Internet Options cancelled due to restrictions in effect ....

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
I am running windows 2000 pro and my default home page has been taken over. When I go to Internet Options I get the message "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." The system has no restrictions except the ones imposed by this alien home page. How do I get rid of it?


:D :D :D :D
 
Joined
Jul 24, 2003
Messages
420
Hi moose69 ,

Please do the following ,

First , Update your virus definitions and run a scan in Safe Mode
The following link can assist you in starting your computer in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Or , Have your computer scanned at one of the following free online Virus Scanners ,
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

If you happen to have Kazaa , Remove it in Add/Remove programs in the control panel , reboot your computer and follow-up with KazaaBegone v1.01 http://www.spywareinfo.com/~merijn/files/kazaabegone.zip
Unzip KazaaBegone to your Desktop , Close all browser windows and run KazaaBegone. Reboot your computer.

Next , Download CWShredder , Unzip to the Desktop www.spywareinfo.com/~merijn/files/cwshredder.zip
Close all browser windows , check the Taskbar for minimized windows as well , Run CWShredder , Reboot your computer

Followed by , Downloading , configuring , and runing Ad-aware 6.0 Personal , Build 6.181 following winchester73's Reference Guide http://forums.techguy.org/t164245/s0bd00da6e0f7008495f1c26aa8c2e08c.html

Also consider installing SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

Finally , Download Hijack This version 1.97 www.tomcoyote.org/hjt/ Unzip Hijack This to the Desktop , Press the scan button , the scan button becomes save log button , (Do not fix anything yet) save the log to the Desktop , Return to this thread copy and paste the log to the forum

Good luck
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi BlueSpruce

CWShredder did the job. Thanks for the comprehensive reply

moose69

:D :D :D :D
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi BlueSpruce

CWShredder did the job. Thanks for the comprehensive reply

moose69

:D :D :D :D
 

Miz

Joined
Jul 1, 2002
Messages
2,146
If you haven't already, go into Internet Explorer>Tools>Internet Options>Advanced tab and uncheck all references to "Install on Demand," click OK. Although nobody has yet found out how Cool Web Search installs itself, having install on demand enabled might open an avenue for it.
 
Joined
Aug 10, 2003
Messages
401
Just to be on the safe side you should post A HijacjThis log here, and we can tell you if you're cleaned up completely or if there's anything else still hiding on your machine.

go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi Topkat
this is the hijack this logfile seems ok to my untrained eye, i would welcome any expert advice,thanks.


Logfile of HijackThis v1.97.2
Scan saved at 20:16:05, on 29/09/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZONELABS\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\Achronet\Achronet.exe
J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://u.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - j:\pfiles\adobe\acrobat\5\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKCU\..\Run: [internat.exe] E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Startup: disk2disk scheduler.lnk = E:\Program Files\disk2disk\d2dsched.exe
O4 - Startup: AladdinSoft Genie.lnk = E:\Program Files\AladdinSoft\genie.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\WINNT\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Numlock.vbs
O4 - Global Startup: Numlock.wsh
O4 - Global Startup: Achronet.lnk = E:\Achronet\Achronet.exe
O4 - Global Startup: Acrobat Assistant.lnk = J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://K:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


moosr69



:D :D :D :D
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi Topkat
this is the hijack this logfile seems ok to my untrained eye, i would welcome any expert advice,thanks.


Logfile of HijackThis v1.97.2
Scan saved at 20:16:05, on 29/09/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZONELABS\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\Achronet\Achronet.exe
J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://u.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - j:\pfiles\adobe\acrobat\5\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKCU\..\Run: [internat.exe] E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Startup: disk2disk scheduler.lnk = E:\Program Files\disk2disk\d2dsched.exe
O4 - Startup: AladdinSoft Genie.lnk = E:\Program Files\AladdinSoft\genie.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\WINNT\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Numlock.vbs
O4 - Global Startup: Numlock.wsh
O4 - Global Startup: Achronet.lnk = E:\Achronet\Achronet.exe
O4 - Global Startup: Acrobat Assistant.lnk = J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://K:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


moosr69



:D :D :D :D
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi Topkat
this is the hijack this logfile seems ok to my untrained eye, i would welcome any expert advice,thanks.


Logfile of HijackThis v1.97.2
Scan saved at 20:16:05, on 29/09/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZONELABS\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
E:\Achronet\Achronet.exe
J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://u.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - j:\pfiles\adobe\acrobat\5\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.95-deleon.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKCU\..\Run: [internat.exe] E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Startup: disk2disk scheduler.lnk = E:\Program Files\disk2disk\d2dsched.exe
O4 - Startup: AladdinSoft Genie.lnk = E:\Program Files\AladdinSoft\genie.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\WINNT\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Numlock.vbs
O4 - Global Startup: Numlock.wsh
O4 - Global Startup: Achronet.lnk = E:\Achronet\Achronet.exe
O4 - Global Startup: Acrobat Assistant.lnk = J:\PFiles\adobe\Acrobat\5\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://e:\winnt\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://K:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


moosr69



:D :D :D :D
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
One question:

Did you yourself put the following two files in your Startup folder, presumably in order to set the NUM LOCK State at Logon?

Numlock.vbs
Numlock.wsh
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi TonyKlein
I had to in order to get the numpad to work.
moose69
:D :D :D :D
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
I understand. Just wanted to make sure nothing untoward is starting up. :)

Otherwise it's a clean log!
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi TonyKlein
Gald to hear everything is ok for now thank you for your most welcome input.

moose69

:D :D :D :D
 

moose69

Thread Starter
Joined
Aug 20, 2003
Messages
367
Hi TonyKlein
Gald to hear everything is ok for now thank you for your most welcome input.

moose69

:D :D :D :D
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top