No email or Yahoo searches!!!

Kyokushin-Kai · 04-07-2005, 08:38 PM

Hello all.

I am having a very strange internet problem. I cannot acces hotmail, yahoo mail or my university email accounts. Along with this Media Player has an internal applications error everytime I try to access it. Here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:19 PM, on 4/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: (no name) - {B7705B04-0680-31FC-0F15-9992E74D1A44} - C:\WINDOWS\APPLICATION DATA\MANAGERCHINDOES\BURNFIRST.EXE (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MORPHSTB] C:\WINDOWS\MORPHSTB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

I've already deleted Solid Peer, but I can't figure out what is going on! Any help would be appreciated

Thank you in advance!

greyknight17 · 04-08-2005, 08:23 AM

Welcome to TSF.

Just one thing that needs fixing here.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [MORPHSTB] C:\WINDOWS\MORPHSTB.exe <<-- unless you know what it's for

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\MORPHSTB.exe <<-- unless you know what it's for

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

Kyokushin-Kai · 04-08-2005, 06:47 PM

Thank you greyknight17 for the quick response. I did all that you asked, but I couldn't get the analyzer to work, but here is the new hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 7:44:07 PM, on 4/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

I still cannot acces my email or search anything on Yahoo. Strange. Thank you for your help. I'll be here all night.

Kyokushin-Kai

greyknight17 · 04-09-2005, 08:13 AM

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

Kyokushin-Kai · 07-31-2005, 05:37 PM

Good evening.

Grey Knight was helping me with this about 3 months ago but I was out of the country and had no access until now. I recieve an internal application error whenever I try to use Media Player. I cannot acces any directplayer streaming vidoes when on websites because of this. GK told me to post my StrtDreck Log so here it is:

StartDreck (build 2.1.7 public stable) - 2005-07-31 @ 18:30:14 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*EnsoniqMixer=starter.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*CriticalUpdate=C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*HPDJ Taskbar Utility=C:\WINDOWS\SYSTEM\hpztsb07.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
*WMC_RebootCheck=C:\WINDOWS\inf\unregmp2.exe /FixUps
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+NetMeeting/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
+Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Internet Connection Wizard/{5A8D6EE0-3E18-11D0-821E-444553540000}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
+PerUser_ICW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
+MSN-Migration/>PerUser_MSN_Clean
*StubPath=C:\WINDOWS\msnmgsr1.exe
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
+Web Folders/{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfldrs.inf,PerUserStub.Install,1
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - Direct Cable Connection/PerUser_DCC_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - Games/PerUser_Wingames_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - America Online/OlsAolPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - AT&T WorldNet Service/OlsAttPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - CompuServe/OlsCompuservePerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Prodigy Internet/OlsProdigyPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Setup/SetupcPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf
+Web Publishing Wizard/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
*PopupMgr.PopupManager.1/{08E74C67-99A6-45C7-94DA-A397A8FD8082}
`InprocServer32=C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
*PCTools Browser Monitor/{B56A7D7D-6927-48C8-A975-17DF180C71AC}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
*PCTools Site Guard/{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
*icoou.ICOODManager.1/{465A59EC-20E5-4fca-A38A-E5EC3C480218}
`InprocServer32=C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOU.DLL
*icooue.ICOOExternal.1/{0519A9C9-064A-4cbc-BC47-D0EACD581477}
`InprocServer32=C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOUE.DLL
»Internet Explorer
»Current User
*Default_Page_URL=C:\WINDOWS\system32\search.html
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://minisearch.startnow.com/
*Search Page=http://minisearch.startnow.com/
*Start Page=http://www.yahoo.com/
*CustomizeSearch=http://minisearch.startnow.com/
*SearchAssistant=http://minisearch.startnow.com/
+SearchUrl
*provider=
»Default User
*Default_Page_URL=C:\WINDOWS\system32\search.html
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://minisearch.startnow.com/
*Search Page=http://minisearch.startnow.com/
*Start Page=http://www.yahoo.com/
*CustomizeSearch=http://minisearch.startnow.com/
*SearchAssistant=http://minisearch.startnow.com/
+SearchUrl
*provider=
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
»ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
»Special NT Values
»Current User
*Load=
*Run=
*Programs=
*SHELL=
»Default User
*Load=
*Run=
*Programs=
*SHELL=
»Local Machine
*AppInit_DLLs=APITRAP.DLL
*SHELL=
*Userinit=
»Files
»Autostart Folders
»Current User
»Default User
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`UninstallDir=C:\
`[Options]
`BootMulti=1
`BootGUI=1
`DoubleBuffer=1
`AutoScan=1
`WinVer=4.10.2222
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\config.sys
`DEVICE=C:\WINDOWS\HIMEM.SYS
`DEVICE=C:\WINDOWS\EMM386.EXE
*C:\autoexec.bat
`@ECHO OFF
*C:\WINDOWS\wininit.bak
`[Rename]
*C:\WINDOWS\hosts
`127.0.0.1 localhost
»Program Files
*C:\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\COMMAND.COM
*C:\WINDOWS\COMMAND.PIF
*C:\WINDOWS\COMMAND.COM
+C:\PCDOC.BAT
*C:\WINDOWS\PCDOC.exe
*C:\WINDOWS\PCDOC.BAT
»System/Drivers
»Running Processes
+FF0F393D=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF0DA5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF7A55=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF578D=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFFCB2D=C:\WINDOWS\EXPLORER.EXE
+FFFF4261=C:\WINDOWS\TASKMON.EXE
+FFFFBCDD=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFEAA5D=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFEFC55=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFEEF51=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFFD3489=C:\WINDOWS\SYSTEM\LEXBCES.EXE
+FFFD1F6D=C:\WINDOWS\SYSTEM\RPCSS.EXE
+FFFD8811=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFFCC2E9=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFC3329=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
+FFFA18E9=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE
»VMM32Files (LM)
*vdd.vxd=
*vflatd.vxd=
*vshare.vxd=
*vwin32.vxd=
*vfbackup.vxd=
*vcomm.vxd=
*combuff.vxd=
*vcd.vxd=
*vpd.vxd=
*spooler.vxd=
*udf.vxd=
*vfat.vxd=
*vcache.vxd=
*vcond.vxd=
*vcdfsd.vxd=
*int13.vxd=
*vxdldr.vxd=
*vdef.vxd=
*dynapage.vxd=
*configmg.vxd=
*ntkern.vxd=
*ebios.vxd=
*vmd.vxd=
*dosnet.vxd=
*vpicd.vxd=
*vtd.vxd=
*reboot.vxd=
*vdmad.vxd=
*vsd.vxd=
*v86mmgr.vxd=
*pageswap.vxd=
*dosmgr.vxd=
*vmpoll.vxd=
*shell.vxd=
*parity.vxd=
*biosxlat.vxd=
*vmcpd.vxd=
*vtdapi.vxd=
*perf.vxd=
*vkd.vxd=
*vmouse.vxd=
*mtrr.vxd=
*enable.vxd=
»%System%\VMM32
*C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD
*C:\WINDOWS\SYSTEM\VMM32\IOS.VXD
*C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD
*C:\WINDOWS\SYSTEM\VMM32\HPZIOU01.DLL
»%System%\IOSUBSYS
*C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV
*C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\STLVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\ENSQIO.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\EPSSFD9X.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\Cdralvsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\CAMDISK.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\iomega.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\Cdr4vsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\tppiostb.pdr
*C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\BPPNPDRV.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\NTI4CDR.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\Acbhlpr.vxd
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

This is more of an annoiance than anything, please help.

Thank you!

Geekgirl · 08-02-2005, 07:48 AM

You need to post this information over in the HiJackThisLog Help Forum. I will move this over there for you, please be patient someone will look over your log.

Kyokushin-Kai · 08-02-2005, 02:59 PM

Thank you very much.

**POADB** · 08-02-2005, 04:58 PM

Hello Kyokushin-Kai.

I have merged your new thread with your old thread so that we can refer back to what's been tried and what hasn't.

I can see greyknight also asked for a Trojan Scan, unfortunately TDS-3 has been discontinued, but I'm happy to go down that road..

Please run an online virus scan at Panda ActiveScan. Save the results and bring them with you in your next post.

Kyokushin-Kai · 08-02-2005, 08:40 PM

Thank you POADB. I have been using Firefox because IE seems to not be cooperating with Java. What can I do from here...IE won't open the scan.

Thanks

**POADB** · 08-03-2005, 01:46 AM

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
Configure Mwav as followed:

check Memory
check Startup Folders
check Drive - All Local Drives
check Folder - then click [Browse] to change the directory to C: (default is C:\Windows)
Uncheck Registry
check System Folders
check Services
check Include Sub-Directory
check Scan All Files
Press the Scan button.

In the 'Virus Log Information Pane', use [CTRL] + [C] on your keyboard to copy everything found in the lower pane and save it to a notepad file. The whole log will be extremely big so there is no way to post the whole log. I just need the infected items list from that window.

Kyokushin-Kai · 08-03-2005, 08:59 PM

Wow that took a little time. Here is the infected list:

Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Speer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\All Users\Application Data\DIGStream\update.exe tagged as not-a-virus:Downloader.Win32.DigStream. No Action Taken.
File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-32e1327a.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-6c837048.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6381e4ae.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-12259af3.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\qksetup.exe tagged as "not-a-virus:AdWare.CommonName.b". Action Taken: No Action Taken.
File C:\Program Files\DivXPro511Adware.exe tagged as "not-a-virus:AdWare.Gator.3202". Action Taken: No Action Taken.
File C:\Program Files\Fujitheme.exe tagged as "not-a-virus:AdWare.Gator.3013". Action Taken: No Action Taken.
File C:\Program Files\CD to WAV and MP3 Ripper\m3_bbi6009.exe tagged as "not-a-virus:AdWare.BargainBuddy.v". Action Taken: No Action Taken.
File C:\Program Files\CD to WAV and MP3 Ripper\MthreeTopText_ezStub.exe tagged as "not-a-virus:AdWare.EZula.p". Action Taken: No Action Taken.
File C:\Program Files\DIGStream\DIGSTR~1.EXE tagged as not-a-virus:Downloader.Win32.DigStream. No Action Taken.
File C:\My Downloads\setupcdripper.exe tagged as "not-a-virus:AdWare.BargainBuddy.v". Action Taken: No Action Taken.

I'd imagine those java viruses are hurting me.

Thank you for all your work.

**POADB** · 08-04-2005, 11:37 AM

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - Choose YES when informs you the file will be deleted on Reboot. Choose NO when it asks if you want to reboot):

C:\WINDOWS\All Users\Application Data\DIGStream\update.exe
C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6699b1e6-32e1327a.zip
C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-652b4e66-6c837048.zip
C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cla ssload.jar-50757294-6381e4ae.zip
C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3dbcfe4d-12259af3.zip
C:\WINDOWS\Drivers\qksetup.exe
C:\Program Files\DivXPro511Adware.exe
C:\Program Files\Fujitheme.exe
C:\Program Files\CD to WAV and MP3 Ripper\m3_bbi6009.exe
C:\Program Files\CD to WAV and MP3 Ripper\MthreeTopText_ezStub.exe
C:\Program Files\DIGStream\DIGSTR~1.EXE
C:\My Downloads\setupcdripper.exe

Clear Java Cache

Click Start >Settings>Control Panel
Click the Java Plugin Icon
Click the Cache tab
Click the Clear button and click OK to confirm

Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

Follow the instructions outlined here to clear Sun Java's cache.

Reboot your computer and then Re-Run Panda.

Kyokushin-Kai · 08-04-2005, 03:12 PM

I have done everything. Here is the log file:

Started Scanning
Files and Directories
Found 'kmd.exe' in 'c:\WINDOWS\Drivers'
Found 'LimeWire20.dll' in 'c:\Program Files\LimeWire'
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'com.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Classes\AppID\{C630FBBF-E340-49DF-B4CB-06FB9EE34BB6}'
Found '' in 'SOFTWARE\Classes\AppID\DeskBandSearch.DLL'
Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand'
Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand.1'
Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand.1\CLSID'
Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand\CLSID'
Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand\CurVer'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found 'DisableListFiles' in 'Software\Kazaa\LocalContent'
Found '{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'c:\WINDOWS\Drivers\kmd.exe' in shortcut areas.
Checking for 'c:\WINDOWS\Drivers\kmd.exe' in startup areas.
Cleaning 'c:\WINDOWS\Drivers\kmd.exe'
Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas.
Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in startup areas.
Cleaning 'c:\Program Files\LimeWire\LimeWire20.dll'
Finished Cleaning

Thank you.

**POADB** · 08-05-2005, 03:26 AM

We'll need a new HJT log and a New Panda scan. Also an update on how your system behaves now.

Kyokushin-Kai · 08-05-2005, 10:13 AM

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:39 AM, on 8/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\FIREWALL\PAVFIRES.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOU.DLL
O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOUE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe"
O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE"
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

There were three new applications that I had to stop because my computer kept freezing. Wucrtupd, Webproxy, Apvxdwin

All of these were new today. The Panda scan froze so I will run another one. WM Player is still not working and IE is having trouble with java.

**POADB** · 08-05-2005, 10:31 AM

Wucrtupd - is a process checking for the latest updates for Windows.

Webproxy - is a process associated with a web proxy service from Panda Software.

Apvxdwin - Part of Panda Anti-Virus. Required to enable permanent virus protection.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.

You may also want to install Sun Java to assist IE.

Kyokushin-Kai · 08-06-2005, 09:32 AM

I can't run windows update. IE won't recognize the website.

**POADB** · 08-06-2005, 10:39 AM

I notice that you have two anti-virus programs on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.

I recommend asking the Windows 98 forum about your issues now. It's not likely to be Security Related.

Kyokushin-Kai · 08-06-2005, 10:49 AM

I didn't realize I had two antiviruses on my machine! I just installed Panda, what is the other one?

**POADB** · 08-06-2005, 10:55 AM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\ This suggests that Norton AntiVirus is installed. If it's not, then it's ok.

04-07-2005, 08:38 PM	#1 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	No email or Yahoo searches!!! Hello all. I am having a very strange internet problem. I cannot acces hotmail, yahoo mail or my university email accounts. Along with this Media Player has an internal applications error everytime I try to access it. Here is the Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 9:32:19 PM, on 4/7/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL O2 - BHO: (no name) - {B7705B04-0680-31FC-0F15-9992E74D1A44} - C:\WINDOWS\APPLICATION DATA\MANAGERCHINDOES\BURNFIRST.EXE (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MORPHSTB] C:\WINDOWS\MORPHSTB.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe I've already deleted Solid Peer, but I can't figure out what is going on! Any help would be appreciated Thank you in advance!

04-08-2005, 08:23 AM	#2 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Welcome to TSF. Just one thing that needs fixing here. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [MORPHSTB] C:\WINDOWS\MORPHSTB.exe <<-- unless you know what it's for Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\MORPHSTB.exe <<-- unless you know what it's for Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-09-2005, 08:13 AM	#4 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following boxes only: System/Running Process -> List Modules System/Drivers -> NT Services System/Drivers -> NT Kernel- and FS-drivers Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread. Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

07-31-2005, 05:37 PM	#5 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Media Player Internal Application Error Good evening. Grey Knight was helping me with this about 3 months ago but I was out of the country and had no access until now. I recieve an internal application error whenever I try to use Media Player. I cannot acces any directplayer streaming vidoes when on websites because of this. GK told me to post my StrtDreck Log so here it is: StartDreck (build 2.1.7 public stable) - 2005-07-31 @ 18:30:14 (GMT -05:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as »Registry »Run Keys »Current User »Run »RunOnce »Default User »Run »RunOnce »Local Machine »Run ScanRegistry=C:\WINDOWS\scanregw.exe /autorun TaskMonitor=C:\WINDOWS\taskmon.exe SystemTray=SysTray.Exe EnsoniqMixer=starter.exe LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme CriticalUpdate=C:\WINDOWS\SYSTEM\wucrtupd.exe -startup TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HPDJ Taskbar Utility=C:\WINDOWS\SYSTEM\hpztsb07.exe +OptionalComponents +IMAIL Installed=1 +MAPI NoChange=1 Installed=1 +MAPI NoChange=1 Installed=1 »RunOnce WMC_RebootCheck=C:\WINDOWS\inf\unregmp2.exe /FixUps »RunServices LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat batfile="%1" %* +.com comfile="%1" % +.disabled SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1" +.exe exefile="%1" %* +.hta htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" % +.htm htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js JSFile=C:\WINDOWS\WScript.exe "%1" % +.jse JSEFile=C:\WINDOWS\WScript.exe "%1" % +.pif piffile="%1" % +.reg regfile=regedit.exe "%1" +.scr scrfile="%1" /S +.txt txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe VBEFile=C:\WINDOWS\WScript.exe "%1" % +.wsh WSHFile=C:\WINDOWS\WScript.exe "%1" % +.wsf WSFFile=C:\WINDOWS\WScript.exe "%1" % +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +NetMeeting/{44BBA842-CC51-11CF-AAFA-00AA00B6015C} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02} +CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP +Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Internet Connection Wizard/{5A8D6EE0-3E18-11D0-821E-444553540000} StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36 +Windows Setup - Applets/AppletsPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Fonts/FontsPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf +PerUser_ICW_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395} StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 +MSN-Migration/>PerUser_MSN_Clean StubPath=C:\WINDOWS\msnmgsr1.exe +Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06} StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf +Windows Setup - System Information/PerUser_Msinfo StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - System Information/PerUser_Msinfo2 StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - Multimedia/MotownMmsysPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownAvivideoPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownMPlayPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf +Windows Setup - Messaging/PerUser_Base StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf +Windows Setup - Shell/ShellPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf +Windows Setup - Color Schemes/Shell2PerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf +Windows Setup - Start Menu/PerUser_winbase_Links StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Start Menu/PerUser_winapps_Links StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Links Bar/PerUser_LinkBar_URLs StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L +Windows Setup - Telephony Support/TapiPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf +Web Folders/{73fa19d0-2d75-11d2-995d-00c04f98bbc9} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfldrs.inf,PerUserStub.Install,1 +Windows Setup - More Applets/PerUserOldLinks StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf +Windows Setup - Sound Schemes/MmoptRegisterPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf +Windows Setup - Online Services/OlsPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - The Microsoft Network/OlsMsnPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Paint/PerUser_Paint_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Calculator/PerUser_Calc_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - FAT32 Converter/PerUser_CVT_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf +Windows Setup - Multimedia/MotownRecPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Volume Control/PerUser_Vol StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Wordpad/PerUser_MSWordPad_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf +Windows Setup - Dial-Up Networking/PerUser_RNA_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf +Windows Setup - Direct Cable Connection/PerUser_DCC_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf +Windows Setup - Games/PerUser_Wingames_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf +Windows Setup - Phone Dialer/PerUser_Dialer_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf +Windows Setup - CD Player/PerUser_CDPlayer_Inis StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf +Windows Setup - America Online/OlsAolPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - AT&T WorldNet Service/OlsAttPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - CompuServe/OlsCompuservePerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Prodigy Internet/OlsProdigyPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Setup/SetupcPerUser StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf +Web Publishing Wizard/{44BBA851-CC51-11CF-AAFA-00AA00B6015C} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub »Browser Helper Objects (LM) AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll PopupMgr.PopupManager.1/{08E74C67-99A6-45C7-94DA-A397A8FD8082} `InprocServer32=C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL PCTools Browser Monitor/{B56A7D7D-6927-48C8-A975-17DF180C71AC} `InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL PCTools Site Guard/{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} `InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL icoou.ICOODManager.1/{465A59EC-20E5-4fca-A38A-E5EC3C480218} `InprocServer32=C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOU.DLL icooue.ICOOExternal.1/{0519A9C9-064A-4cbc-BC47-D0EACD581477} `InprocServer32=C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOUE.DLL »Internet Explorer »Current User Default_Page_URL=C:\WINDOWS\system32\search.html Local Page=C:\WINDOWS\SYSTEM\blank.htm Search Bar=http://minisearch.startnow.com/ Search Page=http://minisearch.startnow.com/ Start Page=http://www.yahoo.com/ CustomizeSearch=http://minisearch.startnow.com/ SearchAssistant=http://minisearch.startnow.com/ +SearchUrl provider= »Default User Default_Page_URL=C:\WINDOWS\system32\search.html Local Page=C:\WINDOWS\SYSTEM\blank.htm Search Bar=http://minisearch.startnow.com/ Search Page=http://minisearch.startnow.com/ Start Page=http://www.yahoo.com/ CustomizeSearch=http://minisearch.startnow.com/ SearchAssistant=http://minisearch.startnow.com/ +SearchUrl provider= »Local Machine Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Local Page=C:\WINDOWS\SYSTEM\blank.htm Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm +SearchUrl »ShellServiceObjectDelayLoad (LM) WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL »Special NT Values »Current User Load= Run= Programs= SHELL= »Default User Load= Run= Programs= SHELL= »Local Machine AppInit_DLLs=APITRAP.DLL SHELL= Userinit= »Files »Autostart Folders »Current User »Default User »Local Machine »INI-Files »WIN.INI\[windows] LOAD= RUN= »SYSTEM.INI\[boot] SHELL=Explorer.exe »Text Files C:\msdos.sys `[Paths] `WinDir=C:\WINDOWS `WinBootDir=C:\WINDOWS `HostWinBootDrv=C `UninstallDir=C:\ `[Options] `BootMulti=1 `BootGUI=1 `DoubleBuffer=1 `AutoScan=1 `WinVer=4.10.2222 `; `;The following lines are required for compatibility with other programs. `;Do not remove them (MSDOS.SYS needs to be >1024 bytes). `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs C:\config.sys `DEVICE=C:\WINDOWS\HIMEM.SYS `DEVICE=C:\WINDOWS\EMM386.EXE C:\autoexec.bat `@ECHO OFF C:\WINDOWS\wininit.bak `[Rename] C:\WINDOWS\hosts `127.0.0.1 localhost »Program Files C:\io.sys C:\WINDOWS\win.com C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\COMMAND.COM C:\WINDOWS\COMMAND.PIF C:\WINDOWS\COMMAND.COM +C:\PCDOC.BAT C:\WINDOWS\PCDOC.exe C:\WINDOWS\PCDOC.BAT »System/Drivers »Running Processes +FF0F393D=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFF0DA5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFF7A55=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFF578D=C:\WINDOWS\SYSTEM\mmtask.tsk +FFFFCB2D=C:\WINDOWS\EXPLORER.EXE +FFFF4261=C:\WINDOWS\TASKMON.EXE +FFFFBCDD=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFFEAA5D=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE +FFFEFC55=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFFEEF51=C:\WINDOWS\SYSTEM\SPOOL32.EXE +FFFD3489=C:\WINDOWS\SYSTEM\LEXBCES.EXE +FFFD1F6D=C:\WINDOWS\SYSTEM\RPCSS.EXE +FFFD8811=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFFCC2E9=C:\WINDOWS\SYSTEM\DDHELP.EXE +FFFC3329=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE +FFFA18E9=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE »VMM32Files (LM) vdd.vxd= vflatd.vxd= vshare.vxd= vwin32.vxd= vfbackup.vxd= vcomm.vxd= combuff.vxd= vcd.vxd= vpd.vxd= spooler.vxd= udf.vxd= vfat.vxd= vcache.vxd= vcond.vxd= vcdfsd.vxd= int13.vxd= vxdldr.vxd= vdef.vxd= dynapage.vxd= configmg.vxd= ntkern.vxd= ebios.vxd= vmd.vxd= dosnet.vxd= vpicd.vxd= vtd.vxd= reboot.vxd= vdmad.vxd= vsd.vxd= v86mmgr.vxd= pageswap.vxd= dosmgr.vxd= vmpoll.vxd= shell.vxd= parity.vxd= biosxlat.vxd= vmcpd.vxd= vtdapi.vxd= perf.vxd= vkd.vxd= vmouse.vxd= mtrr.vxd= enable.vxd= »%System%\VMM32 C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD C:\WINDOWS\SYSTEM\VMM32\IOS.VXD C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD C:\WINDOWS\SYSTEM\VMM32\HPZIOU01.DLL »%System%\IOSUBSYS C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD C:\WINDOWS\SYSTEM\IoSubSys\STLVSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\ENSQIO.VXD C:\WINDOWS\SYSTEM\IoSubSys\EPSSFD9X.MPD C:\WINDOWS\SYSTEM\IoSubSys\Cdralvsd.vxd C:\WINDOWS\SYSTEM\IoSubSys\CAMDISK.PDR C:\WINDOWS\SYSTEM\IoSubSys\iomega.vxd C:\WINDOWS\SYSTEM\IoSubSys\Cdr4vsd.vxd C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD C:\WINDOWS\SYSTEM\IoSubSys\tppiostb.pdr C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD C:\WINDOWS\SYSTEM\IoSubSys\BPPNPDRV.MPD C:\WINDOWS\SYSTEM\IoSubSys\NTI4CDR.VXD *C:\WINDOWS\SYSTEM\IoSubSys\Acbhlpr.vxd »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User This is more of an annoiance than anything, please help. Thank you!

08-02-2005, 07:48 AM	#6 (permalink)
Geekgirl Assistant Manager, Microsoft Support Join Date: Jan 2005 Location: Six-burgh, Pennsylvania Posts: 14,164 OS: XP Home SP3/XP Pro SP3/Vista Ultimate SP2/Windows 7 Professional	You need to post this information over in the HiJackThisLog Help Forum. I will move this over there for you, please be patient someone will look over your log. __________________ Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM *The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!!* *The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!*

04-08-2005, 06:47 PM	#3 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Thank you greyknight17 for the quick response. I did all that you asked, but I couldn't get the analyzer to work, but here is the new hijackthis log file Logfile of HijackThis v1.99.1 Scan saved at 7:44:07 PM, on 4/8/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe I still cannot acces my email or search anything on Yahoo. Strange. Thank you for your help. I'll be here all night. Kyokushin-Kai

08-02-2005, 02:59 PM	#7 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Thank you Thank you very much.

08-02-2005, 04:58 PM	#8 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Hello Kyokushin-Kai. I have merged your new thread with your old thread so that we can refer back to what's been tried and what hasn't. I can see greyknight also asked for a Trojan Scan, unfortunately TDS-3 has been discontinued, but I'm happy to go down that road.. Please run an online virus scan at Panda ActiveScan. Save the results and bring them with you in your next post. __________________

08-02-2005, 08:40 PM	#9 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Thank you POADB. I have been using Firefox because IE seems to not be cooperating with Java. What can I do from here...IE won't open the scan. Thanks

08-03-2005, 01:46 AM	#10 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool. Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3) 1. Save it to a folder. 2. Reboot into Safe Mode. 3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything. Configure Mwav as followed: check Memory check Startup Folders check Drive - All Local Drives check Folder - then click [Browse] to change the directory to C: (default is C:\Windows) Uncheck Registry check System Folders check Services check Include Sub-Directory check Scan All Files Press the Scan button. In the 'Virus Log Information Pane', use [CTRL] + [C] on your keyboard to copy everything found in the lower pane and save it to a notepad file. The whole log will be extremely big so there is no way to post the whole log. I just need the infected items list from that window. __________________

08-03-2005, 08:59 PM	#11 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Virus Scan Finished Wow that took a little time. Here is the infected list: Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Speer Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken. File C:\WINDOWS\All Users\Application Data\DIGStream\update.exe tagged as not-a-virus:Downloader.Win32.DigStream. No Action Taken. File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-32e1327a.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-6c837048.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6381e4ae.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-12259af3.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Drivers\qksetup.exe tagged as "not-a-virus:AdWare.CommonName.b". Action Taken: No Action Taken. File C:\Program Files\DivXPro511Adware.exe tagged as "not-a-virus:AdWare.Gator.3202". Action Taken: No Action Taken. File C:\Program Files\Fujitheme.exe tagged as "not-a-virus:AdWare.Gator.3013". Action Taken: No Action Taken. File C:\Program Files\CD to WAV and MP3 Ripper\m3_bbi6009.exe tagged as "not-a-virus:AdWare.BargainBuddy.v". Action Taken: No Action Taken. File C:\Program Files\CD to WAV and MP3 Ripper\MthreeTopText_ezStub.exe tagged as "not-a-virus:AdWare.EZula.p". Action Taken: No Action Taken. File C:\Program Files\DIGStream\DIGSTR~1.EXE tagged as not-a-virus:Downloader.Win32.DigStream. No Action Taken. File C:\My Downloads\setupcdripper.exe tagged as "not-a-virus:AdWare.BargainBuddy.v". Action Taken: No Action Taken. I'd imagine those java viruses are hurting me. Thank you for all your work. __________________ Kyokushin-Kai

08-04-2005, 11:37 AM	#12 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop (tmas-web-scan.exe) It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - Choose YES when informs you the file will be deleted on Reboot. Choose NO when it asks if you want to reboot): C:\WINDOWS\All Users\Application Data\DIGStream\update.exe C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6699b1e6-32e1327a.zip C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-652b4e66-6c837048.zip C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cla ssload.jar-50757294-6381e4ae.zip C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3dbcfe4d-12259af3.zip C:\WINDOWS\Drivers\qksetup.exe C:\Program Files\DivXPro511Adware.exe C:\Program Files\Fujitheme.exe C:\Program Files\CD to WAV and MP3 Ripper\m3_bbi6009.exe C:\Program Files\CD to WAV and MP3 Ripper\MthreeTopText_ezStub.exe C:\Program Files\DIGStream\DIGSTR~1.EXE C:\My Downloads\setupcdripper.exe Clear Java Cache Click Start >Settings>Control Panel Click the Java Plugin Icon Click the Cache tab Click the Clear button and click OK to confirm Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel Follow the instructions outlined here to clear Sun Java's cache. Reboot your computer and then Re-Run Panda. __________________

08-04-2005, 03:12 PM	#13 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Done I have done everything. Here is the log file: Started Scanning Files and Directories Found 'kmd.exe' in 'c:\WINDOWS\Drivers' Found 'LimeWire20.dll' in 'c:\Program Files\LimeWire' Programs in Memory Internet URL Shortcuts Internet Cookies Found 'com.com' in 'Internet Explorer Cache' Windows Registry Found '' in 'SOFTWARE\LimeWire' Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\InstantMessaging' Found '' in 'Software\Kazaa\LocalContent' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe' Found '' in 'SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32' Found '' in 'SOFTWARE\Magnet' Found '' in 'SOFTWARE\Classes\magnet' Found '' in 'SOFTWARE\Classes\magnet\shell\open\command' Found '' in 'SOFTWARE\Classes\AppID\{C630FBBF-E340-49DF-B4CB-06FB9EE34BB6}' Found '' in 'SOFTWARE\Classes\AppID\DeskBandSearch.DLL' Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand' Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand.1' Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand.1\CLSID' Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand\CLSID' Found '' in 'SOFTWARE\Classes\DeskBandSearch.SearchBand\CurVer' Found 'URL Protocol' in 'SOFTWARE\Classes\magnet' Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging' Found 'DisableListFiles' in 'Software\Kazaa\LocalContent' Found '{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser' Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'c:\WINDOWS\Drivers\kmd.exe' in shortcut areas. Checking for 'c:\WINDOWS\Drivers\kmd.exe' in startup areas. Cleaning 'c:\WINDOWS\Drivers\kmd.exe' Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas. Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in startup areas. Cleaning 'c:\Program Files\LimeWire\LimeWire20.dll' Finished Cleaning Thank you. __________________ Kyokushin-Kai

08-05-2005, 03:26 AM	#14 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	We'll need a new HJT log and a New Panda scan. Also an update on how your system behaves now. __________________

08-05-2005, 10:13 AM	#15 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	HJT Log Here is the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 11:11:39 AM, on 8/5/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\FIREWALL\PAVFIRES.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\HPZTSB07.EXE C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOU.DLL O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\PROGRAM FILES\ICOO LOADER\ADDONS\ICOOUE.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe" O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe" O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe" O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe" O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE" O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe" O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - User Startup: LEDTRAY.lnk = C:\Program Files\Common Files\Shuttle Technology\LEDTRAY.EXE O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll There were three new applications that I had to stop because my computer kept freezing. Wucrtupd, Webproxy, Apvxdwin All of these were new today. The Panda scan froze so I will run another one. WM Player is still not working and IE is having trouble with java. __________________ Kyokushin-Kai

08-05-2005, 10:31 AM	#16 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Wucrtupd - is a process checking for the latest updates for Windows. Webproxy - is a process associated with a web proxy service from Panda Software. Apvxdwin - Part of Panda Anti-Virus. Required to enable permanent virus protection. Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. You may also want to install Sun Java to assist IE. __________________

08-06-2005, 09:32 AM	#17 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Update I can't run windows update. IE won't recognize the website. __________________ Kyokushin-Kai

08-06-2005, 10:39 AM	#18 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	I notice that you have two anti-virus programs on your machine. That's not a good idea!! Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them. I recommend asking the Windows 98 forum about your issues now. It's not likely to be Security Related. __________________

08-06-2005, 10:49 AM	#19 (permalink)
Kyokushin-Kai Registered User Join Date: Apr 2005 Posts: 32 OS: XP	Anti-virus I didn't realize I had two antiviruses on my machine! I just installed Panda, what is the other one? __________________ Kyokushin-Kai

08-06-2005, 10:55 AM	#20 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	C:\Program Files\Norton SystemWorks\Norton AntiVirus\ This suggests that Norton AntiVirus is installed. If it's not, then it's ok. __________________