Can't change settings

Spyware is restricting your registry setting that allows you to change your website.

Remove anything from Add-Remove programs you dont use or looks suspicious.

Download anti-spyware programs like Spybot and Adaware from www.download.com, update them, run them, delete all spyware.

Update your anti-virus software, run it.

Download HijackThis, submit a log for someone here to look at.

Read the info on all of this in the Viruses, Spyware & other Nasties Forum for more information.

I was already running all those spy/ad ware programs so I ran hijack this which gave me this log

Logfile of HijackThis v1.99.1
Scan saved at 5:15:14 PM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portadelaidefc.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\GiPo@FileUtilities\mount.exe /z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Chrysanth Email Notifier] C:\Program Files\Chrysanth\NETime\Email Notifier\CSMailManager.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122077719535
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D350EE-525E-4E0C-9079-339B6F968CF6}: NameServer = 203.0.178.191,203.10.1.9
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

so what now?

Use Hijackthis to remove these ones...reboot and check...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portadelaidefc.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The rest on the list are fine, you can add them to the ignore list if you like, makes things easier for future checks.

If it still doesnt work, check if the above have reappeared after reboot...

Please help me

I can't change my homepage and used every option.
I did everything to change my homepage but it is
still going back to the previous one. Whats more interesting was when I tried to change the startup programs in the msconfig that might be affecting the homepage they went back to the original ones as soon as I restarted the computer. It's like everything I try to change it keeps going back to what it was.

What should I do?

It is infected with CWS. Download CW Shredder http://www.intermute.com/spysubtract/cwshredder_download.html and scan with it

Can u tell us which page it is directing too.

It is infected with CWS. Download CW Shredder http://www.intermute.com/spysubtract/cwshredder_download.html and scan with it

Can u tell us which page it is directing too.

I ran this program and it found nothing and it's not actually redirecting it just won't let me change my homepage from what i put it on originally

Use Hijackthis to remove these ones...reboot and check...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portadelaidefc.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The rest on the list are fine, you can add them to the ignore list if you like, makes things easier for future checks.

If it still doesnt work, check if the above have reappeared after reboot...

Did this, rebooted, tried to ignore it and anything else that the program does but these 2 bastards just keep coming back

"R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portadelaidefc.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
"

Any ideas?

1. In SpyBot S&D, go to the "Immunize" section.
Is "Lock IE Start Page Settings" ticked?
If so, uncheck it.

2. Re-enable the restricted homepage by making a small change in the Windows registry.

Go to START, RUN, type in: Regedit

Then navigate to this key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

In the right-hand pane, right-click the "HomePage" value, then select Modify. Change it to: 00 00 00 00

Also change either or these to zero 0 instead of 1 if present:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001

If you don't have this key, browse to:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

and in the right hand pane, double click "Local Page" and set equal to "C:\WINDOWS\System\blank.htm" (no quotes) which will hopefully set your Home Page to blank and then allow you to subsequently modify it using Internet Options.

Exit regedit and reboot.

When you reboot, you should be able to change the home page again.