 |  |  |  |  |  |  |  |
Please help: Going Doolally
 |
Hi There,
Lovely forum here :-) You guys may be able to help me. Have encountered a few problems recently - the main one is that when I am surfing the net I keep getting Internet Explorer Script Errors.
It tells me an error has occured on sites that I am not even looking at!
These pop up at throughout the day and are driving me potty!
Have run Norton, Adaware, Spybot S + D and now Hijackthis.
Is there anything happening here which shouldn't be?
Logfile of HijackThis v1.98.2
Scan saved at 02:16:56, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINNT\system32\notepad.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
I also stopped using btopenworld a while ago so I am not sure what it is doing still hanging around my computer.
ms lakitu
Lovely forum here :-) You guys may be able to help me. Have encountered a few problems recently - the main one is that when I am surfing the net I keep getting Internet Explorer Script Errors.
It tells me an error has occured on sites that I am not even looking at!
These pop up at throughout the day and are driving me potty!
Have run Norton, Adaware, Spybot S + D and now Hijackthis.
Is there anything happening here which shouldn't be?
Logfile of HijackThis v1.98.2
Scan saved at 02:16:56, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINNT\system32\notepad.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
I also stopped using btopenworld a while ago so I am not sure what it is doing still hanging around my computer.
ms lakitu
For your 'script error' try this: With IE open, click on Tools, click on Internet Options, and then click on the Advanced tab. You should see a heading that says Browsing, and under that, one that says Disable script debugging. If there is not a checkmark at this, put one there.
For your HJT, close all windows, scan with hjt, and have it fix the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
This will just clean up your log a bit. Post another log as I'm sure there are more things that should be addressed by one of the pro's. When you post the new log, include whether or not you still get the script error.
For your HJT, close all windows, scan with hjt, and have it fix the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
This will just clean up your log a bit. Post another log as I'm sure there are more things that should be addressed by one of the pro's. When you post the new log, include whether or not you still get the script error.
Hey There, thanks for the reply.
Still getting the script errors
I did try ticking and un ticking script debugging but it did not seam to fix it as the Error box popped up again a few moments ago.
My Hijackthis log now looks something like:
Logfile of HijackThis v1.98.2
Scan saved at 18:17:48, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\hijack this\hijackthis\HijackThis.exe
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Still getting the script errors
I did try ticking and un ticking script debugging but it did not seam to fix it as the Error box popped up again a few moments ago.
My Hijackthis log now looks something like:
Logfile of HijackThis v1.98.2
Scan saved at 18:17:48, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\hijack this\hijackthis\HijackThis.exe
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Hi Can anyone help with the above? I am still having problems getting Internet Explorer Script problems popping up still.
Its getting to be pretty annoying and I also seam to have developed Active X problems on one of my drives.
Somethings definitely going on here :-(
ms lakitu
Its getting to be pretty annoying and I also seam to have developed Active X problems on one of my drives.
Somethings definitely going on here :-(
ms lakitu
Hi, since you hadn't posted in awhile I thought you got the problems fixed. I can only think of one other thing for you to try right now, hopefully someone will check your HJT and see if there's something there.
Get sysclean from here:
http://www.trendmicro.com/download/dcs.asp
For the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package. This file can be found in the Update Center on the left side, at the bottom of the list. Allow it to clean up any bad files it finds; it may take awhile.
After that, make sure all browser windows are closed, scan with HJT, and post a new log.
Get sysclean from here:
http://www.trendmicro.com/download/dcs.asp
For the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package. This file can be found in the Update Center on the left side, at the bottom of the list. Allow it to clean up any bad files it finds; it may take awhile.
After that, make sure all browser windows are closed, scan with HJT, and post a new log.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Thanks dlh6213, I will give this a go. Whatever I have got is pretty darn annoying and a pain to remove 
I tried the above and still no joy :-( I keep getting errors when I try to open any files or folders on my drives and when I try to open Norton:
Microsoft Internet Explorer
Your current security settings prohibit running Active X controls on this page,
As a resullt, the page may not display correctly.
I am stumped!
I took another HJT sample:
Logfile of HijackThis v1.98.2
Scan saved at 00:56:25, on 10/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MS IE
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Microsoft Internet Explorer
Your current security settings prohibit running Active X controls on this page,
As a resullt, the page may not display correctly.
I am stumped!
I took another HJT sample:
Logfile of HijackThis v1.98.2
Scan saved at 00:56:25, on 10/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MS IE
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
This is how I have my ActiveX settings; use this as a guide to set your own to see if it helps any:
To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level button (near the bottom). Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. Keep in mind that if you Enable all the options, you are leaving your system open to unwanted intrusions.
Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable
The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually you don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.
Anyone have any advice on the HJT log? (Or other suggestions for the script and activex errors)
To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level button (near the bottom). Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. Keep in mind that if you Enable all the options, you are leaving your system open to unwanted intrusions.
Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable
The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually you don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.
Anyone have any advice on the HJT log? (Or other suggestions for the script and activex errors)
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Thanks DLH, My Interenet Explorer Active X security settings matched yours above.
I seam to be have 3 problems.
1. MS IS Active X script errors when browsing local files and folders.
2. Internet Explorer script errors - something seams to be trying to access other sites I am not looking at.
3. Casino pop up that keeps appearing.
I have scanned with a number of tools in safe mode and normal, connected and disconnected to the web.
yours frustratingly!!
Ms Lakitu
I seam to be have 3 problems.
1. MS IS Active X script errors when browsing local files and folders.
2. Internet Explorer script errors - something seams to be trying to access other sites I am not looking at.
3. Casino pop up that keeps appearing.
I have scanned with a number of tools in safe mode and normal, connected and disconnected to the web.
yours frustratingly!!
Ms Lakitu
I don't see anything bad in your log and since no one else has responded I'm guessing they don't either. This may not be malware related, perhaps if you post a thread in the Windows XP forum someone there will have some ideas. You might want to include a link to this thread as well. Sorry.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: IE side sreach bar won't go away. Tried many things
- Next Thread: Crunchie, here you go
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses volume war warning windows worm yahoo zeroday
