hijacked homepage

By eps49 · 9 replies
Jan 4, 2006
  1. Hi,
    My homepage gets changed to about:Blank with a little search window in the center with a bunch of links under it ( see attached Image), also just about everytime I do a search on a web page I'll get a small pop up window asking me if I want to search for that particular thing that I typed. (I also see on the bottom bar of the window that the window constantly tries to connect to

    Please help, I also attached my HiJack this log.

  2. IronDuke

    IronDuke TS Rookie Posts: 856

  3. eps49

    eps49 TS Rookie Topic Starter

    Didn't work

    I followed all the info at those links & It's still there, Please review the attached file that was saved while in safe mode.

  4. vhunter

    vhunter TS Rookie Posts: 84

    If you save a log in Safe Mode, chances are that the files needed to know what's wrong won't be there.

    Spybot Search & Destroy has an Internet Explorer plugin that prevents the changing of homepages and search pages. Try running that.

    Also, consider switching to Firefox or Opera.
  5. eps49

    eps49 TS Rookie Topic Starter

    New File

    Please see the new hijackthis log file, I activated the IE tweak from spybot & it did nothing, also I used to use Firefox, however it slowed my computer to a crawl so I stopped using it.

    Thanks for any help.
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode, and turn off system restore.

    Open your task manager, and end task for(if there)


    Run HJT with no other programmes open, and let HJT fix the following.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\muxen.dll/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\muxen.dll/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\muxen.dll/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\muxen.dll/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\muxen.dll/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\muxen.dll/
    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - C:\WINDOWS\system32\winag.dll

    O4 - HKLM\..\Run: [winfr32.exe] C:\WINDOWS\system32\winfr32.exe

    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netei32.exe (file missing)

    Close HJT, and go into the following directories. Delete the bold files(if there)


    Reboot your computer, and turn system restore back on.

    Regards Howard :)
  7. eps49

    eps49 TS Rookie Topic Starter


    Thanks for the quick reply,

    I have played around with some files & I got rid of this crap manually, then I did the Hijackthis thing you said before I saw your reply & I believe (Hope) it's all gone, my startpage is back to normal.

    Now what I have done is, I worked with Microsoft Antispyware program, running (Big Help), Task Manager window & Win32 window, open together along with the Google homepage, I then googled every file that was created since the problem began & anything suspicious I ended task (if it was a running process) then deleted it from the win32 folder (including bad .dll files), then when Microsoft Anti... asked to allow or block the program I always said Block, it took about a half hour because it tried to run a bunch of different programs & I believe I stopped and deleted all of them, then I ran a hijackthis scan & fixed all the things that looked bad & it's all good now. Obviously emptied the temp, prefetch folders, etc.

    Thanks, For your help.
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run another HJT scan, and see if any of the entries I listed above are still there.

    If they are, then just follow the instructions I gave you.

    If not. Well done.

    Regards Howard :)
  9. eps49

    eps49 TS Rookie Topic Starter


    I ran another HJT scan and it looks clean except for 023 netei32.exe (file missing), fix it does nothing, however, either we got rid of the problems or they are being blocked by Microsoft anti spyware. See attached new HJT log file.

    Thanks Again
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry I forgot to include.

    023 entries need the following in order to get rid of them because they run as services.

    Click start/run, and type services.msc into the run box, and press enter.

    When the services window opens, maximise it, and scroll through the list untill you find the entries you are looking for. Once you find it, right click on it and select stop if it`s running. Then select properties, and set the startup type to disabled. click apply/ok, and restart your computer.

    Once again sorry for not mentioning that earlier.

    BTW. I can confirm that you latest HJT log is clean.

    Regards Howard :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...