WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Active X issues
Started by
CAPTAIN
, Jun 03 2005 09:43 AM
33 replies to this topic
#1
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 03 June 2005 - 09:43 AM
Register to Remove
#2
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 06 June 2005 - 06:59 PM
What operating system and version of Internet Explorer are you running.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#3
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 07 June 2005 - 06:16 AM
Windows XP
Home addition
Version 2002
Service pack 2
I tried the fix on the microsoft page as well as resetting the security settings and it still doesn't work.
#5
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 07 June 2005 - 01:09 PM
Lets take a look at your secrity zones. Perhaps localhost got into the restricted zones. Copy the contents of the codee box to a text document (notepad) and save it to your desktop, name it SeeZones.BAT, save as type "all files"
Double click SeeZones.BAT to run it, you will get a file on your desktop named ZoneMap.txt. Open that file and let me know approximatly how many lines are in it (less than a hundred, more than a thousand, just a general estimate). Mine has 5500 lines but I have used a registry script that puts allot of domains in there.
If there are less than 100 lines in the file, post it here.
Use the Search feature of Notepad and see if the document contains any of the following strings:127.0.0.1
0.0.0.0
localhost
192. <<notice the '.' at the end of this one
Make sure wordwrap is off.
If it does contain any of those, copy the line it is on and the line below it that has REG_DWORD in it and post them here.
@echo off reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /s > ZoneMap.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /s >> ZoneMap.txtWen properly copied and pasted the above should produce three printed lines in notepad, the first ending with 'off' and each of the last two ending with 'ZoneMap.txt'. The last line of the file should be blank.
Double click SeeZones.BAT to run it, you will get a file on your desktop named ZoneMap.txt. Open that file and let me know approximatly how many lines are in it (less than a hundred, more than a thousand, just a general estimate). Mine has 5500 lines but I have used a registry script that puts allot of domains in there.
If there are less than 100 lines in the file, post it here.
Use the Search feature of Notepad and see if the document contains any of the following strings:127.0.0.1
0.0.0.0
localhost
192. <<notice the '.' at the end of this one
Make sure wordwrap is off.
If it does contain any of those, copy the line it is on and the line below it that has REG_DWORD in it and post them here.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#6
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 07 June 2005 - 02:31 PM
This is frm zonemap.txt:
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\related
http REG_DWORD 0x4
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
<NO NAME> REG_SZ
#7
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 07 June 2005 - 06:07 PM
That looks ok CAPTAIN, lets run another. Same as before, name this one MyCompAX.BAT, each of the lines in the code box ends with the file name, there should be a blank line at the end of the file. This one will produce a file called MyComAX.txt on your desktop.
Post the result here.
@echo off reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt
Post the result here.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#8
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 07 June 2005 - 06:33 PM
Here you go:
@echo off
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt
#9
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 08 June 2005 - 08:53 AM
Captain, you need to copy the contents of the code box to a text document, save it to your desktop named MyAX.BAT save as type 'All Files'. Double click to run it. It productes the file MYCompAX.txt on your desktop, post the contents of that file please.
Edited by rand1038, 08 June 2005 - 08:53 AM.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#10
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 08 June 2005 - 02:18 PM
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1201 REG_DWORD 0x3
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1405 REG_DWORD 0x0
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1806 REG_DWORD 0x0
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
flags REG_DWORD 0x21
Register to Remove
#11
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 15 June 2005 - 07:38 AM
Sorry it took me so long to get back to you.
Everything looks good so far. Lets take a look at a HijackThis log and see if there are any clues in there.
First, create a new folder on your desktop with a memorable name such as 'HijackThis'. Next, download HijackThis (scroll down the page to the 'HijackThis Quick Start' header) and unzip it to the new folder you just created. Make sure you unzip it, don't run it from the zip folder as it will not make proper backups if we need to fix anything.
Next, run HijackThis and click Do a system scan and save a logfile.
When the file opens, copy the entire contents by holding down Ctrl and pressing the 'A' key at the same time. Open a reply to this thread and paste the log into the reply by holding down the Ctrl button and 'V' at the same time.
Everything looks good so far. Lets take a look at a HijackThis log and see if there are any clues in there.
First, create a new folder on your desktop with a memorable name such as 'HijackThis'. Next, download HijackThis (scroll down the page to the 'HijackThis Quick Start' header) and unzip it to the new folder you just created. Make sure you unzip it, don't run it from the zip folder as it will not make proper backups if we need to fix anything.
Next, run HijackThis and click Do a system scan and save a logfile.
When the file opens, copy the entire contents by holding down Ctrl and pressing the 'A' key at the same time. Open a reply to this thread and paste the log into the reply by holding down the Ctrl button and 'V' at the same time.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#12
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 15 June 2005 - 08:23 AM
Here you go:
Logfile of HijackThis v1.99.1
Scan saved at 10:19:45 AM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - http://jpedownload.j....com/wi/p2p.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 10:19:45 AM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - http://jpedownload.j....com/wi/p2p.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
#13
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 15 June 2005 - 08:59 AM
It looks like you have incomplete uninstalls of Norton and McAfee. Which versions of each of those programs did you have installed? We are going to need to completely remove them.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#14
CAPTAIN
-
- Authentic Member
-
- 41 posts
Authentic Member
Posted 15 June 2005 - 09:06 AM
I would like to have the Norton installed and the McAfee taken out.
#15
rand1038
-
- Authentic Member
-
- 1,100 posts
Take over your PC or someone else will.
Posted 15 June 2005 - 10:43 AM
The first thing that will need to be done is a complete uninstall of both as you have components and/or registry entries left over from both. In order to accomplish that we need to know what versions of the software were installed. i.e. was it Norton Internet Security 2004? Information on the versions for both Norton and McAfee are needed.
Everyone gets specific instructions, disregard what you don't need.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
