How to remone ehttp.cc/?

Computing.Net > Forums > Security and Virus > How to remone ehttp.cc/?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

How to remone ehttp.cc/?

Name: adimag
Date: November 9, 2003 at 20:26:38 Pacific
OS: Win98SE
CPU/Ram: 300MHz/128MB

Comment:

I have run Adaware, Spybot, HijackThis, and McAfee antivirus all with the latest downloads and dat files and I still get the ehttp.cc/? when I use IE 6sp1. Please help me get rid of this!! Here is the last HijackThis log that I have ran.
Logfile of HijackThis v1.97.5
Scan saved at 10:10:36 PM, on 11/09/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.exe
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.exe
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\ESSSPK.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.exe
C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acadiacom.net/adimag
F1 - win.ini: load=essspk.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.exe" /SU
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\MCAFEE\VIRUSSCAN\WebScanX.exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37604.2430787037
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
Andrew

Sponsored Link

Ads by Google

Response Number 1

Name: Tom41
Date: November 10, 2003 at 02:00:58 Pacific

Reply:

Click Start > Run > type regedit and click OK.
Navigate to the following keys and edit any ehttp.cc/? reference back to http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes

Response Number 2

Name: adimag
Date: November 10, 2003 at 06:58:31 Pacific

Reply:

Thanks for the help Tom41!! I will try that as soon as I get home and post the results.
Andrew

Response Number 3

Name: adimag
Date: November 10, 2003 at 15:13:10 Pacific

Reply:

Thanks agian Tom41!! Editing the registry did the trick. I was going out of my mind when I kept getting clean scans, but still having that annoying ehttp.cc/? showing up every time I entered an address.
Andrew

Response Number 4

Name: Ryan
Date: November 15, 2003 at 18:57:36 Pacific

Reply:

do a search of data in the registry for "ehttp:/?" and delete what you find.
use crtl-f to search and f3 to find next.

Response Number 5

Name: rory keene
Date: November 16, 2003 at 15:37:51 Pacific

Reply:

Dear Tom41
I tried to follow your advice, but have a serious problem. I changed all the sttings under HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Windows\Current Version to htp:// and as a result when ever I try to do anything on my computer, I am taken to the internet explorer interface, ie everything is a reference to http:// and so I cannot even open a word document.
This is a desperate situation, can you help at all?
Rory Keene

mailx cc cc solaris9 SECMAP.cc	cc regcleaner HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL 8080 how to install cc on solaris
See More

Response Number 6

Name: Peter Houlihan
Date: November 17, 2003 at 14:48:11 Pacific

Reply:

Simply go to this site and download the registry file...
http://ehttp.cc/ehttp.html
PS. its legit and wont mess anything.

Response Number 7

Name: Jeremy
Date: November 19, 2003 at 21:30:31 Pacific

Reply:

Hi. I got rid of the ehttp.cc/ But now, when I try to go to some sites, it now has /?%20 Does anyone know what this is or what I can do to make it not be there? Thanks.

Response Number 8

Name: DSmith6160
Date: November 27, 2003 at 13:09:20 Pacific

Reply:

I am experiencing the same proplem as Rory Keene above - everything trying to open in the browser.
I think that is may be because I inadvertantly entered "http://" in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\ default (not defaultprefix) which may have had had no set value.
As I am unable to do anything inside windows, is there a command that can be issued at the dos prompt to fix the registry entry?
DSmith

Response Number 9

Name: alexalexalex
Date: December 23, 2003 at 05:32:11 Pacific

Reply:

i am experiencing the same problem as rory keene as i have tried to change the prefixes but now as sonn as i open a program it directs me to an internet page and so everything is opening the internet. I cannot get back to regedit and so cannot change the fault. Could you please tell me how i cand go about helping this problem as i cant use my computer.

Sponsored Link

Ads by Google

spyware blaster update!!

Firewalls Etc

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: How to remone ehttp.cc/?

Browser has http://ehttp.cc/?

Summary

www.computing.net/answers/security/browser-has-httpehttpcc/7848.html

How To Use KillCMOS

Summary

www.computing.net/answers/security/how-to-use-killcmos/4203.html

how to get rid of a trojan

Summary

www.computing.net/answers/security/how-to-get-rid-of-a-trojan/16502.html

From the Geek Dictionary
BSOD - (Blue Screen of Death) Error state screen seen in most Windows platforms af...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
How to convert PPT to video wiht good quality

How do i connect Dell D620 to TV

Java Enabling

Trojan & Spyware !!!

how do I switch modems

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE