IE Homepage - Help!

  Pillo 18:03 22 Jul 2006
Locked

I'm running WindowsXP Home with SP2 and all the latest updates. My homepage in IE has been Hijacked and I can't get rid of it. The title of the homepage says "Security Centre" and the address is click here. I've tried everything. I run AVG, SpyBot S&D, Ad-Aware, Microsoft Defender. I've tried CWShredder aswell, all to no avail.
Any suggestions would be appreciated.

  VoG II 18:04 22 Jul 2006

Run HJT click here and post a log on the MWR forum click here

  Gongoozler 18:07 22 Jul 2006

See if the advice given here helps click here

  Pillo 18:19 22 Jul 2006

Part1 of Logfile follows:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:06, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Nero 6.6\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe
C:\Applications\Nero 6.6\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Applications\CloneCD\CloneCDTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\Temporary Directory 1 for

hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} -

C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop

Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop

Wireless\kb_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVD43] C:\APPLIC~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [RemoteControl] "C:\Applications\CyberLink\PowerDVD

6.0\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Applications\Nero 6.6\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Applications\CloneCD\ElbyCheck.exe"

/L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Applications\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\applications\spguard\spguard.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download

Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

  Pillo 18:19 22 Jul 2006

Part 2:

C:\Applications\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected]

800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\APPLIC~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - click here
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile

Manager Class) - click here
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

click here

ite.cab?1146441878685
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

click here

_site.cab?1146442008912
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) -

click here
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F35233AA-29E8-4FFD-9B56-43C0FB31B8D5}:

NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} -

C:\WINDOWS\system32\mzoeut.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Applications\Nero

6.6\InCD\InCDsrv.exe

  VoG II 18:20 22 Jul 2006

On the MWR forum click here where the experts on hijacks hang out.

  Pillo 18:22 22 Jul 2006

Sorry. doing it now.

  Pillo 11:14 03 Aug 2006

Thanks to both of you. Your link was spot on. It's an excellent site.
Thanks again.

  Pillo 11:14 03 Aug 2006

Thanks to both of you. Your link was spot on. It's an excellent site.
Thanks again.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

What is ransomware and how do I protect my PC from Petya?

Microsoft Surface Studio – the artist's hands-on review

Original iPhone review

Comment mettre à jour Kodi ?