|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-16-2004, 07:45 PM
|
#1 |
|
Member (7 bit)
Join Date: Jul 2002
Posts: 95
|
Help, my deflault IE homepage address problem
It was used to be deflaulted www.yahoo.com
one day, I was browsing the web and this website popped up, then it changed my deflaut address. I changed many times, and it doesn't work once I reset the PC. this website offer an unintall program, but it doesn't help either. http://%72%69%76%69%65%72%61%2E%63%63 Last edited by weaponmaster; 04-16-2004 at 07:58 PM. |
|
|
|
04-16-2004, 09:59 PM
|
#2 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate". Then ........ Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan" Then...... Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files" Then......... Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot" Then...... click "proceed" to save your settings. Now to scan it´s just to click the "Scan" button. When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu) Then Download Spybot - Search & Destroy from http://security.kolla.de After installing, first press Online, and search for, put a check mark at, and install all updates. Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED |
|
|
|
|
04-16-2004, 10:01 PM
|
#3 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
if that doesnt help then
Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop). Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise |
|
|
|
|
04-17-2004, 01:23 AM
|
#4 |
|
Member (7 bit)
Join Date: Jul 2002
Posts: 95
|
Logfile of HijackThis v1.97.7
Scan saved at AM 1:23:49, on 17/4/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe G:\Program Files\Executive Software\Diskeeper\DkService.exe G:\Program Files\Norton AntiVirus\navapsvc.exe G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe G:\program Files\BitTorrent\btdownloadgui.exe G:\program Files\BitTorrent\btdownloadgui.exe G:\program Files\BitTorrent\btdownloadgui.exe G:\program Files\BitTorrent\btdownloadgui.exe G:\program Files\BitTorrent\btdownloadgui.exe D:\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - g:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - G:\program Files\Xi\Net Transport\NTIEHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - f:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [Zone Labs Client] G:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: Shortcut to Shortcut to Shortcut to SpywareGuard.lnk = G:\program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: Download all by Net Transport - G:\PROGRA~1\Xi\NETTRA~1\NTAddList.html O8 - Extra context menu item: Download by Net Transport - G:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Joyo (HKLM) O9 - Extra button: PowerWord (HKLM) O9 - Extra button: PowerWord (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11111111-2222-3333-4444-555555555555} - https://www.taxsimple.com/citrix/federal.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll |
|
|
|
|
04-17-2004, 10:38 AM
|
#5 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
first put high jack this into its own folder
run high jack this again close all browsers and fix these O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg these are otional O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - f:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot i dont see any sign of homepage highjacking goto your internet explorer settings and make sure it is set onto the home mage you want and then hit apply and ok let me know what happens |
|
|
|
|
04-17-2004, 10:51 PM
|
#6 |
|
Member (7 bit)
Join Date: Jul 2002
Posts: 95
|
i had changed the homepage address and clicked Apply many times, but once I reset my pc, it would go back to that site. I know Hijack doesn't show anything on the list, is there a registy I can look up?
I have a program call window washer, it can clear my cookie and internet temp file when I turn off my pc, so I don't how does it changes my address. Unless it has a program installed to my hard drive. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
