My computer has 512meg RAM, Athlon 2400+ 2.01ghz with 80gig storage. I have Windows XP SP2 and Internet Explorer 6.0 and I believe I have contracted some type of worm or virus Aug 2-3.
When I click on links the windows will not open unless I actually copy and paste the link into the address bar; but, what really bothers me is that I am unable to post to my MSN message board. The posting window opens but is blank and lacks the fonts controls while the cursor remains stuck.
I have defragmented, rebooted, attempted system restore (will not work), run AdAware, SpyBot and HijackThis! regularly as well as switched from Norton System Works to NOD32 Anti Virus, Sygate Firewall and used X Cleaner on the recommendation of my friend who is a MS certified tech. NOD32 found one virus: MyTOB32 which I deleted. I also have my XP popup blocker and firewall turned off and ActiveX and Scripting enabled as well as checked URL: Internet Protocols to make sure it links to IE 6.0 correctly. I then ran NAV Security Scan at www.sarc.com and used the removal tool for MyTOB. I am guessing that a clean install of Windows XP is the next step but was referred here by Jeannie from allexperts.com . Any help would be appreciated. Thanks.
Full Version: MyTOB
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Welcome to SAF, lapisLee.
At the top of this forum is a tutorial on using HijackThis and posting a log from it. It will show us what malware, if any, is on your system.
Post the log in your reply and we'll take it from there.
At the top of this forum is a tutorial on using HijackThis and posting a log from it. It will show us what malware, if any, is on your system.
Post the log in your reply and we'll take it from there.
Logfile of HijackThis v1.99.1
Scan saved at 11:44:09 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinMX\WinMX.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HikackThis!\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.dll?...gActiveListings
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.dll?...gActiveListings
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [IntelliPointSetup] c:\WINDOWS\system32\setup.exe /skiptoieinstall
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - Startup: Timaeus.lnk = C:\Program Files\Zoidiasoft Technologies\Timaeus\Timaeus.exe
O4 - Startup: WinMX.lnk = C:\Program Files\WinMX\WinMX.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/tool...lbar/lexico.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Scan saved at 11:44:09 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinMX\WinMX.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HikackThis!\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.dll?...gActiveListings
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.dll?...gActiveListings
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [IntelliPointSetup] c:\WINDOWS\system32\setup.exe /skiptoieinstall
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - Startup: Timaeus.lnk = C:\Program Files\Zoidiasoft Technologies\Timaeus\Timaeus.exe
O4 - Startup: WinMX.lnk = C:\Program Files\WinMX\WinMX.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/tool...lbar/lexico.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
There is no malware showing in the log.
Is there any program you installed (aside from NOD32) that coincided with the time the problem started, Timaeus for example?
Have you tried uninstalling/reinstalling MSN?
There are new trojans that have the ability to hide from HijackThis logs. Download SilentRunners.VBS to your desktop and run it. Post the full log it generates. SilentRunners shows malware startups that sometimes HijackThis cannot export.
Is there any program you installed (aside from NOD32) that coincided with the time the problem started, Timaeus for example?
Have you tried uninstalling/reinstalling MSN?
There are new trojans that have the ability to hide from HijackThis logs. Download SilentRunners.VBS to your desktop and run it. Post the full log it generates. SilentRunners shows malware startups that sometimes HijackThis cannot export.
Deleted incomplete Silent Runner file.
I did not add any new programs, definitely not Timaeus, on or around August 2-3, when the problem started, although I added Sygate, NOD32, X Cleaner and a few things from MS Update Security to help solve the problem AFTER it began. I JUST added accuweather.com to the task bar today.
PS: I am ignorant as to how to attach a file to a post here.
PS: I am ignorant as to how to attach a file to a post here.
| QUOTE |
| PS: I am ignorant as to how to attach a file to a post here. |
What file do you want to post? An image (JPG, JPEG)?
There's nothing showing in that SR log. Can you run it again and click on 'Yes' to perform the supplementary searches, then post that expanded log. I'm pretty sure it won't show anything new, but you never know.
If there was a viral infection (although MyTob is technically a worm, but there are over 100 variants), it's possible that some critical files have been damaged and a repair installation might be in order. But I've seen many repair installations go horribly wrong, including two on my own systems, so I hesitate to recommend that avenue.
| QUOTE |
| I am not aware of adding any programs, definitely not Timaeus |
Do you mean you didn't deliberately install Timaeus? I can't find any details on what it is or does.
Timaeus daily horoscope software ? http://www.zodiac-x-files.com/timaeus-download.htm
That's what I found, Chris. But there's not much info on it.
lapisLee seemed to imply that he didn't deliberately install it. I may be wrong.
lapisLee seemed to imply that he didn't deliberately install it. I may be wrong.
I DID deliberately install Timaeus (an astrology program that plots the current planetary positions relative to their position at your time of birth). I DID check YES on Silent Runner before the scan. I did NOT uninstall/reinstall MSN yet or Windows XP for that matter. I thought it would be easier to attach the Silent Runner and HijackThis! files than to copy and paste them to the body of the message. BTW thanks for everyone's help.
| QUOTE |
| I DID deliberately install Timaeus (an astrology program that plots the current planetary positions relative to their position at your time of birth). |
No worries...as long as we know what it is.
| QUOTE |
| I DID check YES on Silent Runner before the scan. |
That's strange because it should have enumerated these extra items:
Winsock2 Service Provider DLLs:
-------------------------------
Transport Service Providers
-------------------------------
Toolbars, Explorer Bars, Extensions:
------------------------------------
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
The log takes a while to complete. Even when the file shows on the desktop, SR is still writing to it. Takes about 30 seconds in all. Wait for the prompt that the scan is completed and check if those extra items are there.
| QUOTE |
| I did NOT uninstall/reinstall MSN yet. |
That would be the next step. Reinstalling Windows is a last resort in my book. If you have your Windows CD, you could try running sfc /scannow from the Start > Run line to check for corrupted files.
| QUOTE |
| BTW thanks for everyone's help and I will be crashing shortly. |
You're welcome. I'm in Hong Kong, so I may not be around when you post back. But I'll check in again tomorrow morning HK time.
Deleted incomplete Silent Runner file.
I don't know what's going on with SR. You have items showing in HJT that should also show in the SR log. Here's mine so you can see what I mean:
See the extra headers and the time taken. Are you sure you're giving it enough time to write the full log?
| CODE |
| "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"] "{a84c0510-b187-11d0-8ae7-00c04fd28d85}" = "KODAK DC240/DC280 Camera" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Kodak\DC240_~1\Mounter\DC280mnt.dll" ["Eastman Kodak Company"] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string] "{D6C6A253-FC96-43B9-A883-FBB9EAFDCCAD}" = "FileSnoop Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PCMAGA~1\FILESN~1\ContMenu.dll" [null data] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] FileSnoop\(Default) = "{D6C6A253-FC96-43B9-A883-FBB9EAFDCCAD}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PCMAGA~1\FILESN~1\ContMenu.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Edmond Joyce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] {9455301C-CF6B-11D3-A266-00C04F689C50}\ = "Encarta &Researcher" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2FDEF853-0759-11D4-A92E-006097DBED37}\ "ButtonText" = "Encarta Encyclopedia" "MenuText" = "Encarta Encyclopedia" "Script" = "C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM" [null data] {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ "ButtonText" = "Messenger" "MenuText" = "Yahoo! Messenger" "CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] {5DA9DE80-097A-11D4-A92E-006097DBED37}\ "ButtonText" = "Define" "MenuText" = "Define" "Script" = "C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM" [null data] {9455301C-CF6B-11D3-A266-00C04F689C50}\ "ButtonText" = "Researcher" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "Yes" at the first message box. ---------- (total run time: 72 seconds, including 18 seconds for message boxes) |
See the extra headers and the time taken. Are you sure you're giving it enough time to write the full log?
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"X-Cleaner Freeware" = ""C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT" ["XBlock Systems LLC"]
"AccuWeatherDesktopAlerts" = "C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WinPatrol" = ""C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" ["Google Inc."]
"IntelliPointSetup" = "c:\WINDOWS\system32\setup.exe /skiptoieinstall" [MS]
"eBayToolbar" = "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" ["eBay"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{11359F4A-B191-42d7-905A-594F8CF0387B}\(Default) = "Dictionary.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\(Default) = "eBay Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]
"{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive"
-> {CLSID}\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe HE 3.0\FotoNation Explorer\camview.dll" ["FotoNation Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.1\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Dictionary.com"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lee New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Lee New" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\Lee New\Start Menu\Programs\Startup
"Timaeus" -> shortcut to: "C:\Program Files\Zoidiasoft Technologies\Timaeus\Timaeus.exe" ["Zoidiasoft Technologies"]
"WinMX" -> shortcut to: "C:\Program Files\WinMX\WinMX.exe" ["Frontcode Technologies"]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Dictionary.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Lexico"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Prevx Agent, PrevxAgent, "C:\Program Files\PREVX\Prevx Home\PXAgent.exe -f" ["Prevx Ltd."]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 98 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 59 seconds.
---------- (total run time: 250 seconds)
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"X-Cleaner Freeware" = ""C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT" ["XBlock Systems LLC"]
"AccuWeatherDesktopAlerts" = "C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WinPatrol" = ""C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" ["Google Inc."]
"IntelliPointSetup" = "c:\WINDOWS\system32\setup.exe /skiptoieinstall" [MS]
"eBayToolbar" = "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" ["eBay"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{11359F4A-B191-42d7-905A-594F8CF0387B}\(Default) = "Dictionary.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\(Default) = "eBay Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]
"{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive"
-> {CLSID}\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe HE 3.0\FotoNation Explorer\camview.dll" ["FotoNation Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.1\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Dictionary.com"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lee New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Lee New" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\Lee New\Start Menu\Programs\Startup
"Timaeus" -> shortcut to: "C:\Program Files\Zoidiasoft Technologies\Timaeus\Timaeus.exe" ["Zoidiasoft Technologies"]
"WinMX" -> shortcut to: "C:\Program Files\WinMX\WinMX.exe" ["Frontcode Technologies"]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Dictionary.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{11359F4A-B191-42D7-905A-594F8CF0387B}" = "Lexico"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\lexbar.dll" ["www.typeless.com"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Prevx Agent, PrevxAgent, "C:\Program Files\PREVX\Prevx Home\PXAgent.exe -f" ["Prevx Ltd."]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 98 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 59 seconds.
---------- (total run time: 250 seconds)
This item, a former firewall, will not allow me to uninstall it or delete the contents of it's folder within C:\Program Files due to a 'running process':
Prevx Agent, PrevxAgent, "C:\Program Files\PREVX\Prevx Home\PXAgent.exe -f" ["Prevx Ltd."]
Prevx Agent, PrevxAgent, "C:\Program Files\PREVX\Prevx Home\PXAgent.exe -f" ["Prevx Ltd."]
Have you tried to run MSConfig and uncheck it on services/startup tabs prior to delete it ?
Yes, SysConfig utility says: 'Access Denied Error. You may have to log on as an administrator to make this change.' I am running the sfc /scannow from Windows disk as we speak. The scan just completed but I do not see any results window so I am assuming Windows Protected files are intact and not corrupted. Is this correct?
| QUOTE |
| Yes, SysConfig utility says: 'Access Denied Error. You may have to log on as an administrator to make this change.' |
Can you log in as Administrator and make the change?
Did you try uninstalling/reinstalling MSN?
The SilentRunners log shows no malware. If SFC found nothing, the system files are intact.
Since this is a stand-alone computer without a local network I am already logged in as administrator aren't I? Also I am unclear how to uninstall/reinstall MSN. Do you mean IE 6.0?
Hi lapisLee,
Windows XP is asking for Administrator rights (do not need to be logged on a network for this). It seems that you are logged as comon user instead. If you click <start/logoff> and there are more than one users to this machine, you will see a "change user" (or something like this, as mine is Brazilian Portuguese OS). You must log as administrator to make certain changes on your system.
To uninstall MSN, just go to <Start/Config/Control panel> and click on "Add/remove software". Scroll down the programs list and click on MSN Messenger twice. If you do not have administrator rights, it will probably not allow you to do that.
Chris
Windows XP is asking for Administrator rights (do not need to be logged on a network for this). It seems that you are logged as comon user instead. If you click <start/logoff> and there are more than one users to this machine, you will see a "change user" (or something like this, as mine is Brazilian Portuguese OS). You must log as administrator to make certain changes on your system.
To uninstall MSN, just go to <Start/Config/Control panel> and click on "Add/remove software". Scroll down the programs list and click on MSN Messenger twice. If you do not have administrator rights, it will probably not allow you to do that.
Chris
I do have adminstrator rights as I remove programs all of the time. I just removed MSN Messenger but I do not understand how this might affect the problem. Did I also mention that Windows Update no longer will work as it says some files are no longer registered or installed?
PS: I am leaving on a 2 day vacation in 3 hours (The 21st Century Doors concert!) so I will not be back until August 10 around 5pm EST.
PS: I am leaving on a 2 day vacation in 3 hours (The 21st Century Doors concert!) so I will not be back until August 10 around 5pm EST.
| QUOTE |
| I just removed MSN Messenger but I do not understand how this might affect the problem |
Problem is not MSN Messenger itself, but the sponsors that it tries to add on install, which are adware/spyware. You can reinstall MSN without installing the sponsors.
If some of your files are no longer registered or installed, maybe a repair install can solve the problem.
Have a fun and safe vacation
By 'repair install' do you mean inserting the Windows XP disk and doing the repair install from that? That is a relatively simple procedure (for me) correct ?
Well, let's see where we are.
So far, no viruses detected. If there were a malware infection, I feel confident Ed would have located it by now.
That brings us back to your original problem, dodgy MIE6.
You might try going HERE and installing IE Service Pack2; it contains the core files for MIE and may straighten out the problem. You can d/load and install straight from the web for convenience. Be sure to turn on your firewall before you venture out on the internet.
If that doesn't seem to help, I would suggest a repair reinstall of XP from your OEM disk. If you have only a restore disk you can't do a repair reinstall, unfortunately. Hope this helps.
So far, no viruses detected. If there were a malware infection, I feel confident Ed would have located it by now.
That brings us back to your original problem, dodgy MIE6.
You might try going HERE and installing IE Service Pack2; it contains the core files for MIE and may straighten out the problem. You can d/load and install straight from the web for convenience. Be sure to turn on your firewall before you venture out on the internet.
If that doesn't seem to help, I would suggest a repair reinstall of XP from your OEM disk. If you have only a restore disk you can't do a repair reinstall, unfortunately. Hope this helps.
When I try to download SP2 from Windows Update it says: 'Files required to use Microsoft Update are no longer registered or installed on your computer. Register or reinstall the files for me now.' Then it goes back through an endless loop and never installs. I will do the Windows repair install from the XP disk when i wake up later as I just got back from The Doors concert. MS support are also slowly helping me to resolve this situation as well but so far this forum is way ahead of their suggestions.
Here is the MS support tech's advice so far:
To troubleshoot this issue, I suggest performing the following steps:
Step 1: Check the Internet Explorer (IE) settings
===========
1. Launch IE.
2. Click Tools and click Internet Options.
3. Under the Program tab, click to check "Internet Explorer should check to see whether it is the default browser", click on the Reset Web Settings button and click Yes.
4. Check this issue.
Step 2: Register some dll files
===========
1. Close all instances of Internet Explorer.
2. Click Start and Run, type "Regsvr32 Urlmon.dll" (without the quotation marks) in the Open box and click OK.
3. Click Start and Run, type "Regsvr32 mshtml.dll" (without the quotation marks) in the Open box and click OK.
4. Click Start and Run, type "Regsvr32 shdocvw.dll" (without the quotation marks) in the Open box and click OK.
5. Check this issue.
Step 3: Reset the file association
=========
1. Double click My Computer, click Tools -> Folder Options -> the File Types folder.
2. Click the File Types column to sort the column list. In the File Types column, find the <URL:HyperText> Transfer Protocol item and click the Advanced button.
3. Select the Open item, click Edit. According to the following steps to check the settings:
If there is no "Open" in the Actions list, please click New to create one. In the Action field, type: Open
4. In the Application Used to perform action box:
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Note: Please confirm your iexplore.exe path. Click Start -> Find -> Files or Folders, type iexplore.exe. You can replace "C:\Program Files\Internet Explorer\iexplore.exe" by the real path of iexplore.exe on your computer, such as
"A:\B\iexplore.exe" -nohome
5. Select the USE DDE option.
6. In the DDE Message field, type:
"%1",,-1,0,,,,
7. In the Application field, type: IExplore
8. Don't type any information in the DDE Application Not Running field.
9. In the Topic field type: WWW_OpenURL, click OK.
After you set the Open item correctly, click Set Default.
10. Save these settings, and then repeat the process for the following protocols.
<URL:File> Transfer Protocol
<URL:Gopher> Protocol
<URL:Hypertext> Transfer protocol with Privacy
After performing Step 3, please test the issue again.
If the issue still happens, please help me collect the following information for further research.
Collect System Information
============
1. Press Start, Run and type in msinfo32. Press OK.
2. Choose Save from the File menu and save it as an NFO file.
If my initial instructions do not help, let's go on with the steps below.
My reply:
Step 1: I had already checked box for IE to check if it was default.
Step 2: I ran all three files and clicked 'OK'
Step 3: No changes were necessary when I checked each item. They were all correct.
Step 1: Detect spyware
==========
1. Download and install Ad-Aware from this page: http://lavasoft.element5.com/support/download/
2. Click Start -> All Programs -> "Lavasoft Ad-aware SE Personal" -> "Ad-Aware SE Personal" to start Ad-Aware.
(Note: If there is a popup box asking whether or not check definition update, please click OK and click Connect. Click OK to download and install the latest definition, and then click Finish.)
3. Click the Start button in the Ad-Aware window, and then click Next to start the scan.
4. After the scan is finished, click Next, click the check boxes on the "Critical Objects" tab to select them, click Next, and the click OK to confirm the removal.
Please Note: The third-party products discussed here are manufactured by vendors independent of Microsoft. We make no warranty, implied or otherwise, regarding these products' performance or reliability.
Step 2: Reset IE (Internet Explorer):
========
1. Start Internet Explorer. On the Tools menu select Internet Options.
2. On the General tab, click Delete cookies. Press Delete files button and check the box "Delete all offline content" and then click OK.
Click the Clear History button in the History area, and then click OK in the dialog box that appears.
Click the Settings button. Click the View Objects button and delete all objects there. Close the Window. Click View Files and delete all files there. Close the Window.
3. On the Security tab, click the Default Level button.
4. On the Privacy tab, click the Default button if it is available.
5. On the Advanced tab, click Restore Defaults and remove the "Enable third-party browser extensions" check box.
6. Close all the Internet Explorer (IE) windows and reopen Internet Explorer (IE) to test the issue.
My reply:
I already run AdAware and SpyBot Search & Destroy regularly and I reset IE according to your instructions and I am still unable to use links to IE or on my MSN message board.
Step 1: Disable third party programs as follows:
=========
1. Disable Anti-virus and firewall programs, such as Norton, McAfee;
2. Temporarily remove Pop-Up Stopper.
3. Test the issue.
Step 2: Reset IE (Internet Explorer):
========
This was a repeat of a prior step.
Step 3: Clean Boot (If you are using a dial-up connection, the network may not work in a Clean Boot state.)
============
1. Click Start, click Run, type "MSCONFIG" (without the quotation marks) in the open box and click OK.
2. Under the Service tab, check "Hide All Microsoft Services", and then uncheck all the services listed.
3. Under the General tab, put a check next to "Selective Startup", please click to uncheck "Load Startup Items" and click OK.
4. Please choose Yes to restart the computer.
5. Please test the issue.
Note: After restarting the system, if the warning of the System Configuration Utility comes up, please check the option "Do not show this message..." and click OK. After performing Clean Boot, some startup programs may not run. It is normal and temporary for the test.
My reply:
Step 1: Disable third party programs
========
Completed this step however when I click on links from my Gmail program I STILL get an error message saying pop-up blocker is preventing link from opening although XP pop-up blocker is disabled as well as Sygate Firewall.
Step 2: Reset IE (Internet Explorer):
========
This step has been completed previously and did not resolve problem
Step 3: Clean Boot (If you are using a dial-up connection, the network may not work in a Clean Boot state.)
============
This step reveals four non-Microsoft services: Sygate (firewall), NOD32 (anti virus), PREVX (old firewall which will not allow me to uninstall or delete contents of Program Files folder due to 'Access Denied Error and program is being used by running process' and Symantec (uninstalled all other portions of Norton before installing Sygate). This also did not resolve problem upon rebooting. [/SIZE]
Here is the MS support tech's advice so far:
To troubleshoot this issue, I suggest performing the following steps:
Step 1: Check the Internet Explorer (IE) settings
===========
1. Launch IE.
2. Click Tools and click Internet Options.
3. Under the Program tab, click to check "Internet Explorer should check to see whether it is the default browser", click on the Reset Web Settings button and click Yes.
4. Check this issue.
Step 2: Register some dll files
===========
1. Close all instances of Internet Explorer.
2. Click Start and Run, type "Regsvr32 Urlmon.dll" (without the quotation marks) in the Open box and click OK.
3. Click Start and Run, type "Regsvr32 mshtml.dll" (without the quotation marks) in the Open box and click OK.
4. Click Start and Run, type "Regsvr32 shdocvw.dll" (without the quotation marks) in the Open box and click OK.
5. Check this issue.
Step 3: Reset the file association
=========
1. Double click My Computer, click Tools -> Folder Options -> the File Types folder.
2. Click the File Types column to sort the column list. In the File Types column, find the <URL:HyperText> Transfer Protocol item and click the Advanced button.
3. Select the Open item, click Edit. According to the following steps to check the settings:
If there is no "Open" in the Actions list, please click New to create one. In the Action field, type: Open
4. In the Application Used to perform action box:
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Note: Please confirm your iexplore.exe path. Click Start -> Find -> Files or Folders, type iexplore.exe. You can replace "C:\Program Files\Internet Explorer\iexplore.exe" by the real path of iexplore.exe on your computer, such as
"A:\B\iexplore.exe" -nohome
5. Select the USE DDE option.
6. In the DDE Message field, type:
"%1",,-1,0,,,,
7. In the Application field, type: IExplore
8. Don't type any information in the DDE Application Not Running field.
9. In the Topic field type: WWW_OpenURL, click OK.
After you set the Open item correctly, click Set Default.
10. Save these settings, and then repeat the process for the following protocols.
<URL:File> Transfer Protocol
<URL:Gopher> Protocol
<URL:Hypertext> Transfer protocol with Privacy
After performing Step 3, please test the issue again.
If the issue still happens, please help me collect the following information for further research.
Collect System Information
============
1. Press Start, Run and type in msinfo32. Press OK.
2. Choose Save from the File menu and save it as an NFO file.
If my initial instructions do not help, let's go on with the steps below.
My reply:
Step 1: I had already checked box for IE to check if it was default.
Step 2: I ran all three files and clicked 'OK'
Step 3: No changes were necessary when I checked each item. They were all correct.
Step 1: Detect spyware
==========
1. Download and install Ad-Aware from this page: http://lavasoft.element5.com/support/download/
2. Click Start -> All Programs -> "Lavasoft Ad-aware SE Personal" -> "Ad-Aware SE Personal" to start Ad-Aware.
(Note: If there is a popup box asking whether or not check definition update, please click OK and click Connect. Click OK to download and install the latest definition, and then click Finish.)
3. Click the Start button in the Ad-Aware window, and then click Next to start the scan.
4. After the scan is finished, click Next, click the check boxes on the "Critical Objects" tab to select them, click Next, and the click OK to confirm the removal.
Please Note: The third-party products discussed here are manufactured by vendors independent of Microsoft. We make no warranty, implied or otherwise, regarding these products' performance or reliability.
Step 2: Reset IE (Internet Explorer):
========
1. Start Internet Explorer. On the Tools menu select Internet Options.
2. On the General tab, click Delete cookies. Press Delete files button and check the box "Delete all offline content" and then click OK.
Click the Clear History button in the History area, and then click OK in the dialog box that appears.
Click the Settings button. Click the View Objects button and delete all objects there. Close the Window. Click View Files and delete all files there. Close the Window.
3. On the Security tab, click the Default Level button.
4. On the Privacy tab, click the Default button if it is available.
5. On the Advanced tab, click Restore Defaults and remove the "Enable third-party browser extensions" check box.
6. Close all the Internet Explorer (IE) windows and reopen Internet Explorer (IE) to test the issue.
My reply:
I already run AdAware and SpyBot Search & Destroy regularly and I reset IE according to your instructions and I am still unable to use links to IE or on my MSN message board.
Step 1: Disable third party programs as follows:
=========
1. Disable Anti-virus and firewall programs, such as Norton, McAfee;
2. Temporarily remove Pop-Up Stopper.
3. Test the issue.
Step 2: Reset IE (Internet Explorer):
========
This was a repeat of a prior step.
Step 3: Clean Boot (If you are using a dial-up connection, the network may not work in a Clean Boot state.)
============
1. Click Start, click Run, type "MSCONFIG" (without the quotation marks) in the open box and click OK.
2. Under the Service tab, check "Hide All Microsoft Services", and then uncheck all the services listed.
3. Under the General tab, put a check next to "Selective Startup", please click to uncheck "Load Startup Items" and click OK.
4. Please choose Yes to restart the computer.
5. Please test the issue.
Note: After restarting the system, if the warning of the System Configuration Utility comes up, please check the option "Do not show this message..." and click OK. After performing Clean Boot, some startup programs may not run. It is normal and temporary for the test.
My reply:
Step 1: Disable third party programs
========
Completed this step however when I click on links from my Gmail program I STILL get an error message saying pop-up blocker is preventing link from opening although XP pop-up blocker is disabled as well as Sygate Firewall.
Step 2: Reset IE (Internet Explorer):
========
This step has been completed previously and did not resolve problem
Step 3: Clean Boot (If you are using a dial-up connection, the network may not work in a Clean Boot state.)
============
This step reveals four non-Microsoft services: Sygate (firewall), NOD32 (anti virus), PREVX (old firewall which will not allow me to uninstall or delete contents of Program Files folder due to 'Access Denied Error and program is being used by running process' and Symantec (uninstalled all other portions of Norton before installing Sygate). This also did not resolve problem upon rebooting. [/SIZE]
Try reinstalling Prevx and uninstall it again.
| QUOTE |
| When I try to download SP2 from Windows Update it says: 'Files required to use Microsoft Update are no longer registered or installed on your computer. Register or reinstall the files for me now.' |
But you already have SP2 installed.
Microsoft now required you to download a validation tool to ascertain that your version of XP is legitimate before allowing updates to be accessed. Is there an option to download and install that at the Windows Update site?
I am completely unable to download ANY software from Windows Update due to the error message in my previous post repeating itself endlessly when I try to update the validation software. My copy of Windows XP IS valid and I DO have the disk and serial number. Here are the MS support tech's latest instructions regarding my inability to open links from my gmail in IE 6.0 without copying and pasting them:
From your further information, I am assuming there is a third party pop-up blocker affecting the links in IE (Internet Explorer). From the System Information, I also found the mshtml.dll file may be damaged. This time, let's check them.
Step 1: Replace mshtml.dll:
========
1. Go to Start-->Control Panel
2. Open Folder option
3. On the View tab, Check the item "show hidden files and folders" and uncheck "Hide the protected operating system files."
4. Download the mshtml.zip folder from this email to your desktop.
5. Restart the computer. When the PC restarts, keep pressing F8.
6. Use the arrow keys to select "Safe Mode", and then press ENTER. Log on your user account. If your user account is not on the Welcome Screen, please double click Ctrl + Alt + Del and the classic log on box will appear. In the box, input your user name and password to log in.
7. Go to C:\WINDOWS\System32. Find and rename mshtml.dll to mshtml.old.
8. Go to the desktop and find the mshtml.zip folder. Double click to open it. Copy and paste the correct mshtml.dll to C:\WINDOWS\System32.
Restart the computer to test the issue. If it still occurs, let's go on with the following steps.
Step 2: Temporarily disable or uninstall the following programs:
Browser Hijack Blaster
eBay\eBay Toolbar
Norton Internet Security
SpywareBlaster
Test the link issue again.
If the issue still happens, please help me collect the following information for further research. I appreciate your patience and efforts.
Take a screenshot
==========
1. When the link problem appears, please press the "Print Screen" key on the keyboard.
2. Click Start, click Run, type MSPAINT, and click OK.
3. In Paint, click Paste under the Edit menu, click Save under the File menu, type a file name for the snap shot, choose JPEG as "Save as type" and click Save.
4. Send the jpg file as an email attachment to my personal email account: v-30gigu@mssupport.microsoft.com <mailto:v-30gigu@mssupport.microsoft.com>
Unfortunately I could not find a link nor attached zip file in this email so I am currently awaiting their reply. I also attempted to place the Windows XP disk in and do a 'repair install' but I did not see this option and when I attempted to reinstall Windows XP it said that my current version of Windows XP was more advanced and I would lose functionality and updates.
I would like detailed information on a 'repair install' before I proceed further although it is looking increasingly likely that a 'clean install' will be necessary as my other friends have all given up on helping me now until I do one. I am assuming I have to back up everything and as I recall from last time I lost emails, favorite links and a host of other items I was unaware I was required to back up. I am starting to feel slightly desperate and impotent at this point therefore any further suggestions or assistance you can provide would be greatly appreciated.
From your further information, I am assuming there is a third party pop-up blocker affecting the links in IE (Internet Explorer). From the System Information, I also found the mshtml.dll file may be damaged. This time, let's check them.
Step 1: Replace mshtml.dll:
========
1. Go to Start-->Control Panel
2. Open Folder option
3. On the View tab, Check the item "show hidden files and folders" and uncheck "Hide the protected operating system files."
4. Download the mshtml.zip folder from this email to your desktop.
5. Restart the computer. When the PC restarts, keep pressing F8.
6. Use the arrow keys to select "Safe Mode", and then press ENTER. Log on your user account. If your user account is not on the Welcome Screen, please double click Ctrl + Alt + Del and the classic log on box will appear. In the box, input your user name and password to log in.
7. Go to C:\WINDOWS\System32. Find and rename mshtml.dll to mshtml.old.
8. Go to the desktop and find the mshtml.zip folder. Double click to open it. Copy and paste the correct mshtml.dll to C:\WINDOWS\System32.
Restart the computer to test the issue. If it still occurs, let's go on with the following steps.
Step 2: Temporarily disable or uninstall the following programs:
Browser Hijack Blaster
eBay\eBay Toolbar
Norton Internet Security
SpywareBlaster
Test the link issue again.
If the issue still happens, please help me collect the following information for further research. I appreciate your patience and efforts.
Take a screenshot
==========
1. When the link problem appears, please press the "Print Screen" key on the keyboard.
2. Click Start, click Run, type MSPAINT, and click OK.
3. In Paint, click Paste under the Edit menu, click Save under the File menu, type a file name for the snap shot, choose JPEG as "Save as type" and click Save.
4. Send the jpg file as an email attachment to my personal email account: v-30gigu@mssupport.microsoft.com <mailto:v-30gigu@mssupport.microsoft.com>
Unfortunately I could not find a link nor attached zip file in this email so I am currently awaiting their reply. I also attempted to place the Windows XP disk in and do a 'repair install' but I did not see this option and when I attempted to reinstall Windows XP it said that my current version of Windows XP was more advanced and I would lose functionality and updates.
I would like detailed information on a 'repair install' before I proceed further although it is looking increasingly likely that a 'clean install' will be necessary as my other friends have all given up on helping me now until I do one. I am assuming I have to back up everything and as I recall from last time I lost emails, favorite links and a host of other items I was unaware I was required to back up. I am starting to feel slightly desperate and impotent at this point therefore any further suggestions or assistance you can provide would be greatly appreciated.
I'm at a loss as to why this is happening, lapisLee.
I am not a fan of a repair install as it has backfired on me twice and I ended up formatting, reinstalling and updating XP. With SP2 already installed, I think it might mess things up even more if you tried a repair.
This article seems to have all the options available to you.
I am not a fan of a repair install as it has backfired on me twice and I ended up formatting, reinstalling and updating XP. With SP2 already installed, I think it might mess things up even more if you tried a repair.
This article seems to have all the options available to you.
Thanks for the link! What do you think of the MS tech's suggestions so far? They are very thorough and seem to know what they are saying taking it step by step to cover all possibilites. I followed the last instructions and sent them some screenshots but I still have the problem of links being blocked by an 'imaginary' or 'unknown to me' pop up blocker and the posting window from MSN message boards not opening properly.
I am not going to attempt the repair install until I have had a chance to thoroughly study the link you gave me and then take it step by step VERY carefully tomorrow. I REALLY hate to pay the guys at the local computer shop $75 to fix something that either you, MS or myself SHOULD be able to resolve...
I am not going to attempt the repair install until I have had a chance to thoroughly study the link you gave me and then take it step by step VERY carefully tomorrow. I REALLY hate to pay the guys at the local computer shop $75 to fix something that either you, MS or myself SHOULD be able to resolve...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.