1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trouble w/operations restrictions

Discussion in 'Earlier Versions of Windows' started by Mtlca401, Jan 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    My moms computer was infected with a worm virus, and I didn't know that she didn't have an Anti virus program on it. So I installed Norton, and ran a complete scan. Nothing major. Well I still am having problems with certain programs like: commandr, Em_exec, agentsvr, explorer Ccregvfy, Msiexec & Iexplore are all performing illegal operations. I deal with those later, the main thing I am worrying about is when I open Internet explorer I get an illegal operation message for Iexplore. Then when I close that I get the message "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator".

    I have searched and all I come up with is when people go to the internet options this message pops up. I am mainly worried about the internet, but if anyone knows anything on the other illegal operations, feel free to tell me.

    Thanks,
     
  2. Del

    Del

    Joined:
    Aug 31, 2001
    Messages:
    3,452
    For the restriction, try this:


    Go to Start > run > regedit

    Now to 'Edit' > Search.

    Search for a value called NoBrowserOptions, and delete that value in the right pane when found.

    Next, press F 3 to search for a possible second entry, and if found, delete that one as well.
     
  3. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    And to help troubleshoot your other problems, please go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

    Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and post the contents here.
     
  4. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    Ok, I'll try that when I get home. One other thing, what does it mean when the computer is telling you that it cannot find a program, but the program it's trying to find has characters in the name that I have never seen before. Like one character looks like a AA battery, another one is a cents symbol(not a dollar sign). They were set to load when the computers starts so I turned them off.
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    That explanation doesn't really help us very much, I'm afraid.

    Let's first have a look at your Startuplist log. That may lead us to the culprit.
     
  6. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    Yeah I didn't really think it would help you too much, but I was just wondering if anyone saw any weird characters like that before. I post my startuplist in a couple of hours.
     
  7. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    ok I'm back, here is what I got for the startup list.

    StartupList report, 1/20/03, 6:22:44 PM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    D:\NORTON\NISUM.EXE
    D:\NORTON\CCPXYSVC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\WINDOWS\REGEDIT.EXE
    E:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Norton Internet Security.lnk = D:\Norton\IntroWiz.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    Browser Launcher = C:\PROGRA~1\LOGITECH\KEYCOM~1\Commandr.EXE /HIDDEN
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    BootWarn = D:\Norton Anti Virus\BootWarn.exe /a
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    Nisum = D:\Norton\NISUM.EXE
    ccPxySvc = D:\NORTON\CCPXYSVC.EXE
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 19/1/2003, 17:38:4)

    [rename]
    DIRNUL=C:\WINDOWS\system\precopy
    [NUL]
    C:\WINDOWS\SYSTEM\DCOMREG.EXE=1

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    Yahoo! Companion BHO - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL - {13F537F0-AF09-11d6-9029-0002B31F9E59}
    NAV Helper - D:\Norton Anti Virus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Windows Critical Update Notification.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [WildTangent Control]
    InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
    CODEBASE = http://www.wildtangent.com/install/wdriver/arcadegames/fallingstars/wtinst.cab

    [{A45F39DC-3608-4237-8F0E-139F1BC49464}]
    CODEBASE = http://www.exittraffic.net/nocreditcard/freeviewer.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37614.0203819444

    --------------------------------------------------
    End of report, 5,216 bytes
    Report generated in 0.503 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    I know that's alot, sorry.


    But about the internet explorer problem, I searched the regedit for NobrowserOptions and nothing came up. But When I go into Kazaa, I can search the internet that way. I just dont have all the functions. Do you think that I can just reinstall internet explorer?
     
  8. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    anybody?

    This is what you wanted me to post up right?
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Oops, I'm afraid I forgot all about this thread. Sorry about that.

    Yup, that's the list, but it looks relatively clean.

    You do have a few "bad" items in your Downloaded Program Files that need to be removed.
    Go to Internet Options > Temp Internet Files > Settings, and press 'show objects'.

    Delete the following three ActiveX objects:


    [WildTangent Control]
    InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
    CODEBASE = http://www.wildtangent.com/install/...tars/wtinst.cab

    [{A45F39DC-3608-4237-8F0E-139F1BC49464}]
    CODEBASE = http://www.exittraffic.net/nocreditcard/freeviewer.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    I'm also interested in the exact text of your illegal operation message

    Could you cause that to happen, and then click the "details"" button.

    What exactly does it say there?
     
  10. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    Alright! That's ok, my mom was bugging me about getting it fixed. Looks like you have been doing this for a while, I have no idea what I am reading their. I'll try this when I get home though, and post the details about the illegal operations.


    Thanks
     
  11. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    Here are a list of the details for the illegal operations.

    First that pops up: COMMANDR

    COMMANDR caused an invalid page fault in
    module KERNEL32.DLL at 018f:bff83ba0.
    Registers:
    EAX=004835b8 CS=018f EIP=bff83ba0 EFLGS=00010206
    EBX=0047a000 SS=0197 ESP=82b72e84 EBP=82b72f14
    ECX=00400000 DS=0197 ESI=004835ba FS=38ff
    EDX=0047a03c ES=0197 EDI=00000000 GS=0000
    Bytes at CS:EIP:
    0f b7 00 56 50 ff 75 e0 e8 19 8c ff ff 33 d2 85
    Stack dump:
    81781f5c 81781f70 0000000e 00000000 00000000
    00000000 00000000 00000000 00000000 00000000
    00000000 00000000 00000000 bfe81644 81781fb4
    81781f78

    Second one: EM_EXEC

    EM_EXEC caused an invalid page fault in
    module KERNEL32.DLL at 018f:bff83ba0.
    Registers:
    EAX=0040f5b6 CS=018f EIP=bff83ba0 EFLGS=00010202
    EBX=0040a000 SS=0197 ESP=82a85e84 EBP=82a85f14
    ECX=00400000 DS=0197 ESI=0040f5b8 FS=3907
    EDX=0040a014 ES=0197 EDI=00000000 GS=0000
    Bytes at CS:EIP:
    0f b7 00 56 50 ff 75 e0 e8 19 8c ff ff 33 d2 85
    Stack dump:
    8174e82c 8174e840 00000008 00000000 00000000
    00000000 00000000 00000000 00000000 00000000
    00000000 00000000 00000000 10001100 8175fe38
    8174e848

    Those are the only two that pop up when windows starts.

    This one pops up when I try to open Internet explorer: Iexplore

    IEXPLORE caused an invalid page fault in
    module KERNEL32.DLL at 018f:bff83ba0.
    Registers:
    EAX=004195ba CS=018f EIP=bff83ba0 EFLGS=00010202
    EBX=00401fec SS=0197 ESP=83d39e84 EBP=83d39f14
    ECX=00400000 DS=0197 ESI=004195bc FS=4f5f
    EDX=00402000 ES=0197 EDI=00000000 GS=0000
    Bytes at CS:EIP:
    0f b7 00 56 50 ff 75 e0 e8 19 8c ff ff 33 d2 85
    Stack dump:
    817d4224 817d4238 00000005 00000000 00000000
    00000000 00000000 00000000 00000000 00000000
    00000000 00000000 00000000 bff510d0 817cabcc
    817d4240


    I don't know if this would help, but I can get on the internet. If I right click the Internet explorer icon and go to explore in the sub-menu it brings me to the internet.

    All of the other illegal operations either went away or I'm just not hitting the right things to get them to open.
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Here's how to get rid of your first two error messages:

    Go to Start > Run, and type Msconfig.

    On the Startup tab, uncheck the following two items. They're dispensable.

    Browser Launcher = C:\PROGRA~1\LOGITECH\KEYCOM~1\Commandr.EXE /HIDDEN
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    Click OK, close Msconfig, and reboot.
     
  13. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21
    Ok! those are fixed, now all I have is the internet explorer problem.
     
  14. Del

    Del

    Joined:
    Aug 31, 2001
    Messages:
    3,452
    Did you try running the repair on IE or the fix for Restrictions I told you about?
     
  15. Mtlca401

    Mtlca401 Thread Starter

    Joined:
    Jan 19, 2003
    Messages:
    21

    What repair, you told me to go to regedit and delete no browser options. I did that but couldn't find anything.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114217

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice