Microsoft
Software
Hardware
Network
Question : HIjack of homepage
Ok..I run Windows XP and have my default webpage set to yahoo and it does not use he yahoo page so I did a Hijack This as rge results are as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:00 PM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\csrss.
exe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\ZoneLa
bs\vsmon.e
xe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLa
bs\avsys\S
canningPro
cess.exe
C:\Program Files\Lavasoft\Ad-Aware\aa
wservice.e
xe
C:\WINDOWS\system32\ZoneLa
bs\avsys\S
canningPro
cess.exe
C:\Program Files\CheckPoint\ZAForceFi
eld\IswSvc
.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Connected\AgentSrv.E
XE
C:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe
C:\WINDOWS\eHome\ehRecvr.e
xe
C:\WINDOWS\eHome\ehSched.e
xe
C:\PROGRA~1\VCOM\Fix-It\mx
task.exe
C:\Program Files\iolo\common\lib\iolo
ServiceMan
ager.exe
C:\WINDOWS\system32\PSISer
vice.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\PROGRA~1\AVANQU~1\SYSTE
M~1\MXTask
.exe
C:\WINDOWS\ehome\mcrdsvc.e
xe
C:\PROGRA~1\AVANQU~1\SYSTE
M~1\mxtask
.exe
C:\PROGRA~1\VCOM\Fix-It\mx
task.exe
C:\WINDOWS\System32\alg.ex
e
C:\WINDOWS\system32\dllhos
t.exe
C:\WINDOWS\ehome\ehtray.ex
e
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.
exe
C:\WINDOWS\system32\igfxpe
rs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
e
C:\WINDOWS\eHome\ehmsas.ex
e
C:\Program Files\Connected\CBSysTray.
exe
C:\Program Files\CaptureWiz\Pro\Captu
reWiz.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad
-Watch.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontie
r\mantispm
.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
s.exe
C:\WINDOWS\system32\wbem\w
miprvse.ex
e
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\In
ternet Connection Wizard,ShellNext =
http://update.zonelabs.com
/checkupda
teweb.asp?
ProductNam
e=ZoneAlar
m+Security
+Suite&
Pro
ductVersio
n=7.0.337.
000&HU100=
ZLN0681962
5975921-10
42&
SerialN
umber=gp58
u13m4vg8un
jea9pgank7
600&Licens
e=1&
Langua
ge=EN&Quer
y=Manual&O
EM=1042
R3 - URLSearchHook: Advanced Searchbar - {57F02779-3D88-4958-8AD3-8
3C12D86ADC
7} - C:\Program Files\AdvancedSearchbar\ad
vancedsear
chbar.dll
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-7
5860118A0B
5} - C:\Program Files\blcorp\WCCSC\WCPStop
\wcpstop.d
ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
E65E497C8C
0} - C:\Program Files\Avanquest\SystemSuit
e\LinkScan
nerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.6.0_06\bin
\ssv.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-4
96CB7EED6E
3} - C:\Program Files\CheckPoint\ZAForceFi
eld\TrustC
hecker\Com
ponents\Tr
ustChecker
IEPlugin.d
ll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
164760863C
6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F
519D29F00C
0} - C:\PROGRA~1\ADVANC~1\ADVAN
C~1.DLL
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-B
CA1A32AB10
7} - C:\Program Files\CheckPoint\ZAForceFi
eld\TrustC
hecker\Com
ponents\Tr
ustChecker
IEPlugin.d
ll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-8
3C12D86ADC
7} - C:\Program Files\AdvancedSearchbar\ad
vancedsear
chbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
e
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpe
rs.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
e"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
drivers\w3
2x86\3\hpz
tsb10.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad
-Watch.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\Captu
reWiz.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.
exe
O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267
O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_06\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_06\bin
\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4
C56B4E14E8
4} - (no file)
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-8
3C12D86ADC
7} - C:\Program Files\AdvancedSearchbar\ad
vancedsear
chbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-8
3C12D86ADC
7} - C:\Program Files\AdvancedSearchbar\ad
vancedsear
chbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-f
a1d4f56a2a
b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth
elper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5
000B5ABEEA
C} (HP Download Manager) -
https://h20436.www2.hp.com
/ediags/de
x/secure/H
PDEXAXO.ca
b
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
0805F499D9
3} (Java Runtime Environment 1.6.0) -
http://javadl.sun.com/weba
pps/downlo
ad/AutoDL?
BundleId=2
1871
O17 - HKLM\System\CCS\Services\T
cpip\..\{B
FB8CCBA-C5
AC-4A4C-96
C7-D72FCC0
7D331}: NameServer = 212.19.48.14
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aa
wservice.e
xe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.E
XE
O23 - Service: Steganos Anonym VPN Starter Service (AVPNStarter) - Unknown owner - C:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mx
task.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1150\Inte
l 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\iolo
ServiceMan
ager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\iolo
ServiceMan
ager.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceFi
eld\IswSvc
.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSISer
vice.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTE
M~1\MXTask
.exe
O23 - Service: UWCService - Business Logic Corporation - C:\Program Files\blcorp\WCCSC\WCOC\UW
CSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLa
bs\vsmon.e
xe
--
End of file - 7920 bytes
Thanks for any and all help
Answer : HIjack of homepage
Hello,
This could be due to the Advanced Toolbar that is installed on your system. If you do not wish to use it then use teh Add/Remove Programs to remove it and see if that fixes it.
Also have you gone under Internet Explorer Options to set your homepage to what you want?
Tools>Internet Options.
Right in the first box is the option to set the homepage to what you wish.
Cheers,
Mak
Random Solutions
Difference between star schema and snow flake schema design?
Signatures
Backup a server to a non windows NAS (Buffalo - TeraStation Pro II 2.0TB Network Attached Storage)
I recently migrated from exchange server 2003 to exchange 2007, now I have a user who has a 3rd party pop email account he cannot send email from.
Active Sync and Symbol PPT 8800
CHKDSK in Vista
Expression result length exceeds the maximum. 8000 max, 16000 found.
How do you do an LDAP query for the login name.
Domain controller crashed, backup DC not working
Mandrake 9 - VNC Autostart as a service - how to?