Discussion in 'other software & services' started by Bill175, Oct 15, 2005.

  Bill175

    Oct 15, 2005

    Oct 15, 2005
    I believe my daughter has destroyed my computer, by visiting Japenese anime sites, but luckily Netscape has allowed me to get here if somebody can lend a hand with information.

    Currently, if MSIE is launched, I get a "Activex is not enabled" warning, and after checking "OK", the browser just sits blank, flashing, and saying it's loading the homepage, but appears to be downloading SOMETHING, but a page never shows, so I close out, in case it's downloading some garbage.

    When I go to the browsers settings, to change the zone setting, the box is blank and shows no zones at all, so I can't adjust the settings.

    I've tried to run Macafee that is installed, but it too says activex isn't running, so it doesn't work. I also tried going to housetrend, but it won't work with Netscape 7.02, eventhough I installed the proggy it said would make it work.

    So I can't scan for a virus, but boy it's acting like one. I've run spybot and adware and it cleaned what it found, but how do I get these Content zones back, so I can set security?
    Thanks for any help.
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Hye Bill....Welcome to Wilders,

    While there is definetly a way to hide all Zone icons....I have never run across a post in the malware forums for instance concerning all icons missing :doubt:

    Having said that I'll kick off by asking a few questions and go from there.

    Since you mention 6.02 I'll assume XP ?
    If so....and if this PC has more than one user profile does it happen on all profiles ?

    Will you mind going to various known sites....take your pick....sports, news, what not and tell us what icon you see in the bottom right corner of IE at those sites Please.
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Hi Bubba, and thanks for the response.

    I'm sorry - I should have given some particulars - I'm actually running Windows Millineium Edition, with MSIE 6.02.

    Here's what I get when trying some sites:

    ESPN.com or Yahoo.com - I get a fast "flashing" of the page, saying it's loading, but nothing ever loads - it's almost like it's trying to download, at a high rate of speed, numerous items, but it's just a white page. I close out, because it appears it might not be "good". The zone, in the right hand bottom, says "unknown zone". There's no icon or anything.

    Funny enough, if I go to Symantec.com, it loads fine, and no problems.

    Cnn.com, I get the flashing page again - just saying it's opening the page, over and over, with "downloading page" in between the flashes.

    Any ideas?
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    In regards to Symantec....what Zone icon is showing bottom right when visiting that site?

    Also....does CNN show an icon ?

    For future reference the "unknown zone" does not have an icon. What that means is that certain items in the HTML code on that page references sites that are in your Restricted Zone.

    In regards to WinME....there is only one user profile\logon ?

    Before assuming wrongly that this is malware related have you attempted an IE repair ?
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    There is no icon on the bottom right at all, no matter where I go.

    I only have one login user profile also.

    I don't know how to run a repair on MSIE.
  ronjor

    Jul 21, 2003

    Jul 21, 2003
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Hmmm....Ok. Well I am going to ask you to look in your registry at something if you do not mind. Please tell me what numbers you see in the right hand side while looking at the example pic below.

    If you have never been in the registry go to Start button\Run....then type regedit


    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults

  Bill175

    Oct 15, 2005

    Oct 15, 2005
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    In that HKEY, I don't have a directory called "Internet Settings" after "CurrentVersion" - Choices are: Applets, Control Folder, Explorer, GrpConv, Multimedia, Policies, Runonce, Telephony, and ShellNoRoam

    I searched the registry for "Zonemap" and found it under HKEY_Local_Machine

    The numbers match your photo.

    Edit: Just to clarify, and path I found the Protocol Defaults is: HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Just came across this, but is this ok to delete the ENTIRE key like that?...I assume it will be recreated or something?


    Would like your guys opinions before I delete.
  ronjor

    Jul 21, 2003

    Jul 21, 2003
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    I was able to get THAT housetrends to work, and according to it, I don't have a virus, so the only other thing I can assume, is that some of the adware/malware that was on here, that was removed by search and destroy, adaware, etc, altered the browser security settings, and "locked them", before they were removed.

    How can I get those zones back, so I can adjust my settings. My resident Macfee still can't work because activex is locked off, and I still can't use MSIE.
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Hey Bill,

    Unfortuantely I am not that well versed on WinMe and how it handles certain things. What has me scratching my head and Google searching is the fact that you are not seeing a Current_User Internet Settings key. That is IMHO one of the problems and until I can stumble on that info I am personally clueless at the moment. :doubt:

    It is as if all Internet Explorer settings have a policy set somewhere to use the Local_Machine settings but I am almost positive there should still be a Current_User key for Internet Explorer settings. Hopefully a WinMe user will drop by and shed some light on the missing puzzle piece :doubt:

    If you go into Add\Remove programs and select Internet Explorer does it then give you an option to attempt a repair ?
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Yes, I ran the repair and it said it couldn't and to reinstall all components, which I did. It still didn't work. I've run that hijack program and looking through it and comparing some stuff to this forum, there a a couple entries in the log that might be from that URLSEARCHHOOK problem.

    The first entry is this: R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

    The 2nd interesting thing that shows in this log, is this:

    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

    Now, knowing I didn't move this, I don't know how to get it "back" to where it should be - is there some registry repair program or something?
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    That was one of the reasons I asked earlier about the Protocol Defaults key because I had a itchy feeling that would be the case. I made the choice at that time to not ask for a HJT log but to go the other route. What has me scrarching my head is the fact that you said earlier there was no Current_User Internet Settings key which is where HJT should have got that info from :doubt: In case you were not aware....those 015 entries are saying to use MyComputer settings anytime you visit an HTTP site.

    Long story short those 015 entries need to be fixed by HJT which will then place the proper number in respect to the below entries posted above.


    3 means to use the Internet Zone settings unless a site has been placed in the Trusted\Restricted Sites list.

    That in it self is not the end of your story IMHO and I am of the opinion that your issue would be best looked at by those HJT malware remover experts. Unfortunately we no longer provide that service , as per this announcement. Your best bet would be to post a log @ Castle Cops or some of the other Forums mentioned in the above Announcement.
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    OK, I'll post it over there - thanks alot for your help!
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    You are Welcome and Good Luck. Please keep us informed if you do not mind and if you wish to place a link where you posted I'll do what I can to assist further.
  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Thanks - here it is - I'm still stuck :'(


    On a side note, I googled the following phrase and found I'm not the only one that has had this:

    Googled: "O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone"

    But I don't see a solution though, in people that have had the problem!
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Hey Bill,

    While you await further assistance by the good folks at CastleCops would you do a Edit\Find in your registry for all instances of @ivt Please. Make note of what location you find it in only for the locations that are showing a data value of 1....similar to the examples below in bold.


    Also....would you mind exporting the below registry key that is in bold and uploading that file as an attachment to a post in this thread. You will be saving the file with a name you choose. It will make it a .reg file so before you upload it as an attachment change the .reg file extension to .txt Please.

  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Hi Bubba,
    Ok - a search on IVT with a value of 1, was found at:

    My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    CurrentVersion\Internet Settings\Zonemap

    This is the first export I've done from the Registry editor, so I think it's right. See attached.

  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Sorry Bill I did not explain that to well :(

    I used @IVT for ease of search on your part. Along with that find should have been the other entries(http,https,ftp,file). It's the location of those entries where they have a value of 1 that I was attempting to ask for. Sorry I was not clear in my request :doubt:

    As for the Billspolicyfile.txt file you uploaded....it was fine in regards to nothing in there should be causing a problem. Thanks for uploading it.
  GlobalForce

    Jun 30, 2004

    Jun 30, 2004
    Garden State, USA
    Hi Bill175,

    Curious how you were making out over at CC .... is cox.net in fact your ISP (014 entry)? If so, no worries but could somehow be tied into the next item that caught my eye and one you should ask *steamwiz* about .......
    your 017 entry. Mind you I'm no expert and your post is still young, so we shall see.

    Edit: I decided to pull the screenie, no need ... CC's handling it.

  Bill175

    Oct 15, 2005

    Oct 15, 2005
    Hi GF,
    Yes, Cox is my ISP - I'll mention that - thanks.
  Bubba

    Apr 15, 2002

    Apr 15, 2002
    Since the poster above chose to "pull the screenie"....the post that was here is no longer applicable.
