Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ie Redirects, Activex Disabled, Internet Zones Missing

Started by davemcq , Jun 06 2007 01:20 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 davemcq

davemcq

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 June 2007 - 01:20 PM

The problem posted by marcbgd sounds very similar to this. I am trying to clean up a neighbor's machine. I have observed these symptoms: 1) some "my documents" & desktop files were moved. 2) there is only one internet zone and it does not save any option changes. 3) activex is disabled 4) msn is the homepage & it loads 5) most URLs I put in result in IE endlessly refreshing The OS is windows 2000 pro. I tried Spybot S&D which found a few things but did not resolve these symptoms. I tried fixing R0, R3, & O15 errors but they are still there after I rescan. I've never seen such a hard to detect problem as this. Help... Dave Logfile of HijackThis v1.99.1 Scan saved at 12:44:26 AM, on 6/5/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\taskmgr.exe C:\Documents and Settings\lsammartino\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINNT\svchost.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 June 2007 - 04:55 PM

Hello and welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 davemcq

davemcq

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 19 June 2007 - 11:13 AM

Thanks for getting back to me. I ended up doing a fresh install of XP, at least now he can use system restore to fix this kind of carp**. HOWEVER, since I am new to both this forum and hijackthis, I still have some questions: 1) What can be determined from the log file I did post? Does it look like a completely clean system? 2) What type of bug/spyware/browserhijack/whatchamacallit would remove all of my internet zones except for "Restricted"? The reason I never found a solution is because I never determined the actual name of the culprit. Best I could tell, it was a "browserhijack" and I had never tried to fix something of this nature before. It was highly effective as far as making the computer a pain to deal with: A. Since everything had to operate under the "restricted" zone, which disabled ActiveX, it made Windows Explorer, which apparently uses ActiveX to display files & folders, inoperable. Only thing I could use in Windows Explorer was the file tree view on the left to look at directory structure. As far as what was in those directories, I had to go to a command prompt to view, delete, move, & copy files. B. Since the only page that internet explorer would display was msn, I couldn't run microsoft update because it needed IE to function. I had to bring a copy of Firefox Installer over on a jump drive to get web access. At least one of the free web-based spyware scans (McAfee possibly?), which I had navigated to using FirFox, required IE to actually do the scan. Lastly, :P how long would a computer run if it actually had an unwrapped "whatchamacallit" inside the cpu? :P Keep in mind my machine is a "small form factor" model so there's not much room for all that warm air to get dispersed... :P Whatchamacallits aside, I look forward to any knowledgeable responses. Thanx, davemcq

Edited by davemcq, 19 June 2007 - 11:14 AM.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·