Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Guru Meditation virus/Scrip failure [CLOSED]


  • This topic is locked This topic is locked

#16
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Diana,

Something is confusing me here in one post you sat that www.mercardolivre is your default page and in another you say www.wlannet is your default, which page comes up when you open internet explorer?
  • 0

Advertisements


#17
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Ops, sorry, I meant that mundolivre.com.br is the page that is insisting in showing up, wlannet is the right one that was supposed to be defaut. I was also wondering why now the explorer window always pop up as a small window at first, then I need to make it bigger. Cheers mate!
  • 0

#18
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Ok we'll try this,

open internet explorer, enter the site you want to be your homepage in the taskbar. Once it opens, click on tools, internet options. In the homepage box click on current. then click on apply at the bottom.

Then click on security tab, then click on restricted sites icon. then click on sites and enter the full site address for mundolivre and ok it. then click on on the internet option tag.

Reboot computer reopen internet explorer and tell me what site opens up
  • 0

#19
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi I did what you´ve said but when I want to add to the forbidden sites list it says that the site already belongs to another working area (translating it roughly into english) and that i need to delete it first....
  • 0

#20
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Diane,

RIGHT-CLICK HERE and Save As (In IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Then see what comes up in internet explorer

Edited by usetobe, 12 June 2005 - 04:26 PM.

  • 0

#21
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi,

I did what you said, but that mundolivre is still around.... By the way I just have to install it and nothing else? I mean, I´ve installed it but nothing apparently happened, no installation note, etc. Probably it´s supposed to be like that?..

Cheers

Edited by Diana Moura, 13 June 2005 - 04:06 AM.

  • 0

#22
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Yep it's like that nothing appears to happen.

Please post a new HJT log
  • 0

#23
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here you go!

Logfile of HijackThis v1.99.1
Scan saved at 14:24:45, on 13/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlannet.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

#24
Guest_usetobe_*

Guest_usetobe_*
  • Guest
HHmmm,

Nothing Sneeky there.....

Some Web pages reset your home page and do this. One of the customizations they might make is to disable the ability to change the home page, so that you are forced to use their home page. You can re-enable this by making a small change in the Windows registry. You need to be very careful with this and follow the instructions exactly

It is recommended you first backup the registry. Here is how to and how to restore in the event that you need to

(To back up registry entries by using the registry editor
1.
In the Run dialog box, type regedit, and then click OK.

2.
In the registry editor, right-click the registry key or subkey that contains the registry entries that you want to back up, and then click Export.

3.
In the Export Registry File dialog box, select a location for the backup registry file. Click Save to save the registry file to that location.

4.
Close the Registry Editor.


To restore registry entries
1.
Copy the backup registry file to any location on the target server.

2.
In Windows Explorer, navigate to the backup registry file on the target server, and right-click the file name.

3.
Click Merge. In the Registry Editor message box, click Yes to add the information in the file to the registry.

4.
Click OK to finish.)


Now on with trying to fix

Start> Run>

Type in regedit

In Regedit, navigate to this key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

In the right-hand pane, right-click the "HomePage" value, then select Modify. Change it to: 00 00 00 00

Also change either or these to zero 0 instead of 1 if present:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001

If you don't have this key, browse to:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

and in the right hand pane, double click "Local Page" and set equal to "C:\WINDOWS\System\blank.htm" (no quotes) which will hopefully set your Home Page to blank and then allow you to subsequently modify it using Internet Options.

Exit regedit and reboot.

When you reboot, you should be able to change the home page again.

Let me know if that works
  • 0

#25
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi,
I have to leave for a while, but I will print out your instructions and perform them as soon as I come back, within 2-3 hours. Then I´ll post the results for you. Thank you so much mate! C-ya
  • 0

Advertisements


#26
Diana Moura

Diana Moura

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi

I am trying right now to do what you said, but I have two doubts

1. What registry key do I have to back up exactly??

2. in HKEY_CURRENT_USER\Software\Policies\microsoft\internet explorer\control panel I ain´t got the internet explorer file you mentioned above...

Regards

Diana
  • 0

#27
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Back up any registery entry you are going to alter and which file exactly haven't you got, that might be a help
  • 0

#28
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP