[mechnut]

Ok yesterday I noticed my browser was getting really slow. I ran Adaware and Spybot, both with current updates. Both programs found stuff which I deleted.It seemed like everything was ok and I decided to change my homepage to CNN.com and couldn't. I have ran HJT and deleted the first entry listing Iwon.com as the homepage. I ran regedit and reset the key in the registry to cnn.com. As soon as I close the key in the registry and reopen it, the iwon entry is back. Also as soon as I click fix in HJT and rescan the key returns. I have shutdown and started in safe mode and the key will delete and stay deleted until I restart.I have ran HJT in safe mode, and CWShredder as well as spybot. NO luck, I hope someone here will see what I am missing. I also boot logged both safemode and normal, 54 .sys files load in normal mode that do not load in safe mode. If I shutdown from safe mode and restart in safe mode the key does not return, but as soon as I restart normally it comes back. Below is the HJT log;

Logfile of HijackThis v1.98.2
Scan saved at 9:09:40 PM, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Art\LOCALS~1\Temp\Temporary Directory 3 for hijackthis1977.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav[/B]N3 - Netscape 7:
user_pref("browser.startup.homepage", "http://inside.arb.ca.gov/index.htm"); (C:\Documents and Settings\Art\Application Data\Mozilla\Profiles\default\0yyw4xsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[Advertisements]

Duplicate post. Continued here:
http://www.geekstogo...wtopic=5925&hl=

Topic closed.

[admin]

Duplicate post. Continued here:
http://www.geekstogo...wtopic=5925&hl=

Topic closed.