Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Script Errors With Ie


  • Please log in to reply
8 replies to this topic

#1 TQUAD

TQUAD

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:22 PM

Posted 26 July 2006 - 01:27 AM

I am still using Windows 98SE with IE 5.51. Recently Internet Explorer started displaying a
'Script Error' notice on almost every website I visit, including this one. Although after selecting
the box stating that 'Yes', I would like to continue running script on this page, nothing bad happens.
The main complaint is that it is very annoying to say the least. It occurrs on at least 8 out of
every 10 pages visited.
Enclosed is the latest Hijack This log file to determine if there's something new and
detrimental to my computer.
Any help would be really appreciated. I can't figure out whats causing it and it only just
started doing it.
Sincerely,
TQUAD

Logfile of HijackThis v1.99.1
Scan saved at 2:13:42 AM, on 7/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.3020.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\KMW_RUN.EXE
C:\WINDOWS\SYSTEM\CCTU\NOPDB.EXE
C:\WINDOWS\SYSTEM\KMW_SHOW.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\KHAL\KHALMNPR.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\APPLICATION DATA\DRU\EMDGJ.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\koookw6d.slt\prefs.js)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\SYSTEM\smiehlp.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\KMOUSE\IE_SPY.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Trds] "C:\WINDOWS\SYSTEM\cctu\nopdb.exe" -vt wnew
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\Application Data\Dru\emdgj.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010419...meInstaller.exe
O16 - DPF: {713AE1D4-897C-11D2-B2A0-00C04F94B4D5} (WUCorpSuppControl Class) - http://corporate.windowsupdate.microsoft.com/en/wucorpct.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
O20 - AppInit_DLLs: Interceptor.dll

//Mod edit to clear up tags.//

Edited by D-Trojanator, 23 August 2006 - 04:54 AM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:22 PM

Posted 04 August 2006 - 04:53 PM

Hi there and welcome to Bleeping Computer!
As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!
We look at the oldest logs first, and we were wondering that if you still need help.
Please start by posting a new HijackThis log in this topic and i will then be able to take a look!
Sorry for the delay - when you reply to the thread I will get a notification and will answer as soon as possible.
Thanks very much!
David

#3 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:22 PM

Posted 07 August 2006 - 06:11 PM

The Trojanator,
Thanks for the re3ply,
Unfortunately now I am plagued by another major problem
as well as the script errors.
My video display will only load Windows in 16 color display.
I'm using an old 'All in wonder' 8mb card with TV out.
Each time I try to reset the values to at least '16bit high'
the computer will only restart in safe mode 'High Contrast'
and automatically goes back to 16 color only.
I've checked all the display settings under device manager and
they all indicate normal. I've also reinstalled all my video
drivers from ATI for the card with no results.
Also, the computer does not give any 'Announcement' that
the settings are incorrect and new drivers are needed each
time the computer is rebooted or started cold.l
Windows troubleshooting offers no help when you try
to look up video display problems under 'Help'.
Is it possible the graphics card just went bad. How do you
check it to find out.
In addition under safe mode I am unable to post the
latest 'Hijack This' log. Any help or suggestions
will be really appreciated.
Tquad

//Mod edit to clear up tags.//

Edited by D-Trojanator, 23 August 2006 - 04:54 AM.


#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:22 PM

Posted 08 August 2006 - 06:03 AM

Hey Tquad.

The video display error that you are noting is unoftunatley out of my knowledge, as I specialise in internet security. I've spoken to a forum moderator and, as your log still has malware inside, I am going to get you cleaned in this thread, then you can post a new thread later on in a different forum concerning the video display error.
Sorry for the complication there.

In Internet Explorer, go to Tools | Internet Options | Advance Tags and disabled Script Debugging. This may not fix the problem but it removes annoying messages that this produces about script debugging.

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin, Yazzle by OIN, or anything similar with Oin in it.

Please run the uninstaller by using the tutorial found here:
http://www.outerinfo.com/howto.html
Then Reboot! (v.important)

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\KMOUSE\IE_SPY.DLL (file missing)
O4 - HKCU\..\Run: [Trds] "C:\WINDOWS\SYSTEM\cctu\nopdb.exe" -vt wnew
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\Application Data\Dru\emdgj.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.

To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".

When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.

Please post back with a new Hijackthis log.
David

#5 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:22 PM

Posted 13 August 2006 - 12:02 AM

Trojanator,
My video problem seems to come and go with each reboot. Most of the time it's high contrast but
every sixth or so time it comes up normal. No matter how long I wait Windows Standard desktop will not
install and as a result of trying the computer hangs or freezes.
All my programs such as Ad aware and Spybot will not complete there scans. They freeze along with
the entire computer. It also will not uninstall programs from control panel Add/Remove. In addition IE runs very slow if at all and Script Errors are everywhere. Other regular programs also hang or freeze as well.
I also accidentally ran CCleaner while unable to read all the things it would delete due to the high contrast.
Please feal free to mention anything you notice is missing. For example I lost my keyboard button that launches the Programs or Start Here functions among other things.
I hope you can help with all the problems.
Many thanks from a handicapped computer operator.
Tquad

Logfile of HijackThis v1.99.1
Scan saved at 4:50:53 AM, on 8/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\KMW_RUN.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\SEEKMO\SEEKMO.EXE
C:\PROGRAM FILES\CCTU\RUNDLL32.EXE
C:\WINDOWS\APPLICATION DATA\DRU\EMDGJ.EXE
C:\WINDOWS\SYSTEM\KMW_SHOW.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\koookw6d.slt\prefs.js)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\SYSTEM\smiehlp.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E019769AA475760EA83FA5EF80752B94E3D67A5E744F283ACF - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\PROGRAM FILES\SEEKMO PROGRAMS\SEEKMO TOOLBAR\SEEKMOTB.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SWN2] C:\PROGRAM FILES\SPYWARE NUKER\SWNXT.EXE /h
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Trds] "C:\Program Files\cctu\rundll32.exe" -vt wnew
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\Application Data\Dru\emdgj.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.4.0\SHPRRPRT.DLL (file missing)
O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010419...meInstaller.exe
O16 - DPF: {713AE1D4-897C-11D2-B2A0-00C04F94B4D5} (WUCorpSuppControl Class) - http://corporate.windowsupdate.microsoft.com/en/wucorpct.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
O20 - AppInit_DLLs: Interceptor.dll

//Mod edit to clear up tags.//

Edited by D-Trojanator, 23 August 2006 - 04:53 AM.


#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:22 PM

Posted 13 August 2006 - 04:37 AM

Hey there,

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

David

#7 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:22 PM

Posted 14 August 2006 - 08:39 PM

David,
Per your request I am posting the Uninstall List from the most recent Highjack This.
I hope it helps determine at least part of what is wrong with my system.
If there is anything else I should do please let me know.
Thanks a million,
Tom [Tquad].

100% Free Hearts
123 Free Solitaire
128 bit encryption support for Dial-Up Networking
3DGreetings Personal Edition
Adaptec DirectCD
Adaptec Easy CD Creator
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat Reader 3.01
Adobe ActiveShare 1.3.1
Adobe Photoshop 5.0
ATI Display Driver
ATI mach64 Display Driver
ATI Video Player
ATI Video Player Files-W98_AVP_5_35_0002
Audio Converter 3.0 (Limited Edition)
AVG Free Edition
Bazooka Scanner
Belarc Advisor 6.1
Bonus Pack Documentation
Caere Scan Manager 5.0
Championship Spades
Championship Spades Pro
Chinese (Traditional) Language Support
Deep Space Nine THE FALLEN Demo
Driver Detective v2.0
DriverGuide Toolkit
Error Nuker
EVEREST Ultimate Edition v2.50
F-Prot for Windows
HijackThis 1.99.1
HP DeskJet 840C Series (Remove only)
HP PrecisionScan LTX
Internet Explorer Q905915
Internet Update Wizard
iQfx2
IrfanView (remove only)
Kensington MouseWorks
Klingon Academy Demo
Klingon Honor Guard DEMO
Lernout & Hauspie TruVoice for Microsoft Agent
Lockergnome Tips
Logitech iTouch Software
Logitech SetPoint
Media Cleaner EZ for Windows Media
Microsoft Chat 2.5
Microsoft DirectX 8 SDK
Microsoft IntelliType Pro
Microsoft Interactive CD Sampler 7.0
Microsoft Internet Explorer 5 PowerTweaks Web Accessory
Microsoft Internet Explorer 5 Toolbar Wallpaper
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Internet Print Services
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2000 Troubleshooters
Microsoft Plus! 98
Microsoft Web Publishing Wizard 1.6
Microsoft Windows Critical Update Notification
Mozilla (1.7.12)
MSN Toolbar
NetMeeting 3.01
Netscape (7.1)
New Worlds
Outlook Express Q837009
PageMaker6
Panda spyXposer
Pan-European Language Support
PC Webopaedia
Photo Wizard
PhotoMontage 2000
PrintMaster® Silver
QuarkWrapture™ Demo
QuarkXPress 5.0
Real.com Media Delivery
RealDownload
RealJukebox
RealPlayer Basic
RealPresenter Basic
RealServer 7.0
RealSlideshow
RichFX Player
Seagate Backup Exec 2.0f
SECRETMAKER
Star Trek - Hidden Evil Demo
Star Trek Armada II DEMO
Star Trek Away Team Demo
Star Trek Bridge Commander Demo
Star Trek Voyager Elite Force Demo
Starfleet Command Demo
Starfleet Command II - Demo
StartUp Manager
Surreal.FX Basic
TextBridge Pro 9.0 Business Edition
The Print Shop Ensemble III
Trellix Web
U.S. Robotics Modem Identification Wizard
Ulead iPhoto Plus 4.0
Viewpoint Media Player (Remove Only)
WallMaster
Weather tool
WinAMP Skin Importer
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 KB908519 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media 7 PowerToys
Windows Media Encoder 7.1
Windows Media Player system update (9 Series)
WinZip Self-Extractor
YazzleActiveX By OIN
ZoneAlarm

//Mod edit to clear up tags.//

Edited by D-Trojanator, 23 August 2006 - 04:53 AM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:22 PM

Posted 15 August 2006 - 04:29 AM

Hey there TQUAD.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Error Nuker <--This is not a recommended program
Viewpoint Media Player (Remove Only)
YazzleActiveX By OIN


Please set your system to show hidden files; please see here if you're unsure how to do this.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E019769AA475760EA83FA5EF80752B94E3D67A5E744F283ACF - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\PROGRAM FILES\SEEKMO PROGRAMS\SEEKMO TOOLBAR\SEEKMOTB.DLL
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SWN2] C:\PROGRAM FILES\SPYWARE NUKER\SWNXT.EXE /h
O4 - HKCU\..\Run: [Trds] "C:\Program Files\cctu\rundll32.exe" -vt wnew
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\Application Data\Dru\emdgj.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\Program Files\seekmo <--folder
C:\Program Files\cctu <--folder
C:\WINDOWS\Application Data\Dru <--folder
C:\Program Files\seekmo programs <--folder

Please reboot back into normal mode and post a new Hijackthis log.
David

#9 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:22 PM

Posted 22 August 2006 - 12:24 AM

David the Trojanator,
I just wanted to drop you a note to tell you that except for my video display problems
your recommendations eliminated the 'Script Error' as well as some other problems.
I do have a minor question regarding your suggestions for eliminating some of the
'Programs' that were causing problems.

Would it be more complete to go into the registry under 'regedit' and use the 'Find'
function to locate all of the attached code for programs like 'Seekmo' and then delete everything that comes up, as long as it is not attached to relavent software? I've
used this feature to locate other bad software such as 'UnSpyPC' and it worked great.
Your help was greatly appreciated and saved me a lot of grief.
Thank you very much.
Sincerely,
Tom, [Tquad]

//Mod edit to clear up tags.//

Edited by D-Trojanator, 23 August 2006 - 04:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users