0

Hi There,

Lovely forum here :-) You guys may be able to help me. Have encountered a few problems recently - the main one is that when I am surfing the net I keep getting Internet Explorer Script Errors.

It tells me an error has occured on sites that I am not even looking at!

These pop up at throughout the day and are driving me potty!

Have run Norton, Adaware, Spybot S + D and now Hijackthis.

Is there anything happening here which shouldn't be?

Logfile of HijackThis v1.98.2
Scan saved at 02:16:56, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINNT\system32\notepad.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\hijack this\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

I also stopped using btopenworld a while ago so I am not sure what it is doing still hanging around my computer.

ms lakitu

3
Contributors
17
Replies
18
Views
13 Years
Discussion Span
Last Post by lakitu
0

For your 'script error' try this: With IE open, click on Tools, click on Internet Options, and then click on the Advanced tab. You should see a heading that says Browsing, and under that, one that says Disable script debugging. If there is not a checkmark at this, put one there.

For your HJT, close all windows, scan with hjt, and have it fix the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O9 - Extra button: Help - {1EDF7E86-71C9-4A9C-BD7A-36BE465AEAFF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

This will just clean up your log a bit. Post another log as I'm sure there are more things that should be addressed by one of the pro's. When you post the new log, include whether or not you still get the script error.

0

Hey There, thanks for the reply.

Still getting the script errors :(

I did try ticking and un ticking script debugging but it did not seam to fix it as the Error box popped up again a few moments ago.

My Hijackthis log now looks something like:

Logfile of HijackThis v1.98.2
Scan saved at 18:17:48, on 10/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\hijack this\hijackthis\HijackThis.exe
F:\WINNT\system32\NOTEPAD.EXE
F:\WINNT\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Openworld
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra button: BT - {43184559-3FF9-4EBC-9DA9-D40766804505} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {DD6CC004-A67A-4181-9011-54EE445A5D2E} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

0

Hi Can anyone help with the above? I am still having problems getting Internet Explorer Script problems popping up still.

Its getting to be pretty annoying and I also seam to have developed Active X problems on one of my drives.

Somethings definitely going on here :-(

ms lakitu

0

Hi, since you hadn't posted in awhile I thought you got the problems fixed. I can only think of one other thing for you to try right now, hopefully someone will check your HJT and see if there's something there.

Get sysclean from here:
http://www.trendmicro.com/download/dcs.asp
For the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package. This file can be found in the Update Center on the left side, at the bottom of the list. Allow it to clean up any bad files it finds; it may take awhile.

After that, make sure all browser windows are closed, scan with HJT, and post a new log.

0

Thanks dlh6213, I will give this a go. Whatever I have got is pretty darn annoying and a pain to remove :sad:

0

I tried the above and still no joy :-( I keep getting errors when I try to open any files or folders on my drives and when I try to open Norton:

Microsoft Internet Explorer

Your current security settings prohibit running Active X controls on this page,
As a resullt, the page may not display correctly.

I am stumped!

I took another HJT sample:

Logfile of HijackThis v1.98.2
Scan saved at 00:56:25, on 10/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINNT\sysinfo.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\hijack this\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MS IE
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - F:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

0

This is how I have my ActiveX settings; use this as a guide to set your own to see if it helps any:

To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level button (near the bottom). Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. Keep in mind that if you Enable all the options, you are leaving your system open to unwanted intrusions.

Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually you don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

Anyone have any advice on the HJT log? (Or other suggestions for the script and activex errors)

0

Thanks DLH, My Interenet Explorer Active X security settings matched yours above.

I seam to be have 3 problems.

1. MS IS Active X script errors when browsing local files and folders.

2. Internet Explorer script errors - something seams to be trying to access other sites I am not looking at.

3. Casino pop up that keeps appearing.

I have scanned with a number of tools in safe mode and normal, connected and disconnected to the web.

yours frustratingly!!

Ms Lakitu

0

I don't see anything bad in your log and since no one else has responded I'm guessing they don't either. This may not be malware related, perhaps if you post a thread in the Windows XP forum someone there will have some ideas. You might want to include a link to this thread as well. Sorry.

0

The popup you're getting makes it apparent you have adware on your system, but I can't help you get rid of it. This is not a solution, but it should at least prevent the popups: try a browser other then Internet Explorer, like Firefox or Opera. Note: you will still need to keep IE in order to get Windows Updates and to access certain other sites.

For your other problems, a refresh install of Windows may resolve them.

(Suggestions compliments of Catweazle)

0

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [ExplorerTask] F:\WINNT\ServicePackFiles\i386\explorer.exe
O4 - HKLM\..\Run: [sysinfo] F:\WINNT\sysinfo.exe

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

F:\WINNT\ServicePackFiles\i386\explorer.exe-file Not the legitimate file in C:\WINNT\Driver Cache\i386
F:\WINNT\sysinfo.exe-file

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.

0

Thanks Crunchie and DLH, I will give the above a go.

As a short term fix I managed to stop some of the pop ups by adding offending sites my hosts file.

I also managed to stop the active x script errors by changing the security settings on my local intranet.

Its not clean yet but definitely some progress :-)

0

HJT log file now looking like:

Logfile of HijackThis v1.98.2
Scan saved at 02:33:56, on 10/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\WINNT\system32\crypserv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\WINNT\system32\RunDll32.exe
F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
F:\WINNT\system32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\hijack this\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MS IE
F2 - REG:system.ini: UserInit=F:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] F:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "F:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - F:\WINNT\al-popup-administrator.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - F:\WINNT\al-popup-administrator.html (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

0

Just fix these two and your log looks good.

O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

0

Thanks crunchie - seams to be running ok now :)

I am still having problems with Active x Script errors on one of my drives :( - Thought i had sorted this but must have been mistaken.

0

The active x script errors occur when I am browsing my c: drive which is all storage, or when I try and open Norton from my icon tray which is located on my system drive (f:).

hmmm this is driving me nuts

0

ok I have narrowed down the problem, I think.

The ActiveX script errors seem to be occurring when i try and open any MP3 files through Windows Explorer. Interestingly not .ogg files. MP3 seem to be the only files that initiate this error :(

At a guess I think or hope there is some way of editing the activex controls from the registry?

The Error message recieved is:

Your current security settings prohibit ActiveX controls on this page.
As a results the page may not display correctly.

I did dl and install updated Activex from MS - which is when the problem started!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.