1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: What is this evidence of?

Discussion in 'Virus & Other Malware Removal' started by aarhus2004, Nov 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    Hello,

    In WinME.

    Outlook Express has never looked like this (GIF). Have I found a nice nasty? Has it been updated since last I last downloaded those updates for it and now has these coloured icons?

    Should I worry?

    Thanks.

    Ben.:eek:
     

    Attached Files:

  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,489
    I would go with options a and c.

    Please do this:

    · Click here to download HJTsetup.exe
    · Save HJTsetup.exe to your desktop.
    · Doubleclick on the HJTsetup.exe icon on your desktop.
    · By default it will install to C:\Program Files\Hijack This.
    · Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    · Put a check by Create a desktop icon then click Next again.
    · Continue to follow the rest of the prompts from there.
    · At the final dialogue box click Finish and it will launch Hijack This.
    · Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    · Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    · Come back here to this thread and Paste the log in your next reply.
    · DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.
     
  3. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    Thanks, valis.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:16:38 AM, on 17/11/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTUPMONITOR.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\MY DOCUMENTS\FORMAT INSTALLSETUP ALL\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - Startup: RSRCMTR.EXE.lnk = C:\WINDOWS\RSRCMTR.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.livesporton.tv
    O15 - Trusted Zone: http://www.willow.tv
    O15 - Trusted Zone: http://www.theweathernetwork.com
    O15 - Trusted Zone: http://www.cricinfo.com
    O15 - Trusted Zone: http://ipac.virl.bc.ca
    O15 - Trusted Zone: http://www.onlineconversion.com
    O15 - Trusted Zone: http://www.google.ca
    O15 - Trusted Zone: http://forums.techguy.org
    O15 - Trusted Zone: http://www.m-w.com

    Ben.
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,489
    nothing jumps out and says 'boo', but I"m not an expert at these, so you may want to wait until an expert takes a look at it. I know there's a trojan that goes by the name scanregw, BUT i think that for windows ME it's a legit app.....let an expert parse it.

    In the meantime, a few questions:

    1. how long has this been happening?
    2. Have you rebooted since it began?
    3. Close Outlook express
    4. right click on start > explore > that should default you into your present user profile. Go to tools at the top > folder options > view tab > make sure that you can see the hidden files and foldesr. I don't know how it is in ME, but I think it's ticking show hidden files and folders, but I may be wrong. Go to application data > microsoft > outlook express and rename it > outlook express_old.
    5. Reboot, restart outlook, and let me know if the icons are still like that.

    v
     
  5. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    1.This is my second time in the last week.
    2.Yes.

    I found I had a donation of My Global Search Bar and removed it (from the Programs folder). It seems related to this morning's (and second time) download/install of a P2P BS file.

    I searched the registry for 'my global search bar' and removed a couple of entries. Reboot and it is gone from Outloolk Express. I read that this search bar is a low level nuisance here.

    Thanks for responding, valis. And, by the way,

    1. I didn't know a right-click on Start was even a possibility!!
    2. scanregw is a genuine ME item - it places those registry roll backs available from a run command 'scanreg /restore'.

    Ben.
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,489
    we both learned something! I know that if you see scanregw in 2k or up, you are *most likely* looking at a trojan, but in the foggy depths the fen that portrays itself as my brain I remember something about it being s.o.p. for windows ME, so I wanted to at least toss that out there.

    Glad to help, wish I would've solved it, but regardless, glad you are up and operating.

    v
     
  7. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    Hello,

    Sorry valis it is not resolved and my PM to you is not the solution.

    I have cleared the P2P software as thoroughly as possible from my computer. I did use Panda on line scan but it found nothing. I removed My Global Web Search bar and all I could find by other means. I.E. Explorer opens without it now.

    Here is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:39 PM, on 17/11/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTUPMONITOR.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\FORMAT INSTALLSETUP ALL\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - Startup: RSRCMTR.EXE.lnk = C:\WINDOWS\RSRCMTR.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.livesporton.tv
    O15 - Trusted Zone: http://www.willow.tv
    O15 - Trusted Zone: http://www.theweathernetwork.com
    O15 - Trusted Zone: http://www.cricinfo.com
    O15 - Trusted Zone: http://ipac.virl.bc.ca
    O15 - Trusted Zone: http://www.onlineconversion.com
    O15 - Trusted Zone: http://www.google.ca
    O15 - Trusted Zone: http://forums.techguy.org
    O15 - Trusted Zone: http://www.m-w.com
    O15 - Trusted Zone: http://www.pandasoftware.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    help appreciated.

    Ben.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,611
    I understand the problem has returned so please do this.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.


    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and the results of the Panda scan.
     
  9. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    Cookiegal,

    I was not able to see the Apply button and could not drag the window open wider to do so. I was just able to see the first three letters of the Adons items = Pol and Sec &
    I could see two buttons above but not enough of them to see their labels. I clicked on each in turn but the Start Scan button was not active.

    I'm back where I feel safer!

    Ben.
     

    Attached Files:

  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,611
    Open the program in normal mode and you will see where they are so you can check the correct ones in safe mode.


    For the policies it's the 7th and 8th ones down.

    The Apply button is in the top right corner. In safe mode you will see only the left side of it but you can still click on it.
     
  11. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    WinP Finds please attached .txt file
    Repeat of ActiveScan Log also attached.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:25:10 PM, on 17/11/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTUPMONITOR.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\FORMAT INSTALLSETUP ALL\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - Startup: RSRCMTR.EXE.lnk = C:\WINDOWS\RSRCMTR.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.livesporton.tv
    O15 - Trusted Zone: http://www.willow.tv
    O15 - Trusted Zone: http://www.theweathernetwork.com
    O15 - Trusted Zone: http://www.cricinfo.com
    O15 - Trusted Zone: http://ipac.virl.bc.ca
    O15 - Trusted Zone: http://www.onlineconversion.com
    O15 - Trusted Zone: http://www.google.ca
    O15 - Trusted Zone: http://forums.techguy.org
    O15 - Trusted Zone: http://www.m-w.com
    O15 - Trusted Zone: http://www.pandasoftware.com
    O15 - Trusted Zone: http://www.sharewareconnection.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    Thank-you, Cookiegal.

    Ben.
     

    Attached Files:

  12. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,489
    aarhus: You are in far greater hands than I could ever possibly hope to offer, so I will bypass your p.m. from earlier in the day and watch and learn from cookie, freshly wrapped for the holidaze.

    thanks,

    v
     
  13. aarhus2004

    aarhus2004 Gone but always remembered Thread Starter

    Joined:
    Jan 9, 2004
    Messages:
    1,049
    Vallis, from the look of the young fellow in your arms I think you have capably safe hands! Nice pic. (y)

    Thanks for trying. Everything will be AOK I am sure.

    Ben.
     
  14. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,489
    thanks.....let's just say he bounces well....;)
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,611
    I'm convinced My Global Search is responsible.

    Go to Control Panel - Add/Remove programs and remove any of these (or similar) that you find there:

    MyWay
    MyWebSearch
    MySearchBar
    FunWebProducts
    MyGlobalSearch
    MyGlobalSearchToolbar



    I'm attaching a Fixaarhus.zip file to this post to remove a registry entry. Save it to your desktop. Unzip it and double click the Fixaarhus.reg file and allow it to enter into the registry.


    Reboot and then let me know if things have reverted back to normal.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/519122