I have something changing my home page to homesearch.com. i have tried ad-aware, spybot and cwshredder even nortons nothing has worked. i found the file in my add and remove programs but could not delete it. any ideas
Thanks

Dan

 

What operating system are you running? If it is XP just do a system restore to the point before it showed up and it will be gone.

 

never thought of that.

 

It actually sounds like a worm. Some of them are tricky. At work, we were infected by a worm. They tried everyting. Finally had to format Hard drive and reload everything. Had to scan the data files through separate computer to isolate the worm in them before reinstalling. No, we didn't go to a lot of work for nothing. Had professional programmer come in and after trying many other things, thats what he had to do. Most of the new worms and viruses embed in other files and reemerge at later date.

 

Boot up in safe mode, then run your ad-aware etc. It can then remove the files it could not otherwise remove.

 

I forgot about the safe mode trick. That usually works if the restore won't. I have yet to have a worm or virus show back up afgter a system restore. Don't know how it works but it does.

 

http://www.thatcomputerguy.us/downloads-cat4.html

download HijackThis. Save it to a permanent folder on your computer (i.e. MyDocuments or C:\my documents\HJT) and run the program and have it scan your system. DO NOT FIX ANYTHING YET! Save a log and copy and paste the contents of the log in a reply here so we can analyze it and help you further.

Look here for more Info
http://www.computercops.biz/HijackThis.html

Regards,
Patrick

 

I just re-formatted my hard drive, did it yesterday, took about an hour. I have an old OS, windows 98SE, and I reformat about every 6 months to a year...the other day I tried to download a pop-up blocker but couldn't, due to the fact I kept getting pop-ups from other po-up blockers!

Now it runs like brand new...

 

Sprock226

http://toolbar.google.com/

Pop-up blocker

 

Get mozilla it has a popup blocker and ain't as prone to being hijacked as IE www.mozilla.org
There is another thread here about mozilla ....

 

I'm at work right now but i will post it as soon as i get home.

Dan

 

Here is my hijack screen thanks for any help

Logfile of HijackThis v1.97.7
Scan saved at 12:14:39 PM, on 6/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\LEXBCES*****
C:\WINDOWS\system32\LEXPPS*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr*****
C:\WINDOWS\System32\cisvc*****
C:\Program Files\Norton AntiVirus\navapsvc*****
C:\WINDOWS\System32\nvsvc32*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\mshz32*****
C:\WINDOWS\system32\qttask*****
C:\program files\support.com\client\bin\tgcmd*****
C:\Program Files\Logitech\iTouch\iTouch*****
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd*****
C:\Program Files\BroadJump\Client Foundation\CFD*****
C:\Program Files\Common Files\Symantec Shared\ccApp*****
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd*****
C:\Program Files\HP\hpcoretech\hpcmpmgr*****
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC*****
C:\WINDOWS\System32\ndllzxy*****
C:\WINDOWS\system32\iels*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf*****
C:\Program Files\Sony\VAIO Action Setup\VAServ*****
C:\Program Files\Sony Corporation\Image Transfer\SonyTray*****
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08*****
C:\Program Files\Road Runner\Medic\RRMedic*****
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD*****
C:\WINDOWS\System32\HPZipm12*****
C:\WINDOWS\System32\cidaemon*****
C:\WINDOWS\System32\WISPTIS*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Documents and Settings\Tina\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis*****
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nsjjn.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nsjjn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nsjjn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;localhost
O2 - BHO: (no name) - {34486039-E905-10CA-29CC-C115092F02E3} - C:\WINDOWS\system32\crrq.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask*****
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd***** /server
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch*****
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd*****
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD*****
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd*****" /server /nosystray /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy*****"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd*****"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr*****"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC*****
O4 - HKLM\..\Run: [stwitpwciru] C:\WINDOWS\System32\ndllzxy*****
O4 - HKLM\..\Run: [iels*****] C:\WINDOWS\system32\iels*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRCLEAN*****"
O4 - HKLM\..\RunOnce: [ieee32*****] C:\WINDOWS\ieee32*****
O4 - HKLM\..\RunOnce: [d3ub*****] C:\WINDOWS\system32\d3ub*****
O4 - HKLM\..\RunOnce: [sysna32*****] C:\WINDOWS\system32\sysna32*****
O4 - HKLM\..\RunOnce: [winys32*****] C:\WINDOWS\system32\winys32*****
O4 - HKLM\..\RunOnce: [winbf*****] C:\WINDOWS\winbf*****
O4 - HKLM\..\RunOnce: [syspo32*****] C:\WINDOWS\system32\syspo32*****
O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic*****
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader*****.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08*****
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf*****
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C348DBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/...ad/sonyctl.CAB

 

Anyone????

 

You might try, webroot.com. I downloaded the trial version and it found 2 bugs that spybot and adaware didn't.

 

I still say re-format...