In desperation

Hello,

I wonder if someone may be able to help a man who’s not terribly computer conversant please? I have tried to access, and understand, the reports on site concerning this problem but to be honest I’m struggling.

From what I have read on site it seems I’ve been “highjacked” by some organisation named www.hugesearch.net, or www.search-space.com, using an ActiveX control. Every time I try to access a website this organisation’s search page comes up which is both frustrating and irritating.

I’ve tried everything I can to stop this but without success. I can “fix” the problem using the softwares I have but every time I reboot it recurs. My operating system is Windows Millennium and the softwares I’ve tried to use to get rid of this problem are Ad-aware 6.0, SpyBotS&D 1.2 and SpywareBlaster Release 2.6.1

I appreciate other members are probably bored rigid with reports of this problem and if I’m being a nuisance I apologise but if anyone is able to give me “idiot-proof” instructions as to how to get rid of this problem once and for all I would be very grateful.

My e-mail is removed before the spambots find it - Pieter

Kind regards,

Oliver

 

Hi OliverX669,

Welcome at Wilders.

Download, unzip and run: CWShredder
Use the Fix button and follow the intructions you will receive.
If that does not solve it, I would need to see your HijackThis log.

Regards,

Pieter

 

Hello Pieter,

Many thanks for your prompt reply, its much appreciated.

I'll go and get cwshredder, thank you for that.

I downloaded Hijackthis, got that info from an onsite reply, and here is the logfile.

Kind regards,

Oliver

Logfile of HijackThis v1.97.7
Scan saved at 14:16:16, on 13/02/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\TURNPIKE\INVERSE\ARMON32A.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP FOR WINDOWS ME\PGPSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINFAXPRO\WFXCTL32.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP FOR WINDOWS ME\PGPTRAY.EXE
C:\PROGRAM FILES\AOL 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINFAXPRO\WFXMOD32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINFAXPRO\FAXMNG32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSACCESS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hugesearch.net/bar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hugesearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hugesearch.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hugesearch.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hugesearch.net/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hugesearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hugesearch.net/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hugesearch.net/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.demon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hugesearch.net/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hugesearch.net/bar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE ACROBAT 5\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\FONTS\fonts.hta
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\TURNPIKE\INVERSE\ARMon32a.exe"
O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
O4 - HKLM\..\RunServices: [PGPSERVICE] C:\Program Files\Network Associates\PGP for Windows ME\PGPservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\REFRESH.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\WinfaxPro\WFXCTL32.EXE
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: Splash.lnk = C:\Program Files\Iomega\Tools\SPLASH.EXE
O4 - Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP for Windows ME\PGPtray.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: Exif Launcher.lnk = C:\FinePixViewer\QuickDCF.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.demon.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe

 

Hi OliverX669,

CWSHredder should take care of the hijack, but if any of the below are still there after running it.
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hugesearch.net/bar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hugesearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hugesearch.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hugesearch.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hugesearch.net/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hugesearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hugesearch.net/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hugesearch.net/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.demon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hugesearch.net/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hugesearch.net/bar.html

O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll

O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\FONTS\fonts.hta

Then reboot.

Regards,

Pieter

 

Hello again Pieter,

I can't thank you enough! Cwshredder has done the trick! I'll check out the details youv'e given me just to be sure.

That really was appreciated, I can't tell you how much and if there's anything I can ever do in return please don't hesitate to come back to me.

Thanks again.

Kind regards,

Oliver

 

Glad we could help, Oliver.

Stick around, learn some more and share your knowledge.

Regards,

Pieter