| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 43529 | 2004-03-17 19:55:00 | homepage changed by web | srm33 (3954) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 223350 | 2004-03-24 01:42:00 | > There may be something useful on this site if > anyone can translate from Dutch ?????? What site is in Dutch???? I must be missing something because I see no page written in Dutch anywhere. |
Fire-and-Ice (3910) | ||
| 223351 | 2004-03-24 01:45:00 | Ah. I was missing something - the page that Jim refers to in the Google search. That page turned up in my own research but the one I have linked to is in English and is more useful. The Dutch page could come in handy when checking out the HijackThis log however. ;-) |
Fire-and-Ice (3910) | ||
| 223352 | 2004-03-24 18:32:00 | OK here it is....... (and heres hoping!) Logfile of HijackThis v1.97.7 Scan saved at 18:53:00, on 21/03/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sophos\Remote Update\cachemgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\vaio media music server\SSSvr.exe C:\Program Files\sony\photo server 20\appsrv\PicAppSrv.exe C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe c:\Program Files\PestPatrol\ppcontrol.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\M1X6NA58\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - office.microsoft.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - download.microsoft.com O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - pgc.planet.nl O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - dialxs.nl O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - www.gamespot.com O17 - HKLM\System\CCS\Services\Tcpip\..\{31ECCE7B-422F-4DB6-85E8-8CB991F8103D}: NameServer = 195.121.1.34 195.121.1.66 |
srm33 (3954) | ||
| 223353 | 2004-03-24 22:58:00 | *Bump* I'm curious about this one, worst I've seen. :D |
mark c (247) | ||
| 223354 | 2004-03-24 23:55:00 | I cannot see much in that log that looks dodgy but close all programs, run HijackThis again and put ticks next to the following: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html Make sure nothing else is ticked then click Fix then restart your computer. Now go to Internet Explorer's Tools>Options and ensure that your desired homepage is listed then immediately go into Spybot and tick the box for locking the homepage. Let us know if that has solved your problem. |
Susan B (19) | ||
| 223355 | 2004-03-25 20:35:00 | Still comes back! Although cannot find in SpuyBot SD where to fix homepage. I will be using IE when suddenly slows up when going to new Favorite, and then changes homepage. ?? |
srm33 (3954) | ||
| 223356 | 2004-03-25 22:27:00 | Cursesed thing eh? OK here goes... 1/ Turn off System restore 2/ Go start-programs-accessories-system tools and use disk cleanup 3/ Open Internet Explorer, go tools-Internet options and under the heading "Temporary Internet files" click the "Delete Files" button. Run Hijack this and carry out what Susan said in her post and also delete the following pgc.planet.nl O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - dialxs.nl O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - As for Spybot.. go tools-IE Tweeks and tick the box there. Oh and you may have to click the "mode" on the top menu and switch to "Advanced" to access the tools menu. |
Pheonix (280) | ||
| 223357 | 2004-03-25 22:30:00 | Sorry, cut & paste wrong... should be O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - pgc.planet.nl O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - dialxs.nl |
Pheonix (280) | ||
| 223358 | 2004-03-25 22:42:00 | Just a suggestion, but you should consider downloading Easycleaner from here (www.majorgeeks.com) Use the, clear files, clear cookies,clear history, MRU and registry buttons. DONT use the duplicates or unnecessary files buttons, too easy to make a mistake and stuff up windows. Otherwise the buttons mentioned are quite safe. Use it after Hijackthis has deleted the files mentioned, especially the registry button. Should remove any other references to what was deleted. Now you can turn your restore back on. |
Pheonix (280) | ||
| 223359 | 2004-03-25 22:51:00 | It is still coming back?! Crikey, this is one mean hijack! :O OK, I'll post your Hijack log on another forum and see if they can help . In the meantime, run HijackThis again and get rid of those two entries if they have returned, then in Spybot (Advanced mode) you click on the Immunize button . There are three check boxes down the bottom of the page, put ticks in all of them but if Spybot warns you that you need to run it do that first . |
Susan B (19) | ||
| 1 2 3 4 5 | |||||