• We've upgraded our forums. Please post any issues/requests in this thread.

why cant i change my homepage..

Joined
Dec 2, 2005
Messages
704
Likes
30
Location
Chicago
System Name Woot
Processor AMD FX-9590
Motherboard ASUSTeK m5a99fxpro r2.0
Cooling Corsair H100i gtx
Memory 24GB G.SKILL PC3-12800
Video Card(s) MSI GTX 970GTX
Storage 2X 256GB SANDISK SSD 3X1TB MIXED HD
Display(s) 2x 32" Sony LCD
Case CoolerMaster Storm Trooper
Audio Device(s) 5.1 Surround Onboard
Power Supply Corsair 750W
Mouse Junk
Keyboard Junk
Software Windows 10 Pro x64
Benchmark Scores Anti-Gigabyte rig!
#1
hey,
i got infected with a damn virus the other day and i got it all cleaned up but one thing, my internet explorer homepage is stuck on the following one. as soon as i start internet explorer i get this:



and this:

 
Joined
Dec 2, 2005
Messages
704
Likes
30
Location
Chicago
System Name Woot
Processor AMD FX-9590
Motherboard ASUSTeK m5a99fxpro r2.0
Cooling Corsair H100i gtx
Memory 24GB G.SKILL PC3-12800
Video Card(s) MSI GTX 970GTX
Storage 2X 256GB SANDISK SSD 3X1TB MIXED HD
Display(s) 2x 32" Sony LCD
Case CoolerMaster Storm Trooper
Audio Device(s) 5.1 Surround Onboard
Power Supply Corsair 750W
Mouse Junk
Keyboard Junk
Software Windows 10 Pro x64
Benchmark Scores Anti-Gigabyte rig!
#2
can someone please tell me how to fix this!!!
 

bigboi86

New Member
Joined
Apr 8, 2006
Messages
1,442
Likes
30
Location
techPowerUp!
System Name Just getting started....
Processor Athlon II Propus 620 @ 3.51ghz (quad core) L3 cache enabled
Motherboard ASUS M4A785TD-V EVO
Cooling Cooler Master Hyper 212 (great heatsink, 40c max load overclocked)
Memory Kingston HyperX DDR31600 4gb 2x2
Video Card(s) ATI Radeon HD 4850 by XFX
Storage Western Digital Caviar Blue WD3200AAKS 320GB SATA
Display(s) Acer 21.5 inch viewable G215H 1920x1080p, AOC 22inch 1680x1050
Case Antec 300, stock for now
Audio Device(s) Onboard, Turtle Beach headphones / crappy logitech desktop speakers
Power Supply Corsair 650 watt PSU <3
Software Windows 7 x64
#3
First off, run Adaware SE and maybe spybot.

Clean your system, then see if you can change it.

Post your processes list.
 
Last edited:
Joined
Dec 2, 2005
Messages
704
Likes
30
Location
Chicago
System Name Woot
Processor AMD FX-9590
Motherboard ASUSTeK m5a99fxpro r2.0
Cooling Corsair H100i gtx
Memory 24GB G.SKILL PC3-12800
Video Card(s) MSI GTX 970GTX
Storage 2X 256GB SANDISK SSD 3X1TB MIXED HD
Display(s) 2x 32" Sony LCD
Case CoolerMaster Storm Trooper
Audio Device(s) 5.1 Surround Onboard
Power Supply Corsair 750W
Mouse Junk
Keyboard Junk
Software Windows 10 Pro x64
Benchmark Scores Anti-Gigabyte rig!
#4
here it is
--------
Logfile of HijackThis v1.99.1
Scan saved at 4:32:42 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe
C:\Program Files\Realtek\Realtek Wireless LAN Utility\RtWLan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpDEC0.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Realtek Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137648497732
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Admin\Desktop\PRIME95.EXE (file missing)
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Dec 2, 2005
Messages
704
Likes
30
Location
Chicago
System Name Woot
Processor AMD FX-9590
Motherboard ASUSTeK m5a99fxpro r2.0
Cooling Corsair H100i gtx
Memory 24GB G.SKILL PC3-12800
Video Card(s) MSI GTX 970GTX
Storage 2X 256GB SANDISK SSD 3X1TB MIXED HD
Display(s) 2x 32" Sony LCD
Case CoolerMaster Storm Trooper
Audio Device(s) 5.1 Surround Onboard
Power Supply Corsair 750W
Mouse Junk
Keyboard Junk
Software Windows 10 Pro x64
Benchmark Scores Anti-Gigabyte rig!
#5
guy im glad to announce, that i, first time ever, solved a problem myself!!! for all of you that are experiencing this problem, the following values have to be fixed with hijackthis:

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpDEC0.tmp
 

Rapsey

New Member
Joined
Jun 17, 2006
Messages
6
Likes
0
Location
Belgium
Processor AMD Athlon64 X2 4200+ S939 (Dual Core)
Motherboard Gigabyte GA K8NF9 S939 nForce 4, 4x FSB800, Sata, Raid64, PCI-E, FW
Memory 1Gb PC533-4200 DDR2
Video Card(s) ATI Radeon X1300 PCI-E 512Mb
Storage Seagate 200Gb Barracuda 7200rpm 8Mb Cache
Display(s) Philips LCD 19" 190S6FS Silver 8ms
Case Chieftec ATX P4 Miditower (black/silver)
#6
Same problem

Hi, I have exactly the same problem, but i cant find lines you said in my HiJackThis log..

Here's my log, thankx for checking!


Logfile of HijackThis v1.99.1
Scan saved at 11:17:06, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\AOL\1147198458\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dc7b5c02.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Devos Dirk\Mijn documenten\Jeroen\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqqqqp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147198458\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dc7b5c02.exe] C:\WINDOWS\system32\dc7b5c02.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dc7b5c02.exe] C:\Documents and Settings\Devos Dirk\Local Settings\Application Data\dc7b5c02.exe
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\Devos Dirk\Local Settings\Temporary Internet Files\Content.IE5\C39N6I31\UDefender_Installer[1].exe" continue
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144788915687
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://selfcare.belgacom.net/static/pc/dlbridgesy/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: urqqqqp - C:\WINDOWS\SYSTEM32\urqqqqp.dll
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\SYSTEM32\winwly32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
 
Joined
Jan 15, 2005
Messages
5,458
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#7
Ok, get Ad-Aware and Spybot and run those. The things from your list I recommend that your remove are hp100.tmp, urqqqqp.dll, dc7b5c02.exe, winwly32.dll because I either can't find anything on them in google or they're recognised as possible trojans or spyware. And do a virus scan too.
 

Rapsey

New Member
Joined
Jun 17, 2006
Messages
6
Likes
0
Location
Belgium
Processor AMD Athlon64 X2 4200+ S939 (Dual Core)
Motherboard Gigabyte GA K8NF9 S939 nForce 4, 4x FSB800, Sata, Raid64, PCI-E, FW
Memory 1Gb PC533-4200 DDR2
Video Card(s) ATI Radeon X1300 PCI-E 512Mb
Storage Seagate 200Gb Barracuda 7200rpm 8Mb Cache
Display(s) Philips LCD 19" 190S6FS Silver 8ms
Case Chieftec ATX P4 Miditower (black/silver)
#8
Norton and Spybotscan done already. I will download Ad-Aware now (lets hope it doesnt conflict with other programs)

And i'll remove the files after i scanned. Thanks!
 

Rapsey

New Member
Joined
Jun 17, 2006
Messages
6
Likes
0
Location
Belgium
Processor AMD Athlon64 X2 4200+ S939 (Dual Core)
Motherboard Gigabyte GA K8NF9 S939 nForce 4, 4x FSB800, Sata, Raid64, PCI-E, FW
Memory 1Gb PC533-4200 DDR2
Video Card(s) ATI Radeon X1300 PCI-E 512Mb
Storage Seagate 200Gb Barracuda 7200rpm 8Mb Cache
Display(s) Philips LCD 19" 190S6FS Silver 8ms
Case Chieftec ATX P4 Miditower (black/silver)
#9
Yay

Scanned everything, still there..

Removed what you said, and it worked! :) Thanks man i love you ^^
 
Joined
Jan 15, 2005
Messages
5,458
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#10
No problem, glad it's all working again.
 

sOwL

New Member
Joined
Jul 24, 2006
Messages
2
Likes
0
#11
ok rapsey and karolpl2004. Check line 020 and this winlogon thing. win***32.dll is a virus i had, it has files also in temp folder (win***.tmp.exe and some *.tmp files).

ok this was just a quick notice to what i read. ill post my problem now:
once a turkish site poped up and then i got my homepage changed. i hijacked and i manually deleted 2 files:

R0: - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vatlanar.com/?gel=


R0: - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vatlanar.com/?gel=

which are the same. ok the thing is. before i hijack, i couldnt change the page because it said me "some settings are managed by your system adminstrator". I AM the admin of my pc (just to know) and now i deleted these 2 items my homepage changed to about:blank but still cant edit. Any way to avoid hurting the registry? (coz im a crazy bitch)
 
Joined
Sep 12, 2006
Messages
3
Likes
0
#12
Help Me

i just got a new laptop and it wont let me change the homepage for IE its BRANE NEW how could it have a virus?? PLZ HELP:banghead:
 
Joined
Sep 12, 2006
Messages
3
Likes
0
#13
i also have norton security system on my comp i never trusted it and now even less could norton be blocking my changes?? i already disabled the hompage blocker Y ISNT IT LETTIG ME CHANGE IT GRRRRRRRRRRRR PLZ HELP ME!!!!!! I HATE NORTON!!!!!! :banghead:
 
Joined
Feb 7, 2006
Messages
1,838
Likes
7
Location
Boston
Processor AMD X2 AM2+
Memory 2GB DDR2
Video Card(s) 7900gto
Storage 80GB+120GB 7200RPM IDE + 250GB SATA2 + 500GB SATA2
Display(s) 26" 1920x1200
Case Antec Nine Hundred
Audio Device(s) OnBoard
Power Supply Ultra 600W with X-Connect
Software Vista Ultimate
#14
first things first, use firefox

and try setting it's homepage

maybe you have something that only attacks ie, and firefox is safer anyways

do that first
 
Joined
Jan 29, 2006
Messages
9,066
Likes
287
Location
My house.
Processor AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard Gigabyte sumthin-or-another, it's got an nForce 430
Cooling Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory 2GB G.Skill DDR2 800
Video Card(s) Sapphire X850XT @ 580/600
Storage WD 160 GB SATA hard drive.
Display(s) Hanns G 19" widescreen, 5ms response time, 1440x900
Case Thermaltake Soprano (black with side window).
Audio Device(s) Soundblaster Live! 24 bit (paired with X-530 speakers).
Power Supply ThermalTake 430W TR2
Software XP Home SP2, can't wait for Vista SP1.
#15
Joined
Feb 7, 2006
Messages
1,838
Likes
7
Location
Boston
Processor AMD X2 AM2+
Memory 2GB DDR2
Video Card(s) 7900gto
Storage 80GB+120GB 7200RPM IDE + 250GB SATA2 + 500GB SATA2
Display(s) 26" 1920x1200
Case Antec Nine Hundred
Audio Device(s) OnBoard
Power Supply Ultra 600W with X-Connect
Software Vista Ultimate
#17
mozilla firefox is a web browser that you can use in lieu of internet explorer. it is not as prone to security issues as IE, and generally preferred by those who use it. plus it's free :D
 

b1lk1

New Member
Joined
May 4, 2005
Messages
688
Likes
17
Location
Ontario, Canada
System Name Money pit
Processor Q2Q Q8300
Motherboard ASUS P5E3 deluxe WIFI AP@N
Cooling 120.2/Swiftech655/Apogee GT/DD Fillport & res
Memory OCZ PC3-1333MHZ 2X1GB/Kingston HYPERX PC3-1325MHz
Video Card(s) Sapphire HD4830
Storage Seagate 7200.11 1TB
Display(s) Dell 2209WA
Case some crap 5 year old generic modded case
Audio Device(s) X-FI fagtality
Power Supply PC P&C 510W
Software Vista Premium 64
#18
Uninstall Norton right away. That is the worst garbage junk piece of crap software ever invented to not actually protect your PC and still suck tons of system resources ever. It is horrible, junk and no good. AVG free is far superior and far more system friendly. I woul not install Norton/McaFee even if they were free.
 
Joined
Jan 29, 2006
Messages
9,066
Likes
287
Location
My house.
Processor AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard Gigabyte sumthin-or-another, it's got an nForce 430
Cooling Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory 2GB G.Skill DDR2 800
Video Card(s) Sapphire X850XT @ 580/600
Storage WD 160 GB SATA hard drive.
Display(s) Hanns G 19" widescreen, 5ms response time, 1440x900
Case Thermaltake Soprano (black with side window).
Audio Device(s) Soundblaster Live! 24 bit (paired with X-530 speakers).
Power Supply ThermalTake 430W TR2
Software XP Home SP2, can't wait for Vista SP1.
#19
First order of business once my main computer is back online- writing an article all about securing your PC for free :).
 

sOwL

New Member
Joined
Jul 24, 2006
Messages
2
Likes
0
#20
you are all wrong. go to regedit.exe and try to delete all the ie policies and the problem will dissapear
 
Joined
Aug 5, 2006
Messages
557
Likes
1
Location
at my pc
Processor P4 2.8
Motherboard Intel D865PERL
Memory 2x512 Ballistix DDR400
Video Card(s) GeForce 5200
Storage Maxtor 120GB
Power Supply Allied 300w 10A
#21
SOMEONE DELETE/EDIT THAT!!!!! ^^^ If you do that IE won't work at all
...
I think.
 
Joined
Jan 15, 2005
Messages
5,458
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#22
you are all wrong. go to regedit.exe and try to delete all the ie policies and the problem will dissapear
So all of us are wrong? What you suggest sounds very risky, especially as you can't confirm what is wrong. I'd recommoned against this too.
 
Joined
Jan 23, 2006
Messages
1,455
Likes
43
Location
The 13th room on the 13th floor of the 13th buildi
Processor custom dupont risk chip cpu prototype
Motherboard custom ibm x5 solid state carbon mainboard
Cooling industrial technologies prototype dupont custom heat transfer unit
Memory 6x 2gig prototype ecc hnc ddr4
Video Card(s) prototype low energy version nvidia 9 series unnumberd card
Storage 1tb solid state hdd
Display(s) 44 inch samsung plasma screen tv/monitor
Case custom ibm mobile home server case
Audio Device(s) custom Yamaha sound processing processor in spm format
Power Supply 1200watt deli cord custom made dupont type psu
Software sun unix/windows type v
#23
can someone please tell me how to fix this!!!
ive seen this before, have you fully updated windows and enabled the windows firewall?

you may need to reinstall windows or try an alternate antivirus, you may have been infected with quite possibly the most annoying brower hijacker ever made
 
Joined
May 27, 2005
Messages
3,651
Likes
341
Location
Little Rock Arkansas, United States
System Name Monolith
Processor Intel Xeon E3110 Wolfdale@3.5GHz
Motherboard MSI P35-Neo
Cooling Active Air
Memory 4GB DDR2 800
Video Card(s) Sapphire HD 3850 512MB PCI-E
Storage 1 x 80GB Internal, 1 x 250GB Internal, 1 x 40GB External
Display(s) Acer X203w
Case Generic black case with locking front bezel
Audio Device(s) Creative SB Audigy 2 ZS
Power Supply 500 Watt Seasonic M12
Software Windows 7 Ultimate x64
#24
sOwL, please do not intentionally post methodology that can harm other people computers. Sometimes even if it's a joke, if it's to subtle someone might do it.
 

SeeK

New Member
Joined
Mar 22, 2006
Messages
138
Likes
2
Location
Edinburgh, UK
Processor AMD Phenom II X4 955
Motherboard ASUS Sabertooth 990FX
Cooling Corsair H60
Memory Corsair XMS3 PC3-12800C9
Video Card(s) CF 2x Sapphire HD5850 Extreme
Storage Samsung SP2504C
Display(s) BenQ G2222HDL
Case CoolerMaster Centurion 5
Audio Device(s) Creative X-Fi Titanium
Power Supply Corsair AX750
Software Windows 7 Ultimate x64
#25
Adware/Spyware... another virus... mine did that when I had some kind of malware. Run AdAware.