Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log for analysis - thanks!


  • Please log in to reply
10 replies to this topic

#1 Webbie

Webbie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 08 February 2005 - 03:55 PM

Can someone please take a look at this Hijack This log and see what the potential problem areas are? The PC's browser will not allow any "trusted sites" to be added, causing various browser inconveniences. I have scanned it with Ad-Aware SE and Norton Anti virus and it's clean now. Here's the log...thanks!

Webbie


Logfile of HijackThis v1.99.0

Scan saved at 1:52:16 PM, on 2/8/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe

C:\BWM\Toolbox\New Tools 2-05\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://x.weber.com/AntiSpamGateway/Cabs/Mapicom.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103209022547

O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://x.weber.com:8000/jinitiator/oajinit.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\Software\..\Telephony: DomainName = weber.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{87D8B378-CD3B-432A-869C-DBAD44718EC8}: NameServer = 10.0.0.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = weber.com

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:08 PM

Posted 09 February 2005 - 10:39 PM

If you are purposely doublespacing these logs. Please dont do so.

Fix these, reboot and post a new log:

R3 - Default URLSearchHook is missing
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

#3 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 01 March 2005 - 11:21 AM

Well, I tried doing what you said, but I can NOT remove the two 015 entries that reference the "*.frame.crazywinnings.com". Another interesting twist is that we have an outside vendor in doing a security audtion and he found that on the PC that is having all these problems, ALL of the IP ports are open! He's never seen that before. And here's the kicker....this PC has SP2 on it with the firewall showing that it's turned on. Again, this is the PC where I can NOT access the "trusted sites" in the browser - it's grayed out. I may just end up rebuilding this PC if this can't be solved relatively quickly and easily. Much thanks for any additional help that you can provide. I've attached the most recent log file for you to review.

Thanks in advance!

Webbie



Logfile of HijackThis v1.99.0
Scan saved at 9:47:58 AM, on 3/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
K:\Programs\New Tools 2-05\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://x.weber.com/AntiSpamGateway/Cabs/Mapicom.cab
O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://x.weber.com:8000/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weber.com
O17 - HKLM\Software\..\Telephony: DomainName = weber.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{87D8B378-CD3B-432A-869C-DBAD44718EC8}: NameServer = 10.0.0.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weber.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = weber.com
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 01 March 2005 - 11:27 AM

make that a "security AUDIT"! (I do speak English)

Webbie

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:08 PM

Posted 01 March 2005 - 12:02 PM

Download the attached zip file and unzip it to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select 'Install' and post anew log

#6 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 02 March 2005 - 02:53 PM

Okay...here's the update. We were able to remove those two 015 entries when we started in safe mode WITHOUT networking. We still can not look at the "trusted sites" button, which is grayed-out. I did install the file that you sent the link for and ran another HJT scan. Here is the log file from that:

Logfile of HijackThis v1.99.0
Scan saved at 1:42:42 PM, on 3/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
C:\BWM\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://x.weber.com/AntiSpamGateway/Cabs/Mapicom.cab
O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://x.weber.com:8000/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weber.com
O17 - HKLM\Software\..\Telephony: DomainName = weber.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{87D8B378-CD3B-432A-869C-DBAD44718EC8}: NameServer = 10.0.0.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weber.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = weber.com
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:08 PM

Posted 02 March 2005 - 04:01 PM

Ok i do not see anyting wrong with this log right now. The sites button should be greyed out in the Internet zone

#8 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 03 March 2005 - 08:57 AM

"Ok i do not see anyting wrong with this log right now. The sites button should be greyed out in the Internet zone"

I don't know if we're talking about the same "sites" button, but the one that I'm talking about (Tools, Internet Options, Security Tab, Trusted Sites, SITES) should NOT be grayed out. It's available on every other PC that we have here, giving the user the ability to trust certain sites. This option is not available on the PC in question.

Thanks in advance,

Webbie

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:08 PM

Posted 03 March 2005 - 10:37 AM

You are right...and I did not see the trusted sites part, thought you meant the internet zone.

OPen up regedit and export the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

also is this xp pro or home?

#10 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 03 March 2005 - 03:52 PM

This is XP Pro SP2 Below is the text of the registry key that you asked me to export. Let me know what looks suspicious with this.

Thanks again,

Webbie


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00010500
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010000
"Flags"=dword:00000000
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000001
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00020000
"1E05"=dword:00020000
"1206"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000003
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000
"2300"=dword:00000001
"2000"=dword:00000000
"2001"=dword:00000000
"2004"=dword:00000000

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:08 PM

Posted 04 March 2005 - 12:24 AM

Change the flags value to decimal 67

And change the flags under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Flags

to 71

reboot and see if that helps




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users