hijacked please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wagon

Thread Starter
Joined
Sep 19, 2003
Messages
5
Something changed my homepage to globalfinder.com. I went in to regedit and changed start url and the likes but when I restart my computer, it goes back to globalfinder. Please help.

Logfile of HijackThis v1.97.2
Scan saved at 3:05:26 PM, on 9/19/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Alienware Support\Test_BS.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kent Mohler\My Documents\My eBooks\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://gateworld.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gateworld.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://gateworld.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gateworld.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gateworld.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://gateworld.net
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gateworld.net
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gateworld.net
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ProductivIT] "C:\Program Files\Alienware Support\Test_BS.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\System32\bootconf.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37845.5962037037
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C12AB8B-3B7C-4DF6-984E-06D2F4D9AF51}: NameServer = 205.166.61.160 205.166.61.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C12AB8B-3B7C-4DF6-984E-06D2F4D9AF51}: NameServer = 205.166.61.160 205.166.61.140
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top