand
rc

Response Number 2

Name: Valerie
Date: December 8, 2003 at 00:40:07 Pacific

Reply:

Hello Jason - yours is the third hijack post I have replied to today. I agree with RC - please do the work first then ask for assist on the appropriate forum.
In addition to doing what RC suggests please download Browser Hijack Blaster and have it running at all times while you are on the Internet. It will notify you of any attempt to alter your browser homepage & give you options of what to do. Are you running anti-virus & firewall??
See the posts from Sangman at 17.55.35 hrs and from yeo80 at 23.19.16 for further info
Good luck
V...

Response Number 3

Name: jcnduval
Date: December 8, 2003 at 08:47:41 Pacific

Reply:

I've already dont adware and spybot and ran the suggestions, I've looked at other posts and got that information from there, the hijack log i've posted is what I got after running spybot and adware.

Response Number 4

Name: Abnormal
Date: December 8, 2003 at 09:18:01 Pacific

Reply:

Remove these, and reboot. The one in bold
is now blocked by SpywareBlaster.
http://www.javacoolsoftware.com/spywareblaster.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.internet-search.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros03/foxsports/wtinst.cab
Abnormal

Security and Hijack forum

Response Number 5

Name: jcnduval
Date: December 8, 2003 at 21:06:59 Pacific

Reply:

That fixed it!...thanks alot, I thought I would never get rid of that problem.

wkdetect msn homepage problems msn homepage canada comcast hijack Shockwave ActiveX Control swdir.dll hijacked homepage hijack.startmenu cyber security virus backweb-887648 browser hijacked	browser hijack virus my google search keeps getting redirected hijack.displayproperties my homepage has changed hijack.homepage removal issues running gamechannel/stattracker probleme hijack.homepage msn homepage problems Microsoft Works Icon uninstall zero knowledge freedom
See More

Sponsored Link

Ads by Google

Mp3 id3 tags???

formatting hardware

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: Hijacked homepage

Hijacked homepage

Summary

www.computing.net/answers/windows-xp/hijacked-homepage/127109.html

homepage hijack

Summary

www.computing.net/answers/windows-xp/homepage-hijack/101749.html

hijacked homepage

Summary

www.computing.net/answers/windows-xp/hijacked-homepage/90991.html

From the Geek Dictionary
Bottleneck - A term used to describe a point of slowdown. This can be used for crowds, v...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Connecting offsite server to main

Recommend backup strategy for small business

Cannot view video under profile

Caonot save file, folder is read only

movie won't view in IE

All Awaiting Reply

Tom's News
Google Launches Free Public DNS Service

UK Street May Be Named After Lara Croft

Universal to Release Blu-ray/DVD Combo Disc

Orangutan Takes Pics, Shares via Facebook

Man Suffocates Baby Over Gaming Marathon

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE