Homepage Hijack

  Eargasm 23:54 22 Dec 2004
Locked

Iv'e had my homepage hijacked by about blank.

I have xp home internet explorer, and adaware, spybot,cw shredder and run avg. All show nothing when run.

I have searched the archive but none of the solutions have worked so far.

I have downloaded start page guard as advised by VOG in one thread, but after locking my homepage it still changes.

Control panel/Internet options/ homepage gets changed to default.home

Can anyone advise me how to get rid ?

Thanks Phil

  Eargasm 00:01 23 Dec 2004

I have just noticed if i click the tiscali icon on desktop then my tiscali homepage opens, however if i click on internet explorer on desktop i get res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm

  Fruit Bat /\0/\ 12:12 23 Dec 2004

About black is asymptom of coolweb search hijack you may well need shreeder to get rid of it befor you can reset your homepage.

CW Shredder click here

Winpatrol isa good idea WinPatrol click here

  Eargasm 17:49 23 Dec 2004

Thanks for all your replies, i have just got in from work. I will try the various solutions and keep you posted .

  Eargasm 19:45 23 Dec 2004

I have just run a full avg6 scan virus database 560 and found nothing.

I have also just ran c w shredder v2.10 ,adaware se 1r23, a- squared v1.5.2 last update 15/12/04, spybot s+d 1.3 all in safemode and all found nothing, but the problem persists.

Should i try hijack this next?

  Eargasm 19:56 23 Dec 2004

I have just noticed as well, if i go to google and type "default home" and press search it takes me to the about blank-microsoft internet explorer homepage.

  Eargasm 22:10 23 Dec 2004

Logfile of HijackThis v1.99.0

Scan saved at 21:35:12, on 23/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Executive

Software\DiskeeperLite\DKService.exe

C:\Apps\ActivBoard\MMKeybd.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Phil\Desktop\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = click here

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = click here

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

  Eargasm 22:11 23 Dec 2004

O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\apps\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DOMP Class -

{4C1B116F-2860-46db-8E6C-B4BFC4DFD683} -

C:\WINDOWS\ietlbass.dll

O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program

Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L
ElbyCDFL
O4 - HKLM\..\Run: [AVG_CC] C:\Program

Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [EM_EXEC]

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ACTIVBOARD]

C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [SmcService]

C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - Global Startup: DSLMON.lnk = C:\Program

Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment

Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}

(PCPitstop Utility) -

click here

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

click here

9
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} -

click here

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}

(PatchInstaller.Installer) -

file://Q:\content\include\XPPatchInstaller.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

click here

.antivirus.com/housecall/xscan53.cab

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC}

(EPSON Web Printer-SelfTest Control Class) -
click here
ab

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB}

(MSSecurityAdvisorCD Class) -

file://Q:\Content\include\msSecUcd.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

click here

O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71}

(InfosFinder2.InfosFinder) -

click here

r2.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1501395-87D5-4628-8

F39-6E13DDA32649}: NameServer = 80.225.252.186

80.225.252.178

O23 - Service: AVG6 Service - GRISOFT s.r.o -

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

O23 - Service: Diskeeper - Executive Software

International, Inc. - C:\Program Files\Executive

Software\DiskeeperLite\DKService.exe

O23 - Service: Netropa NHK Server - Unknown -

C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe

(file missing)

O23 - Service: Sygate Personal Firewall - Sygate

Technologies, Inc. - C:\Program

Files\Sygate\SPF\smc.exe

I hope i have done this right
Thanks Phil

  Eargasm 23:00 23 Dec 2004

I have just run spy sweeper on my pc and the results were

Trojans 0

System monitors 0

ADWARE altnet, cws analyze ie, cws n53, win ad

ADWARE COOKIES adtech cookie, atlas dmt cookie, doubleclisk cookie, mediaplex cookie.

  Eargasm 23:55 23 Dec 2004

VOG, Nellie2 (where are you ) i'm really struggling.

  Eargasm 15:20 24 Dec 2004

Thanks for your help,i will try your suggestions and let you know how i go on.

I have had major problems even getting onto the internet today.When i clicked my tiscali icon a blank page appeared "access blocked virus warning" with a link to adware, spyware removal guaranteed for $40.

ps No need to appologise, i am really really grateful for your help.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy Book 2: Release date, price and specs

Adobe's groundbreaking prototypes of new features and apps for Creative Cloud

When is the next Apple event?

Test : le Samsung Galaxy A9