Unable to change homepage

Welcome to Major Geeks!

You have a bunch of problems!

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Porformance services
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • ·þÎñÃû
  • Microsoft windows updata
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste Peoformance Logs into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • svcname
  • Windows updata
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Uninstall the CounterSpy trial program now since we are finished with it.


Also Uninstall the below old versions of Sun Java:
Java 2 Runtime Environment, SE v1.4.0_03

Are the below two lines things you setup and recognize. If not, add them to the list of things to fix with HijackThis.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.851733.cn/htm/goldip.htm?045
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL


Now run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
Note: Some of the below may no longer show! Just fix any that do show.
O23 - Service: ComputeeBrowser - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\system23.exe
O23 - Service: EvenSystem - Unknown owner - c:\Recycler\svchost.exe
O23 - Service: Porformance services (Peoformance Logs) - Unknown owner - C:\WINNT\system32\aa.exe (file missing)
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: ·þÎñÃû (svcname) - Unknown owner - C:\WINNT\system32\aa.exe (file missing)
O23 - Service: Microsoft windows updata (Windows updata) - Unknown owner - C:\WINNT\wupdmgr.exe (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Have a nice vacation! I'll be gone after tomorrow too for about 8 days!

I do recommend that you run this fix ASAP before using the PC too much or the problems could change and get much worse.