IE Script errors all the time!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
I am having major problems with something that seems to have messed up my Windosx XP setup. I cannot access the help/support centre, or look at services or user accounts. When ever I try running these I get a window that says there is a an Internet explorer Script error on this page, do I want o continue to run scripts yes or no. It is impossible to get rid of this and only by stopping the process in task manager can I go any further. I even get the same when I try to look at the version of IE.

Can anybody please help??
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya and welcome

Is this the Home or Pro edition of XP? Also, you mention the XP setup. Is this a fresh install or reinstall? Lets see if the Messenger is running (not MSN).

Go to Control Panel | Administrative Tools | Services. Scroll down, and look for Messenger. Is it disabled?

Also, try this as well: Control Panel | Internet Options. Advanced tab. Under Browsing, tick Disable Script Debugging (Internet Explorer and Other), apply and OK.

If you still get the same problem, lets take a look at a HT Log. go to http://www.thespykiller.co.uk/files/hijackthis_sfx.exe , and download 'Hijack This!'.
Doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.

Regards

eddie
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
I have already disabled Script debugging as you suggested, I have run Hijack this and here is the log. Thanks for the encouraging words. I am beginning to think I may have to to a re-install of windows to repair missing or corrupted files, but i will wait to here from you.

Thanks
Logfile of HijackThis v1.99.1
Scan saved at 18:58:57, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NapsterShell] G:\Rachel's Documents\My Music\napster.exe /systray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [clockfive] C:\DOCUME~1\Andrew\APPLIC~1\PILEEQ~1\Warnbindiso.exe
O4 - HKCU\..\Run: [HobbitSetup.exe] C:\DOCUME~1\Andrew\Desktop\HOBBIT~1.EXE /r
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: RC.exe.lnk = C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
O4 - Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://curlz19.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154872316937
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C01D004-67AE-4C8F-AFDF-63F5E7ACC8BB}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I was asked to look at your log and see if I could help.

First download:

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Do NOT run it yet- we will later....

When you are trying to do anything, such as run a script you will need to give it permission from whatever is protecting the system against what it thinks are possible malicious scripts.

Also easier to disable temporarily some things.


http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

Disable SpyBot's Tea Timer:
Spybot S&D (Teatimer)
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.


Windows Defender
Click on "Tools"
Click on "General Settings"
Scroll down to "Real-time protection options"
Uncheck "Turn on Real-time protection (recommended)"
Click "Save".


If you have restarted, check that Defender is turned off. Leave it off.


First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it

Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with new hijackthis log


Also, do this and put it in your reply too:


Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
I did as you suggested with Defender and SpyBot TeaTimer and then ran NoLop - this gave no infections.

here is the log from Hijackthis Uninstall list
AC3Filter (remove only)
ACTIVflipchart Viewer
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Algolab Photo Vector v. 1.98.61
AlgoLab R2V Conversion Toolkit 2.97.36
AMP Font Viewer
AnyDVD
Apex Movie Converter 3.1
Aplus Video To Pocket PC Converter 4.52
Artoonix 1.4
ASAP Utilities
Avira AntiVir PersonalEdition Classic
Beauty Wizard
Blaze Media Pro
Canon i865
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
CloneDVD2
CloneDVDmobile
Cosmic Stacker
DebugMode Wink
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-link AirPlus G DWL-G120 Wireless USB Adapter
Download Plugin for Mozilla, Opera, Netscape
DVB-T USB 2.0
DVD Shrink 3.2
DVD Solution
Economatics Logicator 2004
ElcomSoft Password Recovery Studio 2006
EphPod
Flash Movie Player 1.4
Flash Slideshow Maker 2.40
FLV Player 1.3.3
Free&Easy Font Viewer 1.2
GIMPshop .1 beta
GoldWave v5.08
Google Earth
Google SketchUp
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.8.18-1 runtime environment
HiDownload
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
jv16 PowerTools 1.3
Macromedia Studio MX 2004 1.0
Mediator 7.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Reader for Pocket PC
Microsoft Student Graphing Calculator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Media Video 9 VCM
MindManager Smart 2.1
Mobipocket Reader 5.2
Mozilla Firefox (2.0.0.1)
Mp3 To All Converter V1.37.1
MPEG Video Wizard
MPEG Video Wizard DVD
MSN Music Mediabar
MSWLogo
MSXML 4.0 SP2 (KB927978)
MWSnap 3
My DSC
Nero 7 Demo
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Windows 2000/XP nForce Drivers
oggcodecs 0.71.0946
OpenOffice.org 2.1
Opera 9.10
Orange Search Toolbar
Passware Kit 5.5
Photodex Presenter
Pocket DVD Wizard
pocketWinc
Podium
PowerArchiver 2006 v9.64
PowerDVD
PowerProducer
ProShow Gold
Qimage
Question Tools NetSeries 3.0
Question Tools SimpleSet, Editor & Exam 3.0
QuickTime
Read in Microsoft Reader Add-in for Microsoft Word
RealPlayer
Recovery
Resco Explorer
Revelation Natural Art 1.5.0.23
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Save Flash 3.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Serif DrawPlus 7.0
Serif PhotoPlus 8.0
Shockwave
SolidConverterGX
Sony USB Driver
Sothink SWF Decompiler
Spybot - Search & Destroy 1.4
StyleTap® Platform version 1.0.001
Sygate Personal Firewall Pro
SysExporter
The GIMP 2.2.12
TMPGEnc 4.0 XPress Trial Version
Tweak UI
Ultra MPEG to DVD Burner 1.6.2
Ultra Video Converter 1.6.8
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Helper
VideoLAN VLC media player 0.8.6
ViewPoint 1.04
VMware Server
Vodafone 804SS USB driver Software
WiFiFoFum
Winamp (remove only)
Window Washer
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
WinZip
Xara X1
Xara Xtreme Pro
XML Notepad 2007
XP Codec Pack
Xvid 1.1.2 final uninstall



Thanks again
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, If you wouldn't mind could I see the NoLop results...

Post the contents of C:\NoLop.log

Post a new Hijackthis log.
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
Sorry about that here is the log
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Andrew\Desktop
[31/01/2007]
[21:12:58]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Activ Software
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Antivir Personaledition Classic
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Driving Test Success
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Question Tools
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Soliddocuments
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vmware
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\{0727b42b-1697-465f-8cdc-53a1ea7110eb}
C:\Documents and Settings\Andrew\Application Data\Adobe
C:\Documents and Settings\Andrew\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Ahead
C:\Documents and Settings\Andrew\Application Data\Alien Skin
C:\Documents and Settings\Andrew\Application Data\Apple Computer
C:\Documents and Settings\Andrew\Application Data\Cyberlink
C:\Documents and Settings\Andrew\Application Data\Divx
C:\Documents and Settings\Andrew\Application Data\Elaborate Bytes
C:\Documents and Settings\Andrew\Application Data\Getrighttogo -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Google
C:\Documents and Settings\Andrew\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Identities
C:\Documents and Settings\Andrew\Application Data\Intertrust
C:\Documents and Settings\Andrew\Application Data\Ipodder
C:\Documents and Settings\Andrew\Application Data\Macromedia
C:\Documents and Settings\Andrew\Application Data\Media Player Classic
C:\Documents and Settings\Andrew\Application Data\Microsoft
C:\Documents and Settings\Andrew\Application Data\Mobipocket
C:\Documents and Settings\Andrew\Application Data\Mozilla
C:\Documents and Settings\Andrew\Application Data\Netscape
C:\Documents and Settings\Andrew\Application Data\Openoffice.org2
C:\Documents and Settings\Andrew\Application Data\Opera
C:\Documents and Settings\Andrew\Application Data\Pc Tools
C:\Documents and Settings\Andrew\Application Data\Pegasys Inc
C:\Documents and Settings\Andrew\Application Data\Pile Eq User -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Question Tools
C:\Documents and Settings\Andrew\Application Data\Real
C:\Documents and Settings\Andrew\Application Data\Serif
C:\Documents and Settings\Andrew\Application Data\Seven Zip
C:\Documents and Settings\Andrew\Application Data\Slysoft
C:\Documents and Settings\Andrew\Application Data\Soliddocuments
C:\Documents and Settings\Andrew\Application Data\Sun
C:\Documents and Settings\Andrew\Application Data\Talkback
C:\Documents and Settings\Andrew\Application Data\Vlc
C:\Documents and Settings\Andrew\Application Data\Vmware
C:\Documents and Settings\Andrew\Application Data\Webroot
C:\Documents and Settings\Cathers\Application Data\Adobe
C:\Documents and Settings\Cathers\Application Data\Cyberlink
C:\Documents and Settings\Cathers\Application Data\Divx
C:\Documents and Settings\Cathers\Application Data\Google
C:\Documents and Settings\Cathers\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Cathers\Application Data\Identities
C:\Documents and Settings\Cathers\Application Data\Macromedia
C:\Documents and Settings\Cathers\Application Data\Media Player Classic
C:\Documents and Settings\Cathers\Application Data\Microsoft
C:\Documents and Settings\Cathers\Application Data\Mozilla
C:\Documents and Settings\Cathers\Application Data\Pc Tools
C:\Documents and Settings\Cathers\Application Data\Pegasys Inc
C:\Documents and Settings\Cathers\Application Data\Real
C:\Documents and Settings\Cathers\Application Data\Slysoft
C:\Documents and Settings\Cathers\Application Data\Talkback
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Lynda\Application Data\Adobe
C:\Documents and Settings\Lynda\Application Data\Google
C:\Documents and Settings\Lynda\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lynda\Application Data\Identities
C:\Documents and Settings\Lynda\Application Data\Macromedia
C:\Documents and Settings\Lynda\Application Data\Microsoft
C:\Documents and Settings\Lynda\Application Data\Mozilla
C:\Documents and Settings\Lynda\Application Data\Pc Tools
C:\Documents and Settings\Lynda\Application Data\Real
C:\Documents and Settings\Lynda\Application Data\Serif
C:\Documents and Settings\Lynda\Application Data\Slysoft
C:\Documents and Settings\Lynda\Application Data\Sun
C:\Documents and Settings\Lynda\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Rachel\Application Data\Adobe
C:\Documents and Settings\Rachel\Application Data\Apple Computer
C:\Documents and Settings\Rachel\Application Data\Divx
C:\Documents and Settings\Rachel\Application Data\Google
C:\Documents and Settings\Rachel\Application Data\Identities
C:\Documents and Settings\Rachel\Application Data\Macromedia
C:\Documents and Settings\Rachel\Application Data\Microsoft
C:\Documents and Settings\Rachel\Application Data\Mozilla
C:\Documents and Settings\Rachel\Application Data\Real
C:\Documents and Settings\Rachel\Application Data\Roxio
C:\Documents and Settings\Rachel\Application Data\Samsung
C:\Documents and Settings\Rachel\Application Data\Sun
C:\Documents and Settings\Rachel\Application Data\Talkback
C:\Documents and Settings\Rachel\Application Data\Vmware
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Looked like a LOP item here: Do not remove anything, apparently it is OK

But> is this a new log, or is it the original, first time log?

C:\Documents and Settings\Andrew\Application Data\Pile Eq User

O4 - HKCU\..\Run: [clockfive] C:\DOCUME~1\Andrew\APPLIC~1\PILEEQ~1\Warnbindiso.exe

Those sure look like LOP.

C:\Documents and Settings\All Users\Application Data\Question Tools

Do you know what these are from?
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
The Question Tools folder comes from a piece of software used to create interactive question/e-learning activities I use with students in school. It has been there for a long time and is also present on my Laoptop. The other one I do not recognise. I am just running a full scan using AVG antispyware which is about haly way through and has picked up 10 possible problems, I will carry on with this in the meantime!

Regards
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
Is it possible to be able to use Restore information (in C:\System Volume Information\) to be able to do a system restore even though I cannot actualy run the System Restore process as it is at present?
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
Here is the original NoLop Log

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Andrew\Desktop
[31/01/2007]
[20:57:34]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Activ Software
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Antivir Personaledition Classic
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Driving Test Success
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Question Tools
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Soliddocuments
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vmware
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\{0727b42b-1697-465f-8cdc-53a1ea7110eb}
C:\Documents and Settings\Andrew\Application Data\Adobe
C:\Documents and Settings\Andrew\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Ahead
C:\Documents and Settings\Andrew\Application Data\Alien Skin
C:\Documents and Settings\Andrew\Application Data\Apple Computer
C:\Documents and Settings\Andrew\Application Data\Cyberlink
C:\Documents and Settings\Andrew\Application Data\Divx
C:\Documents and Settings\Andrew\Application Data\Elaborate Bytes
C:\Documents and Settings\Andrew\Application Data\Getrighttogo -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Google
C:\Documents and Settings\Andrew\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Identities
C:\Documents and Settings\Andrew\Application Data\Intertrust
C:\Documents and Settings\Andrew\Application Data\Ipodder
C:\Documents and Settings\Andrew\Application Data\Macromedia
C:\Documents and Settings\Andrew\Application Data\Media Player Classic
C:\Documents and Settings\Andrew\Application Data\Microsoft
C:\Documents and Settings\Andrew\Application Data\Mobipocket
C:\Documents and Settings\Andrew\Application Data\Mozilla
C:\Documents and Settings\Andrew\Application Data\Netscape
C:\Documents and Settings\Andrew\Application Data\Openoffice.org2
C:\Documents and Settings\Andrew\Application Data\Opera
C:\Documents and Settings\Andrew\Application Data\Pc Tools
C:\Documents and Settings\Andrew\Application Data\Pegasys Inc
C:\Documents and Settings\Andrew\Application Data\Pile Eq User -- EMPTY Directory
C:\Documents and Settings\Andrew\Application Data\Question Tools
C:\Documents and Settings\Andrew\Application Data\Real
C:\Documents and Settings\Andrew\Application Data\Serif
C:\Documents and Settings\Andrew\Application Data\Seven Zip
C:\Documents and Settings\Andrew\Application Data\Slysoft
C:\Documents and Settings\Andrew\Application Data\Soliddocuments
C:\Documents and Settings\Andrew\Application Data\Sun
C:\Documents and Settings\Andrew\Application Data\Talkback
C:\Documents and Settings\Andrew\Application Data\Vlc
C:\Documents and Settings\Andrew\Application Data\Vmware
C:\Documents and Settings\Andrew\Application Data\Webroot
C:\Documents and Settings\Cathers\Application Data\Adobe
C:\Documents and Settings\Cathers\Application Data\Cyberlink
C:\Documents and Settings\Cathers\Application Data\Divx
C:\Documents and Settings\Cathers\Application Data\Google
C:\Documents and Settings\Cathers\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Cathers\Application Data\Identities
C:\Documents and Settings\Cathers\Application Data\Macromedia
C:\Documents and Settings\Cathers\Application Data\Media Player Classic
C:\Documents and Settings\Cathers\Application Data\Microsoft
C:\Documents and Settings\Cathers\Application Data\Mozilla
C:\Documents and Settings\Cathers\Application Data\Pc Tools
C:\Documents and Settings\Cathers\Application Data\Pegasys Inc
C:\Documents and Settings\Cathers\Application Data\Real
C:\Documents and Settings\Cathers\Application Data\Slysoft
C:\Documents and Settings\Cathers\Application Data\Talkback
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Lynda\Application Data\Adobe
C:\Documents and Settings\Lynda\Application Data\Google
C:\Documents and Settings\Lynda\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lynda\Application Data\Identities
C:\Documents and Settings\Lynda\Application Data\Macromedia
C:\Documents and Settings\Lynda\Application Data\Microsoft
C:\Documents and Settings\Lynda\Application Data\Mozilla
C:\Documents and Settings\Lynda\Application Data\Pc Tools
C:\Documents and Settings\Lynda\Application Data\Real
C:\Documents and Settings\Lynda\Application Data\Serif
C:\Documents and Settings\Lynda\Application Data\Slysoft
C:\Documents and Settings\Lynda\Application Data\Sun
C:\Documents and Settings\Lynda\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Rachel\Application Data\Adobe
C:\Documents and Settings\Rachel\Application Data\Apple Computer
C:\Documents and Settings\Rachel\Application Data\Divx
C:\Documents and Settings\Rachel\Application Data\Google
C:\Documents and Settings\Rachel\Application Data\Identities
C:\Documents and Settings\Rachel\Application Data\Macromedia
C:\Documents and Settings\Rachel\Application Data\Microsoft
C:\Documents and Settings\Rachel\Application Data\Mozilla
C:\Documents and Settings\Rachel\Application Data\Real
C:\Documents and Settings\Rachel\Application Data\Roxio
C:\Documents and Settings\Rachel\Application Data\Samsung
C:\Documents and Settings\Rachel\Application Data\Sun
C:\Documents and Settings\Rachel\Application Data\Talkback
C:\Documents and Settings\Rachel\Application Data\Vmware
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, The suspicious ones posted seem to be LOP have a look here:

http://209.85.165.104/search?q=cach...0018+Run:+[clockfive&hl=en&gl=us&ct=clnk&cd=1


Run Hijackthis again, have ALL OTHER browser, or email etc windows CLOSED when you fix things with HJT>> put check next to this in your scan, and click "Fix Checked"


O4 - HKCU\..\Run: [clockfive] C:\DOCUME~1\Andrew\APPLIC~1\PILEEQ~1\Warnbindiso.exe


Because XP will not always show you hidden files and folders by default, Go to Start > Search>Files and Folders>> and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"



In Windows Explorer, find and delete:
C:\DOCUME~1\Andrew\APPLIC~1\Pile Eq User\Warnbindiso.exe <<This file

It may not be there...it's OK, continue below: For LOP you have to delete all folders,also even if they show empty....


C:\Documents and Settings\Andrew\Application Data\Pile Eq User<<Then this folder.
 

abhhba

Thread Starter
Joined
Jan 29, 2007
Messages
8
Unfortunately I have tried it in Safe mode, bu the same script error stops me from accessing the command in windows at least.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top