Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie6 Unloads & Missing Menu Items - Weirdness


  • Please log in to reply
7 replies to this topic

#1 MtnGolfer

MtnGolfer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 15 August 2006 - 04:28 PM

All,

I've tried & tried to resolve this but am giving up.

In a moment of insanity I tried installing Microsoft's IE7 Beta 3 and it literally killed my laptop (Dell Inspiron B130)

It took me the better part of 3 weeks go get it back to a relatively normal operating mode but IE 6 is still acting VERY weird.

The most annoying thing is that it just ups & unloads at will. In the middle of surfing or just sitting there minimized - *poof* it's gone. No rhyme or reason.

There are menu items that do not show up. Help/About, Pop-Up Blocker, Manage Add-ons, No Privacy tab on Internet Options.... weird things like that.

I fear I've been hacked but with ZoneALarm, Spybot Search & Destroy, RegCure, Registry Mechanic, and others nothing leaps out!

Help!

Thanks!
Tom

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:31 AM

Posted 19 August 2006 - 08:38 AM

Hello MtnGolfer and welcome to the BC HijackThis forum. Since IE7 is still in beta it could be the root cause of what is happening. It doesn't always uninstall cleanly.

Let's run a scan and see what it finds.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 MtnGolfer

MtnGolfer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 20 August 2006 - 07:34 PM

Here is the WinPFind2 file, thanks for the help!!!!


Logfile created on: 08/20/2006 18:33
WinPFind2 by OldTimer - Version 1.0.6 Folder = C:\Documents and Settings\Tom Matthews\My Documents\downloads\Utilities\WinPFind2\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\learning\apache group\apache2\bin\apachemonitor.exe - (Apache Software Foundation )
c:\windows\system32\bcmwltry.exe - (Dell Inc. )
c:\program files\cyberlink\powerdvd\dvdlauncher.exe - (CyberLink Corp. )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\windows\system32\igfxpers.exe - (Intel Corporation )
c:\windows\system32\igfxsrvc.exe - (Intel Corporation )
c:\windows\system32\zonelabs\isafe.exe - (Computer Associates International, Inc. )
c:\program files\common files\installshield\updateservice\issch.exe - (InstallShield Software Corporation )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\progra~1\zonela~1\zoneal~1\mailfr~1\mantispm.exe - ( )
c:\program files\musicmatch\musicmatch jukebox\mim.exe - (Musicmatch, Inc. )
c:\progra~1\musicm~1\musicm~3\mmdiag.exe - (Musicmatch, Inc. )
c:\program files\learning\mysql\mysql server 4.1\bin\mysqld-nt.exe - ( )
c:\program files\dell\nicconfigsvc\nicconfigsvc.exe - (Dell Inc. )
c:\program files\real\realplayer\realplay.exe - (RealNetworks, Inc. )
c:\windows\stsystra.exe - (SigmaTel, Inc. )
c:\program files\synaptics\syntp\syntpenh.exe - (Synaptics, Inc. )
c:\windows\system32\dla\tfswctrl.exe - (Sonic Solutions )
c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\documents and settings\tom matthews\my documents\downloads\utilities\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\windows\system32\wltray.exe - (Dell Inc. )
c:\windows\system32\wltrysvc.exe - ( )
c:\program files\zone labs\zonealarm\zlclient.exe - (Zone Labs, LLC )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default Page - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default Search - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Local Page -
HKCU->Main\\Start Page - http://www.comcast.net/comcast.html
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU->Main\\Local Page -
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8195

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKLM-> Internet Explorer Plugins]
.wav - QuickTime Plug-in 6.5 = C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll (Apple Computer, Inc. )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc. )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated. )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 12\VBProp.dll (Trend Micro Incorporated. )
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated. )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
* - ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory\Background - igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation )
Folder - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated. )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> Registry Run Keys <<]
HKLM->Run\\Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc. )
HKLM->Run\\dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions )
HKLM->Run\\DVDLauncher - "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp. )
HKLM->Run\\igfxhkcmd - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation )
HKLM->Run\\igfxpers - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation )
HKLM->Run\\igfxtray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation )
HKLM->Run\\ISUSPM Startup - "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation )
HKLM->Run\\ISUSScheduler - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation )
HKLM->Run\\MimBoot - C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe (Musicmatch, Inc. )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc. )
HKLM->Run\\SigmatelSysTrayApp - stsystra.exe (SigmaTel, Inc. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc. )
HKLM->Run\\Zone Labs Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\DellSupport - "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup (Gteko Ltd. )

[>> Startup Lnks <<]
HKLM->Common Startup - Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated )
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKLM->Common Startup - Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation )
HKLM->Common Startup - Monitor Apache Servers.lnk - C:\Program Files\Learning\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation )
HKCU->Startup - desktop.ini - C:\Documents and Settings\Tom Matthews\Start Menu\Programs\Startup\desktop.ini ( )

[>> Disabled MSConfig Items <<]
StartUpReg\OE_OEM - OE_OEM = "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc. )
StartUpReg\pccguide.exe - pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" (Trend Micro Incorporated. )

[>> User Agent Post Platform <<]
SV1 -

[>> AppInit DLLs <<]

[>> Image File Execution Options <<]
Your Image File Name Here without a path - Debugger = ntsd -d

[>> Shell Service Object Delay Load <<]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[>> Shell Execute Hooks <<]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[>> Shared Task Scheduler <<]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[>> Winlogon <<]
UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
Shell - Explorer.exe (Microsoft Corporation )
System - (File not found))
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\igfxcui - igfxdev.dll (Intel Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{7DC8CEAA-046B-47F3-99CF-7FEC6E21E2A7} - (Dell Wireless 1370 WLAN Mini-PCI Card)
{C4A07886-F3F8-45D6-8AEA-85ED00467C03} - (Broadcom 440x 10/100 Integrated Controller)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll (File not found))
Protocol_Catalog9\Catalog_Entries\000000000002 - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll (File not found))
Protocol_Catalog9\Catalog_Entries\000000000003 - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll (File not found))
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll (File not found))

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))
x-excid - c:\WINDOWS\Downloaded Program Files\mimectl.dll ( )

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
CA ISafe (CAISafe) - C:\WINDOWS\system32\ZoneLabs\isafe.exe (Computer Associates International, Inc. ) [On Demand - Running - Win32, running in it's own process]
MySQL (MySQL) - "C:\Program Files\Learning\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="C:\Program Files\Learning\MySQL\MySQL Server 4.1\my.ini" MySQL ( ) [Automatic - Running - Win32, running in it's own process]
NICCONFIGSVC (NICCONFIGSVC) - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc. ) [Automatic - Running - Win32, running in it's own process]
TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC ) [Automatic - Running - Win32, running in it's own process]
Dell Wireless WLAN Tray Service (wltrysvc) - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (File not found)) [Automatic - Running - Win32, running in it's own process]

< Files >

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/10/2004 12:57 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare - ( [Ver = | Size = 4 bytes | Date = 12/08/2005 10:15 | Attr = H ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Tom Matthews\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/10/2004 12:57 | Attr = HS])
C:\Documents and Settings\Tom Matthews\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 37824 bytes | Date = 02/18/2006 20:30 | Attr = ])
C:\Documents and Settings\Tom Matthews\Application Data\PFP120JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 12/26/2005 09:04 | Attr = ])
C:\Documents and Settings\Tom Matthews\Application Data\PFP120JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 12/26/2005 09:04 | Attr = ])

DPF files
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1137424959390
{7F8C8173-AD80-4807-AA75-5672F22B4582} - ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37710.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - GpcContainer Class - CodeBase = https://intrado.webex.com/client/v_mywebex-...ent/ieatgpc.cab

Hosts file = 881 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
127.0.0.1 TomsBBDev1.com #Bowl Bound dev server -
127.0.0.1 TomsPHP.com #PHPTest server -
127.0.0.1 BBDev1 #old name for MySql install, kill when ready -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 FE 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - BA 58 73 F1 50 BA C6 01
Desktop\General\\WallpaperLocalFileTime - BA E8 D8 A6 1E BA C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 05 00 00 FE 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\explorer -
policies\explorer\\NoCDBurning - 0

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:31 AM

Posted 21 August 2006 - 06:03 PM

Hi MtnGolfer. Everything looks normal in the report except for some of the Winsock2 catalogs. I'm assuming that this computer has Zone Labs security suite on it. Does the anti-virus portion of the suite work properly? Also, is this the computer that you are using when posting (does it actually connect to the internet or anywhere else)?

When you removed IE7 did you uninstall it through the Add or Remove Programs in the Control Panel? We may want to try a reinstall of IE6 to see if that helps.

Let me know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 MtnGolfer

MtnGolfer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 21 August 2006 - 11:10 PM

Old Timer,

Yes I removed IE7b3 through Add/REmove. The anti virus portion of Zone Alarm ( yes I use it - 'Pro') works properly.

I attempted to reinstall IE6 & was told I could not as the versions/updates were newer...

Thanks!

Tom

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:31 AM

Posted 23 August 2006 - 05:14 PM

Hmm. Interesting. I looked around a bit and there is no one solution that fixes this issue. Some people have never had a problem. Some have had nothing but problems. Some have reinstalled and then uninstalled and that worked while it did not work for others. Microsoft has no solution sine it is still in beta.

I would say since this is not a malware issue your best bet would be to try the Web Browsing forum. Be prepared to possibly try many different suggestions until one of them works for your machine. If they ask, let them know that you have been to this forum and that no malware was found.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 MtnGolfer

MtnGolfer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 23 August 2006 - 05:21 PM

Thanks!

The mystery continues.......

Ah. Microsoft!

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:31 AM

Posted 25 August 2006 - 03:43 PM

Yeah, betas. What can you do with them?

Since this is not a malware issue I will close this topic. If you have any new malware related questions in the future please start a new topic.

Cheers.

OT :B
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users