my home page keeps changing

tompk12 · 06-21-2009, 04:15 PM

my home page keeps changing no matter waht i do, i tried to do adware scans and ending processes but they dont work and i get random popups please help.
here is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:07 PM, on 6/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\slserv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS2\system32\conime.exe
C:\WINDOWS2\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Invoke Class - {CB72A80B-8A97-4ede-B442-D4C1F9DD1AE1} - C:\WINDOWS2\system32\dbpd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe

--
End of file - 4820 bytes

darfayaz · 06-22-2009, 06:40 PM

Which page you get while opening IE

tompk12 · 06-24-2009, 05:11 PM

http://www.9348.cn/?205414

tompk12 · 06-24-2009, 05:13 PM

and when i do adware scan it says i got adware.rugo but after it removes it, it pops back up again. I tried th get rid of it but i cant find the reg or the files

tompk12 · 06-26-2009, 01:06 AM

i uninstall ie 8 and the hijackthis log is a bit different so here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:49 AM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\t.exe
C:\WINDOWS2\system32\slserv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS2\system32\monitorbk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS2\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: BHO Class - {67E4DD8F-F899-4b99-A5B2-C72445B5C962} - C:\WINDOWS2\system32\w8ykbps.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: fadey - Unknown owner - C:\WINDOWS2\system32\eob8.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe

--
End of file - 5432 bytes

any idea how to remove adware rugo

Geekgirl · 06-27-2009, 11:40 AM

The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum.

The Security Forum no longer uses HijackThis as their initial analysis tool.

Please follow their pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help , as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your thread.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

06-21-2009, 04:15 PM	#1 (permalink)
tompk12 Registered User Join Date: Jun 2009 Posts: 4 OS: xp sp2 , vista sp2	my home page keeps changing my home page keeps changing no matter waht i do, i tried to do adware scans and ending processes but they dont work and i get random popups please help. here is my hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:07 PM, on 6/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS2\System32\smss.exe C:\WINDOWS2\system32\winlogon.exe C:\WINDOWS2\system32\services.exe C:\WINDOWS2\system32\lsass.exe C:\WINDOWS2\system32\svchost.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\spoolsv.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\slserv.exe C:\WINDOWS2\system32\svchost.exe C:\WINDOWS2\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Lenovo\EnergyCut\utilty.exe C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe C:\WINDOWS2\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS2\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS2\system32\conime.exe C:\WINDOWS2\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Invoke Class - {CB72A80B-8A97-4ede-B442-D4C1F9DD1AE1} - C:\WINDOWS2\system32\dbpd.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe -- End of file - 4820 bytes

06-22-2009, 06:40 PM	#2 (permalink)
darfayaz Registered User Join Date: Jun 2009 Posts: 22 OS: XPP sp2, vista ultimate sp2, windows 7	Re: my home page keeps changing Which page you get while opening IE

06-24-2009, 05:11 PM	#3 (permalink)
tompk12 Registered User Join Date: Jun 2009 Posts: 4 OS: xp sp2 , vista sp2	Re: my home page keeps changing http://www.9348.cn/?205414

06-24-2009, 05:13 PM	#4 (permalink)
tompk12 Registered User Join Date: Jun 2009 Posts: 4 OS: xp sp2 , vista sp2	Re: my home page keeps changing and when i do adware scan it says i got adware.rugo but after it removes it, it pops back up again. I tried th get rid of it but i cant find the reg or the files

06-26-2009, 01:06 AM	#5 (permalink)
tompk12 Registered User Join Date: Jun 2009 Posts: 4 OS: xp sp2 , vista sp2	Re: my home page keeps changing i uninstall ie 8 and the hijackthis log is a bit different so here it is Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:49 AM, on 6/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS2\System32\smss.exe C:\WINDOWS2\system32\winlogon.exe C:\WINDOWS2\system32\services.exe C:\WINDOWS2\system32\lsass.exe C:\WINDOWS2\system32\Ati2evxx.exe C:\WINDOWS2\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS2\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS2\system32\spoolsv.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\t.exe C:\WINDOWS2\system32\slserv.exe C:\WINDOWS2\system32\svchost.exe C:\WINDOWS2\system32\Ati2evxx.exe C:\WINDOWS2\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Lenovo\EnergyCut\utilty.exe C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe C:\WINDOWS2\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS2\system32\ctfmon.exe C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS2\system32\monitorbk.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS2\system32\conime.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS2\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: BHO Class - {67E4DD8F-F899-4b99-A5B2-C72445B5C962} - C:\WINDOWS2\system32\w8ykbps.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKLM\..\Policies\Explorer\Run: [669b] rundll32 "C:\WINDOWS2\Downlo~1\669b.dll",Run O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241187705828 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe O23 - Service: fadey - Unknown owner - C:\WINDOWS2\system32\eob8.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS2\SYSTEM32\slserv.exe -- End of file - 5432 bytes any idea how to remove adware rugo

06-27-2009, 11:40 AM	#6 (permalink)
Geekgirl Assistant Manager, Microsoft Support Join Date: Jan 2005 Location: Six-burgh, Pennsylvania Posts: 14,117 OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7	Re: my home page keeps changing The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum. The Security Forum no longer uses HijackThis as their initial analysis tool. Please follow their pre-posting process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through *all* the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help , as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your thread. Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. __________________ Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM *The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!!* *The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!*