Solved

Cannot get rid of myhomelinkonline.com

Posted on 2006-11-18
13
1,372 Views
Last Modified: 2007-12-19
I have a laptop that runs ok but everytime I log onto my wireless I get the home page of "myhomelinkonline.com".  When I go into Internet Options my home page is "myearthlink.net" which is what I want.  I downloaded and ran "Ewido" both in live and in Safe Mode.   I tried to find this through "regedit" but came up with nothing.   Any ideas?
0
Comment
Question by:syssolut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 

Author Comment

by:syssolut
ID: 17971278
Also from the opening page that opens as "myhomelinkonline.com" I can type in Google.com or Yahoo.com and it proceeds to those pages, but when I type in "myearthlink.net" and try going to that location, it brings back the "myhomelinkonline.com" with other popups.  Ewido found about ten traces of spyware and cleaned them.
0
 
LVL 12

Assisted Solution

by:ibu1
ibu1 earned 150 total points
ID: 17971385
0
 
LVL 97

Expert Comment

by:war1
ID: 17971684
Greetings, syssolut !

1. Clear your DNS cache.  Go to Start > Run and type CMD
and hit OK.
At the command prompt, type ipconfig /flushDNS
and hit OK.

2. If no joy, check if your PC is redirecting the site.  Do a search for HOSTS file and open it with an editor like Notepad. Delete any line that has "myearthlink.net" in it.

HOSTS file is located in
Windows XP      =      C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K     =     C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98/ME     =     C:\WINDOWS

It is a hidden file. Go to any folder and select Tools > Folders Options > View. Check "Show hidden files and folders". Click OK.

3. If you are using Internet Explorer, check if the site is restricted or blocked.  Go to Tools > Internet Options > Security. Hightlight Restricted Sites and see if www.racingpost.co.uk is located there.

Also under Content tab > Content Advisor, check if the site is restricted there. Remove it.

4. Check if ZoneAlarm or Windows Defender or other antispyware programs have locked your homepage. Unlock it in those programs.

Best wishes!
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:syssolut
ID: 17975610
I have tried all the above, nothing worked.   Going to have to re-install.   Thanks
0
 
LVL 97

Expert Comment

by:war1
ID: 17975772
syssolut,

If you have not reinstall the OS, I like to see your HijackThis log.
0
 

Author Comment

by:syssolut
ID: 17975912
OK I will run the  hijack
0
 

Author Comment

by:syssolut
ID: 17975969
Here is the Hi Jack this:

Logfile of HijackThis v1.99.1
Scan saved at 8:22:14 PM, on 11/18/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myearthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [KPDRV4XP] C:\PROGRA~1\HEWLET~1\ONE-TO~1\KPDrv4Xp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

0
 
LVL 97

Accepted Solution

by:
war1 earned 200 total points
ID: 17976000
syssolut,

I ran an analysis of your HijackThis log at http://hijackthis.de  then saved the result and posted a link to the result here.  
http://hijackthis.de/logfiles/0c7376c570ba46a8943d3772f8b0eecc.html

Check the box next to the following items and have HijackThis "Fix Checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
0
 

Author Comment

by:syssolut
ID: 17976104
I checked the above items, and hit "fix checked", they were deleted and I rebooted, but it did not work.   Any other suggestions before I re-install.
0
 
LVL 97

Expert Comment

by:war1
ID: 17976370
Backup your data and reinstall.  Trying to remove the spyware would take too long.
0
 
LVL 97

Expert Comment

by:war1
ID: 17996812
sysolut, did reinstall fix the problem.
0
 
LVL 23

Assisted Solution

by:Mohamed Osama
Mohamed Osama earned 150 total points
ID: 18010901
open task manager , terminate any cases of setup.exe
tick the following entry for removal in hijack this
O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe
start>run>%temp%
delete everything in sight , reboot , retry the deletion of temp contents again because most propably you will experience errors .
hopefully its gone
0
 

Author Comment

by:syssolut
ID: 18192581
Unfortunately I had to return laptop before it was fixed.   I appreciate all the help
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month7 days, 7 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question