Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

T-Spy.html.Smitfraud progress [RESOLVED]


  • This topic is locked This topic is locked

#16
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi,

Here's the latest HJT post after running PocketKillbox.

Logfile of HijackThis v1.99.1
Scan saved at 3:01:37 PM, on 06/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\AUDIO\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.msnbc.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\\histkill.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Hewlett-Packard Recorder.lnk.disabled
O4 - Startup: HPAiODevice.lnk.disabled
O4 - Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I guess you didn't see my question earlier, what do you mean IE isn't working?

Set your system to SHOW HIDDEN FILES

Then, I need you to try to find this file image.dll

It will most likely be in C:\WINDOWS or C:\WINDOWS\SYSTEM

Let me know if you find it and where.

Edited by bananafanafo, 08 June 2005 - 04:30 PM.

  • 0

#18
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
After that, I need you to go to Start > Settings > Control Panel > Add/Remove programs and remove the following:

BestPopupKiller

It is a rogue/suspect program - there are much better alternatives to this.
  • 0

#19
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I have the show all files option checked...

IE opens, my favorite or bookmarked sites are listed but it does not display anything in the browser window. It is blank-also when I navigate the file menu commands I don't get any responses (e.g. if I click on Internet options, I don't get any option choices, etc.)

I checked C:\Windows\System and I didn't find Image.dll...the only thing close to that was imagehlp.dll

I also checked C:\Windows and didn't find it there either.


I just uninstalled HistoryKill, BestPopupKiller is attached to that program.

Edited by peacemaker05, 08 June 2005 - 04:56 PM.

  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'm not sure about your IE problem, but it sounds like an issue - but I'm not convinced it was caused by malware. So, it may not be something I can help you with. Once your system is clean and if you still have that problem I will have to refer you to another forum.

Download from given link:
-StartDreck
Unzip and run StartDreck.exe
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log.
  • 0

#21
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is the HJT log after uninstalling Historykill and Bestpopupkiller.

Logfile of HijackThis v1.99.1
Scan saved at 3:55:46 PM, on 06/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\AUDIO\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.msnbc.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\\histkill.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Hewlett-Packard Recorder.lnk.disabled
O4 - Startup: HPAiODevice.lnk.disabled
O4 - Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  • 0

#22
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There is nothing malicious in it. Please run and post the Startdreck log from my previous post.

You'll have to reboot before posting another HiJackThis log to make sure BestPopupKiller and HistoryKill are no longer on startup since you removed them.

Edited by bananafanafo, 08 June 2005 - 05:12 PM.

  • 0

#23
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
The link doesn't work...should I download Dotomyco? Nevermind...I found the alternate link instead of the deep link.

Edited by peacemaker05, 08 June 2005 - 05:17 PM.

  • 0

#24
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, do me a favor. Go to Start > Settings > Control Panel

Double-click the "Internet Options" icon and let me know if it opens that way.
  • 0

#25
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi again,

Here's the StarDreck log

StartDreck (build 2.1.7 public stable) - 2005-06-08 @ 18:10:35 (GMT -07:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as . at Z

舞egistry
舞un Keys
翟urrent User
舞un
*BestPopUpKiller=C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
*HistoryKill=C:\Program Files\HistoryKill\\histkill.exe /startup
*ctfmon.exe=ctfmon.exe
舞unOnce
聞efault User
舞un
*BestPopUpKiller=C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
*HistoryKill=C:\Program Files\HistoryKill\\histkill.exe /startup
*ctfmon.exe=ctfmon.exe
舞unOnce
腿ocal Machine
舞un
*ScanRegistry=c:\windows\scanregw.exe /autorun
*SystemTray=SysTray.Exe
*LoadQM=loadqm.exe
*ADUserMon=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
*Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
*Deskup=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
*TPP Auto Loader=C:\WINDOWS\TPPALDR.EXE
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
*SoundMan=soundman.exe
*Logitech Utility=LOGI_MWX.EXE
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*ADService=C:\Program Files\Iomega\AutoDisk\ADService.exe
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
*MDM7="C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
翡rowser Helper Objects (LM)
肇iles
艋ystem/Drivers
舞unning Processes
+FFEFBC6B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFFC57=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFF1C7=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFE02A5F=C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
+FFE073CB=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
+FFE086B3=C:\WINDOWS\EXPLORER.EXE
+FFE13493=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFE13E5F=C:\WINDOWS\LOADQM.EXE
+FFE14E03=C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
+FFE15983=C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
+FFE1A5CF=C:\WINDOWS\TPPALDR.EXE
+FFE1965B=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFE199B3=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFE13697=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFE28E03=C:\WINDOWS\SYSTEM\CTFMON.EXE
+FFE3226F=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFE5F007=C:\WINDOWS\NOTEPAD.EXE
+FFE3B2C7=C:\STARDRECK\STARTDRECK.EXE
翠pplication specific
  • 0

Advertisements


#26
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There isn't anything malicious in the StartDreck log either.

Please reboot your computer, post a new HiJackThis log. Then follow my instructions in post #24, please.
  • 0

#27
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I rebooted, and here's the HJT log... (I'm attempting to do as you asked in #24 right now

Logfile of HijackThis v1.99.1
Scan saved at 9:35:24 PM, on 06/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\AUDIO\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.msnbc.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\pqcywukb.slt\prefs.js)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Hewlett-Packard Recorder.lnk.disabled
O4 - Startup: HPAiODevice.lnk.disabled
O4 - Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  • 0

#28
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your log looks fine.

When did you first notice the problem with IE, I mean did you download/remove a program just prior to that happening?
  • 0

#29
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I did as you asked with the control panel and the Internet Explorer control panel came up...but as I click on the tabs (e.g. Security, etc...I got the following error)

Control Panel
An error occured while Windows was working with the Control Panel file C:\Windows\System\INETCPL.CPL
  • 0

#30
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ah, I see, Your Internet Explorer is messed up for some reason. So we're going to try the system file checker and if this does not work, you will need to uninstall IE 6 and re-install it.

Using the System File Checker on Windows 98 after using it, reboot and let me know how it went.

Guess it would help if I included the link :tazz:

http://support.micro...b/185836/EN-US/

Edited by bananafanafo, 08 June 2005 - 11:02 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP