Go Back   Tech Support Forum > Microsoft Support > Internet Explorer Forum
Reload this Page my home page keeps changing

        
Join Tech Support Forum Today

Closed Thread
 
Thread Tools Search this Thread


Old 06-21-2009, 03:15 PM   #1
Registered Member
 
Join Date: Jun 2009
Posts: 4
OS: xp sp2 , vista sp2


Exclamation my home page keeps changing
my home page keeps changing no matter waht i do, i tried to do adware scans and ending processes but they dont work and i get random popups please help.
here is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:07 PM, on 6/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\slserv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS2\system32\conime.exe
C:\WINDOWS2\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Invoke Class - {CB72A80B-8A97-4ede-B442-D4C1F9DD1AE1} - C:\WINDOWS2\system32\dbpd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe

--
End of file - 4820 bytes

__________________
tompk12 is offline  
Old 06-22-2009, 05:40 PM   #2
Registered Member
 
Join Date: Jun 2009
Posts: 22
OS: XPP sp2, vista ultimate sp2, windows 7


Re: my home page keeps changing
Which page you get while opening IE

__________________
darfayaz is offline  
Old 06-24-2009, 04:11 PM   #3
Registered Member
 
Join Date: Jun 2009
Posts: 4
OS: xp sp2 , vista sp2


Re: my home page keeps changing
http://www.9348.cn/?205414
__________________
tompk12 is offline  
Old 06-24-2009, 04:13 PM   #4
Registered Member
 
Join Date: Jun 2009
Posts: 4
OS: xp sp2 , vista sp2


Re: my home page keeps changing
and when i do adware scan it says i got adware.rugo but after it removes it, it pops back up again. I tried th get rid of it but i cant find the reg or the files
__________________
tompk12 is offline  
Old 06-26-2009, 12:06 AM   #5
Registered Member
 
Join Date: Jun 2009
Posts: 4
OS: xp sp2 , vista sp2


Re: my home page keeps changing
i uninstall ie 8 and the hijackthis log is a bit different so here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:49 AM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\t.exe
C:\WINDOWS2\system32\slserv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS2\system32\monitorbk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS2\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: BHO Class - {67E4DD8F-F899-4b99-A5B2-C72445B5C962} - C:\WINDOWS2\system32\w8ykbps.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: fadey - Unknown owner - C:\WINDOWS2\system32\eob8.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe

--
End of file - 5432 bytes

any idea how to remove adware rugo
__________________
tompk12 is offline  
Old 06-27-2009, 10:40 AM   #6
TSF Team Emeritus
Microsoft Support
 
Geekgirl's Avatar
 
Join Date: Jan 2005
Location: Pennsylvania
Posts: 15,123
OS: XP Home SP3 x3 /XP Pro SP3/Vista Ultimate SP2/Win7 Pro 64-BIT


Re: my home page keeps changing
The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum.

The Security Forum no longer uses HijackThis as their initial analysis tool.

Please follow their pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help , as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your thread.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

__________________
Geekgirl is offline  
Closed Thread

« IE7 Going to different website | IE 8 no longer asking if I want to connect »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question




All times are GMT -7. The time now is 08:06 AM.

Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Service - Privacy - Privacy Statement - Top

Copyright 2001 - 2012, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security