Hijack This - no R0, R1, R2

Greetings all!

I am pressed for time, so forgive me, and let me know what rules I've neglected.

I just had someone submit to me an HT logfile, with no R0, R1 or R2. It begins at R3:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

Next entry starts at O2, and goes to O23. It's a pretty clean log.

Chief complaint is that they can't set a start page in IE. I'm guessing "broken browser" is the culprit, but I've not yet come across a logfile missing the "F" and "N" section.

Any ideas?

memory in motion altogether at the big red Y dot com

 

Well a log would only have an N section if the user had netscape or mozilla installed and only then if there were changes in prefs.js

F entries will only be present if there are autoloading entries in the inifiles

WHat have you suggested doing so far ?

Not being able to set a homepage in IE is often down to security applications like windows defender locking them to prevent malicious changes

 

I've only suggested they run all XP and IE updates so far. I have ascertained that they do NOT run Mozilla or FF, so that takes care of the N and F entries.

They are running ZoneLabs Firewall (free edition, reportedly), but shutting that down doesn't correct the main problem.

I've given up on ZoneAlarm years ago in favor of Sygate and Kerio. Still I've never seen R0 missing.

 

What memory resident AS programs are they running? Some, like Spy Sweeper, can and will bock changes to the home page.