i cannot change my homepage..

Hello

My homepage for whatever reason is www.orange.co.uk , i have never asked for this ,and do not know where it has come from , but every attempt to change it under " tools " to my actual default homepage , it keeps going back to this orange.co.uk...i cannot get rid of it , i have run pctools spyware doctor , that finds nothing...im stuck , can anybody help me , i would appreciate it very much indeed..

Thanks in anticipation.

Blueboy1962

 

Welcome to WindowsBBS Forums.

Here is how we like to begin our analysis of your pc:

For starters, if you do not have them yet, please DL and run AdAware & Spybot Search & Destroy. AdAware and Spybot Search & Destroy are 2 of the most trusted apps in the security area. They are both free, compliment each other nicely, and do not use a lot of resources. They can be found here:

Spybot Search & Destroy v.1.4
AdAware SE Free v1.06r

With AdAware and Spybot: DL, follow the install instructions, check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next. The reason for running these apps, is to clean up some of the other 'crapware' on your pc, which, in turn, will make deciphering your HJT log, easier.

Then we use HiJackThis v:1.99.1zip.
DL the zip file to your desktop, then create a new folder on your C drive, called 'HJT' or 'HijackThis'. Then unzip the files to the new folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log onto this topic. DO NOT DELETE or modify anything yet, as some of it is needed to keep your system in proper working order.

 

Logfile of HijackThis v1.99.1
Scan saved at 15:28:56, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153086933935
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

OK, I don't see anything in your logfile. I'm assuming that neither of the two recommended scans found anything?

The site in question is a UK site, related to your ISP I'm thinking.

Lets fix the following lines, which are not bad sites, and then try and set your homepage to whatever page you desire and see if it sticks.

Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

Reboot your system, go to your control panel, select 'Network Internet Connections' and then 'Internet Options'. Change your homepage there and open up IE see what happens.

 

A possible problem if running Zone Alarm v6.5:

JRosenfeld's post in this thread: http://www.windowsbbs.com/showthread.php?t=56110

Regards - Charles

 

charlesvar--There is little question that the latest versions of ZoneAlarm unexpectedly block a few things like Homepage change and HOSTS file change.
However, I wonder if JRosenfeld's post is the fix for Homepage change. (It is the fix for HOSTS file locking.) I have questioned him about this.
I see in the ZoneAlarm forum some other ideas to allow Homepage change. These involve temporarily disabling ZA.
One is starting in SafeMode. Another is not allowing ZA to start at boot (unchecking in msconfig), changing the Homepage, again checking ZA in msconfig and then reboot.

 

Hi Jim,

I did write "a possible" problem Easily tested and circumvented by shutting ZA off, right click the tray icon > shutdown - when not on line of course.

For the record, Im not having that problem with ZA Pro v6.5

Regards - Charles

 

charlesvar--The lock HOSTS files problem definitely existed [in ZA Free. (See below for use of color.)
http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=15537
And apparently in ZA Pro, too.
http://forum.zonelabs.org/zonelabs/board/message?board.id=gen&message.id=34584
I have not tested the problem of ZA's locking the Homepage and was questioning whether JRosenfeld's solution (involving locking and unlocking the HOSTS file setting, which was earlier proposed in the first reference above) would also help the Homepage problem.

BUT HOLD THE PRESSES ON THE LOCK HOSTS FILE PROBLEM
As of today a new post in the first link above indicates that the latest version of ZA Free has fixed the HOSTS file lock problem.
Whether it also fixes the Homepage problem I do not know.

 

I had forgotten about the ZA problem, thanks guys.

 

I should add that both AdAware and Spybot have settings to lock the Homepage.

 

Hey All, I was having a similar problem and was working it at this thread.
Below is a quote my last entry in that post. Hope it helps.

****

I am finally back home... Guess what!! ZoneLabs put out an update for ZoneAlarm and the problem is solved. As you know they give an option to update or new install, I always recommend the new install. I did the new install of version 6.5.731.000 and problem solved... I did previously, a couple of weeks ago, uninstall the program to no avail so apparent something was left in the registry.

If this had happened a few weeks ago it would have save me one heck of a lot of hours. Oh well, I am retired and can afford the time.

Thanks to all of you for listening and helping... You are a great bunch.