Active X issues
#1
Posted 03 June 2005 - 09:43 AM
Register to Remove
#2
Posted 06 June 2005 - 06:59 PM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#3
Posted 07 June 2005 - 06:16 AM
#4
Posted 07 June 2005 - 07:35 AM
#5
Posted 07 June 2005 - 01:09 PM
@echo off reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /s > ZoneMap.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /s >> ZoneMap.txtWen properly copied and pasted the above should produce three printed lines in notepad, the first ending with 'off' and each of the last two ending with 'ZoneMap.txt'. The last line of the file should be blank.
Double click SeeZones.BAT to run it, you will get a file on your desktop named ZoneMap.txt. Open that file and let me know approximatly how many lines are in it (less than a hundred, more than a thousand, just a general estimate). Mine has 5500 lines but I have used a registry script that puts allot of domains in there.
If there are less than 100 lines in the file, post it here.
Use the Search feature of Notepad and see if the document contains any of the following strings:127.0.0.1
0.0.0.0
localhost
192. <<notice the '.' at the end of this one
Make sure wordwrap is off.
If it does contain any of those, copy the line it is on and the line below it that has REG_DWORD in it and post them here.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#6
Posted 07 June 2005 - 02:31 PM
#7
Posted 07 June 2005 - 06:07 PM
@echo off reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1201 > MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1405 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1806 >> MyCompAX.txt reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v flags >> MyCompAX.txt
Post the result here.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#8
Posted 07 June 2005 - 06:33 PM
#9
Posted 08 June 2005 - 08:53 AM
Edited by rand1038, 08 June 2005 - 08:53 AM.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#10
Posted 08 June 2005 - 02:18 PM
Register to Remove
#11
Posted 15 June 2005 - 07:38 AM
Everything looks good so far. Lets take a look at a HijackThis log and see if there are any clues in there.
First, create a new folder on your desktop with a memorable name such as 'HijackThis'. Next, download HijackThis (scroll down the page to the 'HijackThis Quick Start' header) and unzip it to the new folder you just created. Make sure you unzip it, don't run it from the zip folder as it will not make proper backups if we need to fix anything.
Next, run HijackThis and click Do a system scan and save a logfile.
When the file opens, copy the entire contents by holding down Ctrl and pressing the 'A' key at the same time. Open a reply to this thread and paste the log into the reply by holding down the Ctrl button and 'V' at the same time.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#12
Posted 15 June 2005 - 08:23 AM
Logfile of HijackThis v1.99.1
Scan saved at 10:19:45 AM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - http://jpedownload.j....com/wi/p2p.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
#13
Posted 15 June 2005 - 08:59 AM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#14
Posted 15 June 2005 - 09:06 AM
#15
Posted 15 June 2005 - 10:43 AM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users