1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cannot change my home page

Discussion in 'Virus & Other Malware Removal' started by markrn, Sep 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    I have ran Hijack this and below is my log. Could someone please let me know what to do next? Thanks.

    Logfile of HijackThis v1.98.2
    Scan saved at 2:26:57 AM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Mnewell\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    C:\WINDOWS\System32\wpabaln.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09b04b0fae7091bbaf21/netzip/RdxIE601.cab
     
  2. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    Need help please. the internet option under tools in IE for changing my home page is all grayed out. I can not change my home page. Pasted below is my hijackthis log. I would appreciate if someone could tell me if they see anything wrong. Thanks.


    Logfile of HijackThis v1.98.2
    Scan saved at 8:03:45 AM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\HIjackthis\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09b04b0fae7091bbaf21/netzip/RdxIE601.cab
     
  3. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Hello markrn. Welcome to the TSG.

    Can you tell me what changes you have done so far?
     
  4. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Stay in the other thread and don't make anymore changes (n)
     
  5. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    Haven't made any changes since the problem first occured other than to run spybot and I moved hijackthis.exe out of the temp folder to c:\hijackthis folder.
    Thanks
     
  6. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    I suggest you do this:

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09b04b0...ip/RdxIE601.cab

    1. Open My Computer
    2. Right click on your hard drive that you wish to clean (C drive, for example)
    3. In the context menu that opens, select properties
    4. Under the general tab you should select Disk Cleanup
    5. Windows will scan your drive which will take a few seconds/minutes
    6. A box will display the various files you can remove.
    Check all boxes except compress old files
    7. Click OK and windows will comply.

    Restart your computer.

    Press the F8 key until the startup menu appears.

    Choose the Safe Mode option then press Enter.

    PosT a new HijackThis log
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,880
    I have merged the two threads together. Please do not start new threads for the same problem but keep replying to this one.

    Thank you.
     
  8. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    Will do, sorry about that.
     
  9. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    Thanks. Fixing those items you mention:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09b04b0...ip/RdxIE601.cab

    Did the trick .

    Thanks again!!
     
  10. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Please post a new HJT log! Lets be sure of what you have.

    If you don't want to do that then at least do this;

    Open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link bellow for SpywareBlaster, download, install and update. Check for updates weekly. Still in Spybot, click tools in the left pane, then click IE tweaks and at least lock the HOSTS file. Then download and install IESpyads.

    That will give you an added layer of protection against unwanted parasites.
     
  11. markrn

    markrn Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    6
    New HJT log:

    Logfile of HijackThis v1.98.2
    Scan saved at 12:55:04 PM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\HIjackthis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiderinsider.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiderinsider.com
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

    Thanks for the help. Let me know if you see any other problems.
     
  12. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    I suggest you do this:

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

    Go Here and get a Free AVG. This is a very good free anti_virus program :cool:

    Post another HJT log.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272684

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice