Windows & IE problems
04 December 2004, 11:43 PM
#1
Scooby Regular
Thread Starter
Join Date: Feb 2002
Posts: 119
Likes: 0
Received 0 Likes
on
0 Posts
Windows XP problem
Hi just wondering if anyone can help..
My friend has a problem with Windows XP. She recently installed Spybot Search & Destroy and now she cannot open any Windows related components like Control Panel, My Computer, My Documents etc. Installed programs run fine however and she can open her documents by going through MS Word. She has tried to use System Restore but to no avail.
Any suggestions on what might be wrong or possible solutions?
Thanks.
Li.
My friend has a problem with Windows XP. She recently installed Spybot Search & Destroy and now she cannot open any Windows related components like Control Panel, My Computer, My Documents etc. Installed programs run fine however and she can open her documents by going through MS Word. She has tried to use System Restore but to no avail.
Any suggestions on what might be wrong or possible solutions?
Thanks.
Li.
Last edited by JDMCTR; 05 December 2004 at 01:32 AM.
05 December 2004, 05:28 PM
#2
Scooby Regular
Thread Starter
Join Date: Feb 2002
Posts: 119
Likes: 0
Received 0 Likes
on
0 Posts
If it is any help, this is her log after a Hijack This scan -
Logfile of HijackThis v1.97.7
Scan saved at 12:54:49 AM, on 12/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ICQ\Icq.exe
C:\Documents and Settings\Lim Kean Yew\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oryaknpfybvn.com/CnKMCo_...IPtdj5lZNA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=309
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=309
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qikrsnmeurrpujmldc.us/Cn...tIPtdj5lZNA.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL
O2 - BHO: (no name) - {15D43ECF-BC9C-9648-4749-48FBD9140CEF} - C:\DOCUME~1\LIMKEA~1\APPLIC~1\MAILBI~1\safe up.exe
O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - C:\Program Files\KuroM7\CallToolBar.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll
O2 - BHO: (no name) - {FA8E0422-ADA0-49E0-BD54-98A9C084659C} - C:\DOCUME~1\LIMKEA~1\APPLIC~1\MAILBI~1\safe up.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - (no file)
O3 - Toolbar: KuroBar - {37DE7A73-1E01-47d6-BB9B-99BEDB7A22E2} - C:\Program Files\KuroM7\KuroBar.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ElsePollSizeCast] C:\Documents and Settings\All Users\Application Data\Manager bird else poll\dog bits.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BoreDupe] C:\PROGRA~1\WIPEBL~1\View Seek.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BoreDupe] C:\DOCUME~1\LIMKEA~1\APPLIC~1\WIPEBL~1\View Seek.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: KuroËÑË÷mp3 - res://C:\Program Files\KuroM7\KuroBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.c...7840.1967939815
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81E2A7C-7AE0-495B-AC88-1115C484D114}: NameServer = 193.38.113.3 194.117.157.4
Logfile of HijackThis v1.97.7
Scan saved at 12:54:49 AM, on 12/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ICQ\Icq.exe
C:\Documents and Settings\Lim Kean Yew\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oryaknpfybvn.com/CnKMCo_...IPtdj5lZNA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=309
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=309
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qikrsnmeurrpujmldc.us/Cn...tIPtdj5lZNA.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL
O2 - BHO: (no name) - {15D43ECF-BC9C-9648-4749-48FBD9140CEF} - C:\DOCUME~1\LIMKEA~1\APPLIC~1\MAILBI~1\safe up.exe
O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - C:\Program Files\KuroM7\CallToolBar.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll
O2 - BHO: (no name) - {FA8E0422-ADA0-49E0-BD54-98A9C084659C} - C:\DOCUME~1\LIMKEA~1\APPLIC~1\MAILBI~1\safe up.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - (no file)
O3 - Toolbar: KuroBar - {37DE7A73-1E01-47d6-BB9B-99BEDB7A22E2} - C:\Program Files\KuroM7\KuroBar.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ElsePollSizeCast] C:\Documents and Settings\All Users\Application Data\Manager bird else poll\dog bits.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BoreDupe] C:\PROGRA~1\WIPEBL~1\View Seek.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BoreDupe] C:\DOCUME~1\LIMKEA~1\APPLIC~1\WIPEBL~1\View Seek.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: KuroËÑË÷mp3 - res://C:\Program Files\KuroM7\KuroBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.c...7840.1967939815
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81E2A7C-7AE0-495B-AC88-1115C484D114}: NameServer = 193.38.113.3 194.117.157.4
Thread
Thread Starter
Forum
Replies
Last Post
hardcoreimpreza
Computer & Technology Related
21
11 October 2015 03:40 PM