| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69896 | 2006-06-15 23:13:00 | Changing Homepage in IE | JonB (1885) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 463458 | 2006-06-18 19:51:00 | I get a lot of results back on that scan: C:\Program Files\Smartcom\EP2005\EpMonitor.exe - Unknown O1 - Hosts: 205.238.40.2 www.winmx.com - Nasty O1 - Hosts: 205.238.40.2 err.winmx.com - Nasty O1 - Hosts: 82.195.155.5 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com - Nasty O1 - Hosts: 212.227.64.149 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com - Nasty O1 - Hosts: 67.18.233.36 c3310.z1301.winmx.com c3310.z1302.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com - Nasty O1 - Hosts: 82.195.155.5 c3310.z1305.winmx.com c3310.z1306.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com - Nasty O1 - Hosts: 209.67.209.50 c3310.z1303.winmx.com c3310.z1304.winmx.com c3311.z1301.winmx.com c3311.z1302.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com - Nasty O1 - Hosts: 212.227.64.159 c3311.z1305.winmx.com c3311.z1306.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3313.z1301.winmx.com c3313.z1302.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com - Nasty O1 - Hosts: 67.18.233.36 c3520.z1301.winmx.com c3520.z1302.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com - Nasty O1 - Hosts: 82.195.155.5 c3520.z1305.winmx.com c3520.z1306.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com - Nasty O1 - Hosts: 209.67.209.50 c3520.z1303.winmx.com c3520.z1304.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com - Nasty O1 - Hosts: 212.227.64.159 c3521.z1305.winmx.com c3521.z1306.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com - Nasty O9 - Extra button: FreshDownload - {CB28D8FD-0043-4AA9-B6DD-5304CB97AB8B} - C:\Program Files\FreshDevices\FreshDownload\fd.exe - Possibly nasty O17 - HKLM\System\CCS\Services\Tcpip\..\{481B2297-7E97-4E32-AC16-8440C7122730}: NameServer = 202.37.101.1 202.37.101.2 - Possibly nasty O23 - Service: EP2005-SAGEM Usb Switcher (EpMonitor) - Unknown owner - C:\Program Files\Smartcom\EP2005\EpMonitor.exe - Unknown .......and almost everything is WinMX related. If you enjoy using it, then you are pretty well stuck with that BHO. You are not the only person this week with approx that same result. |
SurferJoe46 (51) | ||
| 463459 | 2006-06-19 04:45:00 | Ok Folks, I'm determined to get to the bottom of this. I've got rid of WinMX but all the junk was still in the hosts file which would NOT allow me to edit the winmx junk out of it. However I did some research on this and found it was an issue with Zonealarm, visit the following: forums.spybot.info Read the post from Enoskype, this definitely worked for me. sm56hlpr.exe is my Motorola modem helper and troubleshooter so can't imagine a problem there. My original homepage was Google and I simply wanted to change it temporarily to my ISP - Snap as I was needing to frequently access their pages. This was only able to be done in Safe Mode and this way I can revert OK back to Google but that is not really solving the problem. Incidentally, I tried to install IE7 Beta and all went well until it tried to access the Start Page entry in the Registry, access was denied and the install failed. Took most of Sunday afternoon to clean that mess up :o I post a new hijackthis.log for you experts to peruse and comment on. All I know for sure is that something is preventing a change to the registry Cheers JonB Logfile of HijackThis v1.99.1 Scan saved at 3:19:32 PM, on 19-Jun-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Smartcom\EP2005\EpMonitor.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\John\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snap.net.nz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe" /source=HKLM O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - Global Startup: Adobe Gamma Loader.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: FreshDownload - {CB28D8FD-0043-4AA9-B6DD-5304CB97AB8B} - C:\Program Files\FreshDevices\FreshDownload\fd.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - www3.ca.com O17 - HKLM\System\CCS\Services\Tcpip\..\{481B2297-7E97-4E32-AC16-8440C7122730}: NameServer = 202.37.101.1 202.37.101.2 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EP2005-SAGEM Usb Switcher (EpMonitor) - Unknown owner - C:\Program Files\Smartcom\EP2005\EpMonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
JonB (1885) | ||
| 463460 | 2006-06-19 09:22:00 | Have a look at this,you may be able to sort yourself. www.hijackthis.de |
Cicero (40) | ||
| 463461 | 2006-06-19 18:55:00 | The only things I see are the following: C:\Program Files\Smartcom\EP2005\EpMonitor.exe - Unknown O9 - Extra button: FreshDownload - {CB28D8FD-0043-4AA9-B6DD-5304CB97AB8B} - C:\Program Files\FreshDevices\FreshDownload\fd.exe - Possibly nasty O17 - HKLM\System\CCS\Services\Tcpip\..\{481B2297-7E97-4E32-AC16-8440C7122730}: NameServer = 202.37.101.1 202.37.101.2 - Possibly nasty O23 - Service: EP2005-SAGEM Usb Switcher (EpMonitor) - Unknown owner - C:\Program Files\Smartcom\EP2005\EpMonitor.exe - Unknown If you recognize or personally have started these yourself for whatever reason, they can be iggyd. Just be careful now what you do or don't kill in HJT. And here's a tip for you too: If you c/p the values inside the brackets {} into Google, then you will get all sorts of responses to your questions about it; although I Googled those two possibly nastys and had no results...the others might be for something EPson, if you have that sorta hardware. If you use IE or FireFox, I suggest you try SiteAdviser (http://www.siteadvisor.com/) for those moments when you are unsure of whether the site you visit is safe or questionable or dangerous. It's basically a peer-list that will inform you by color codes and info about every site you visit.There's a new owner of SiteAdviser...McAfee...and although I do not subscribe to any of their pay-type stuff, this is a noble effort. Let's see if it REMAINS free for long! |
SurferJoe46 (51) | ||
| 463462 | 2006-06-20 09:38:00 | Hi SurferJoe46 and others trying to help here! EpMonitor.exe is my Vodafone mobile address book manager (it's a Sagem phone) (See 023 - Service item) The 017-HKLM items are the addresses for INET Internet Service Provider (reputable I hope!) The 09 item is for Fresh Download a download manager from Fresh Devices which I have had for many months and works well and think is OK. What I am left with is something which is blocking altering the Start Page setting in the registry but which can be worked around in Safe Mode. As I have mentioned, whatever it is even blocked an install of IE7 from completing. Otherwise no problems, it's the "need to know" factor that is bugging me :illogical Thanks for all the input so far. |
JonB (1885) | ||
| 463463 | 2006-06-20 09:54:00 | Fresh Download is OK, have you had a good look through the options in Zone Alarm, I seem to remember a tick to lock up IE. WinMX was OK as well. |
zqwerty (97) | ||
| 463464 | 2006-06-20 11:55:00 | "Something is blocking changes to the Registry." I had that. It was the TeaTimer setting of Spybot Search & Destroy. I finally disabled it after realising that's why I couldn't delete some old stuff. It's a great feature, but can add some mystery problems. Just a thought... |
Laura (43) | ||
| 463465 | 2006-06-20 22:12:00 | "Something is blocking changes to the Registry . " I had that . It was the TeaTimer setting of Spybot Search & Destroy . I finally disabled it after realising that's why I couldn't delete some old stuff . It's a great feature, but can add some mystery problems . Just a thought . . . Laura . . . I have TeaTimer running just for that purpose . . . . to keep things set the way I want them and tell me when changes are being sought . . If you think there's a problem with TeaTimer, I can't see it causing this sorta problem when one wants to change the homepage . TeaTimer will ASK if it's ok with the operator, and that's what I want to see . If TeaTimer is not popping up and telling you that you have registry changes, then THAT is what I find strange . I suggest looking elsewhere for this problem . . . . perhaps SpyBot has been modified and the settings are all hacked . zqwerty . . . . . . check to see if you have SpyBot running in ADVANCED MODE and then check all the settings in that area . . . . . . . make sure ALL items are being scanned . . . and that there's not something checked in the permissions boxes to tell SB to not look there . I smell a rat! Mkae sure you have the latest updates and that you are fully IMMUNIZED and that the count on the Immunization list is (for June 20th, anyway) 10825 . One thing I have done over the years, isa find a very compatable anti-everything package of programs that play well together and don't intrude on too many toes and get all bollixed up in the process . ZA does not play well with many other anti-programs, hence I don't use it at all . The list of things I run (here come the flames again!) >>>>> SpyBot S&D AVG-Free Windows Defender (here's where the heat comes in!) SpyWare Blaster Ad-Aware (NOT ADWARE!) with HiJackThis, Microsoft Baseline Security Adviser, Belarc Adviser and CrapCleaner (CCleaner) . . . . . . . . . . . . . . as testers and cleaners . |
SurferJoe46 (51) | ||
| 463466 | 2006-06-24 06:12:00 | Regarding this thread I refer to today's post from KP1836 timed 1.27pm and the reply in that thread posted by Pankake referring to a utility which is run in Safe Mode called SmitfraudFix. This sounded as though it may be the answer to my problem so I ran it as per the instructions. Interestingly after rebooting normally my IE home page was now set to Microsoft but unfortunately that's as far as it went, nothing has changed and "something" is still preventing me from altering this home page. I have been through the process of changing a few times now by altering the registry Start Page item whilst in Safe Mode and then rebooting. As before, this sets whatever new home page I have entered but in normal running mode it's all locked up again. If there are any further suggestions I will be most interested to try them. Thanks JonB |
JonB (1885) | ||
| 463467 | 2006-06-24 06:19:00 | Try this then ( . simplysup . com/tremover/download . html" target="_blank">www . simplysup . com) Download install run it, click on update to update it, then click on scan . Then select the 3rd - 7th option under the utilities menu . |
Speedy Gonzales (78) | ||
| 1 2 3 4 5 | |||||