IE2 homepage help

miinkiemiinkie UK
edited February 2004 in Science & Tech
Since using IE2, i cannot change the home page in either IE2 or IE.
Any help would be appreciated

Comments

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian
    edited February 2004
    IE2 as in MyIE2? Try reinstalling it or uninstalling it. Maybe you have some spyware.
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    Check in "preferences" or "options", etc, to see if there is a setting to lock your homepage. If you use Spybot or Ad-Aware check there, too. That settings is to prevent spyware from hijacking your homepage; you might need to temporarily unlock it to make a change.
  • miinkiemiinkie UK
    edited February 2004
    yes using MYIE2. Checked options and i have 'lock my homepage' unchecked. I cant access IE's internet option page IE dropdown menu. It tells me that i am restricted from making changes. Yes I use spybot s&d so going to check there
  • miinkiemiinkie UK
    edited February 2004
    Ok. no show with settings on IE or MYIE2. Now this is pi*@ing me off. Only have another hr 2 sort it out before i have 2 leave town.
    Anybody help TIA
  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian
    edited February 2004
    Did you try uninstalling it?
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    Go here and download & run HijackThis!

    Post the log here.
  • miinkiemiinkie UK
    edited February 2004
    Used hijackit and this is the thing i believe is causing it:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    is there any way to make/change this setting windows via windows option (winxp HE)
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    miinkie wrote:
    Used hijackit and this is the thing i believe is causing it:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    is there any way to make/change this setting windows via windows option (winxp HE)
    That one should definitely go. There probably is no way to do this with a Windows setting - spyware has hijacked your browser.

    There are probably other things you need to get rid of, can you post the whole log? Most of these things require cleaning in numerous places or they will keep coming back.
  • miinkiemiinkie UK
    edited February 2004
    well here goes

    Logfile of HijackThis v1.97.3
    Scan saved at 23:07:51, on 21/02/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Fast.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\fast.exe
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\uptodate.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\Program Files\Folding@Home\FahCore_65.exe
    F:\hijackthis\HijackThis.exe
    C:\Program Files\eDonkey2000\edonkey2000.exe
    C:\Program Files\MYIE2\MyIE.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=UPDT
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/gateway_2/0,8314,,00.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - c:\windows\ipinsigt.dll__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINDOWS\System32\stlbupdt.DLL
    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\rundll16.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINDOWS\System32\stlbupdt.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\System32\stlbupdt.DLL,DllRunMain
    O4 - HKLM\..\Run: [Hacker Eliminator] C:\Program Files\Hacker Eliminator\HackerEliminator.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\rundll16.exe
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Folding@home 3.24.lnk = ?
    O4 - Startup: Outpost Firewall.lnk = C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
    O4 - Global Startup: InterVideo WinScheduler.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Trashcan (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
    O16 - DPF: {0E25CA6C-52AE-47E0-BF44-BC5B3A0403F4} - http://www.anywebcam.com/awc/SGT.ocx
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/019da1657ccada412120/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003042101/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.3281365741
    O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2004
    Folks, what we have here is a MASSIVE CRAPWARE INFECTION.

    Miinkie, you have a terrible, big problem :D

    Delete all of the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=UPDT
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
    O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - c:\windows\ipinsigt.dll__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
    O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - c:\windows\ipinsigt.dll__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINDOWS\System32\stlbupdt.DLL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\System32\stlbupdt.DLL,DllRunMain
    O4 - HKLM\..\Run: [Hacker Eliminator] C:\Program Files\Hacker Eliminator\crack\HackerEliminator.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\rundll16.exe
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {0E25CA6C-52AE-47E0-BF44-BC5B3A0403F4} - http://www.anywebcam.com/awc/SGT.ocx

    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/019da1657ccada...ip/RdxIE601.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

    O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB

    Then, run download and run Spybot Search & Destroy (Update it before you run it!). Then read my spyware article cause you need it :D:D
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    prime - you move like lightning! :respect:

    miinkie: you might want to check out this page. Near the bottom is some info on one of the items causing your problems:
    FeaturedResults

    Open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'Rundll32_7' entry.

    Open a DOS command prompt window (from Start->Programs->Accessories) and enter:

    cd "%WinDir%\System"
    regsvr32 /u msiefr40.dll
    Restart the machine and you should be able to delete the file msiefr40.dll in the System folder (which is inside the Windows folder, and called 'System32' under Windows NT, 2000 and XP).
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2004
    spyware vs. primesuspect :rarr:

    Round 1 to primesuspect :ninja:
  • miinkiemiinkie UK
    edited February 2004
    primesuspect wrote:
    spyware vs. primesuspect :rarr:

    Round 1 to primesuspect :ninja:
    :D


    seems everything is sorted. Thanks guys. :respect:
    Have to keep g/f's hands off my pc's when i'm not around it would seem. Just moved in with her, and i'm only here fortnightly (working away). Seems it took 2 weeks to gain most of this stuff coz i use spybot s&d regularly. need something resident i believe

    thanks tho
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    miinkie wrote:
    ...need something resident...
    With Spybot you can use the immunize feature:
  • miinkiemiinkie UK
    edited February 2004
    profdlp wrote:
    With Spybot you can use the immunize feature:

    Thanks profdlp. just noticed that when i just ran it. enabled now.
    btw thanks 4 the link 2 my 3k munching :woowoo: hadnt noticed it then
Sign In or Register to comment.