Unable to change homepage

Hey Guys

I have the problem again. I have tried every application, followed the instructions on here etc and I still can sort it. I think I need specific help. Any help at all would be greatly appreciated cos this problem is really really starting to annoyed me now.

Thanks in advance

Rileyman

 

Hi rileyman,

Your HijackThis is way out of date and in the wrong folder. Please follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will take a look at your new log when they get a chance.

ALSO: Please download the following tool:Pocket KillBox

Best
PP

 

Ok then this is the new log. Cheers for your help in advance.

Chris

 

Hi Chris,

C:\Program Files\Power Center\pwcenter.EXE ---> I don’t know what this is – That doesn’t mean it is bad, though.

C:\WINDOWS\System32\msn.exe ----> I believe this is the W32.Simic.Worm or W32.Flita virus At any rate, it strikes me as wrong for this to be in the System32 folder.


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

FIRST:
Run Pocket Killbox and select the Delete on Reboot option. Then, Copy and Paste the following into the Box: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

Then, Click Delete (red X) and then Yes or OK until your machine reboots.

THEN, navigate to C:\WINDOWS\System32\liedb96ltiru8ddll.dll and verify that this is the correct path for the DLL.
If it is not there, try looking for it here: C:\WINDOWS\liedb96ltiru8ddll.dll

After you find the correct path, run Pocket Killbox and again choose the Delete on Reboot option. Navigate to liedb96ltiru8ddll.dll and press the Delete button (red X) and then Yes or OK until your machine reboots.

After your machine reboots, navigate to where the file should be and make sure it is gone. If it remains, repeat the process until it dies.

THEN, scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL

O4 - HKLM\..\Run: [MSN] msn.exe

O4 - HKLM\..\RunServices: [MSN] msn.exe

O4 - HKCU\..\Run: [MSN] msn.exe

O4 - HKCU\..\RunServices: [MSN] msn.exe

O4 - Global Startup: winlogin.exe

O20 - AppInit_DLLs: liedb96ltiru8ddll.dll.dll.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE the following if it should somehow remain:
C:\WINDOWS\System32\W8C6S4~1.DLL

C:\WINDOWS\System32\msn.exe ---> Try renaming this msn.bad for the time being, in case it is indeed legit.

Reboot to Normal Windows and Scan with HijackThis and attach that log. I’ll try to check back when I get a chance.

Best Luck
PP