Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 19 of 19

Thread: ie 6 message, and an annoying cursor

  1. #1
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668

    ie 6 message, and an annoying cursor

    I to have been troubled for some time by the ie message saying that it has to close down, but mine will not let me continue. also an infruriating yellow star with pink edges on my cursor.

    I wiped my hdd recently and set up again which got rid of them for a while, but they came back, a good cleaning the other day stoppe dthem also, but today theyre back,

    I'm posting hijack logs for advise please.
    --------------

    Logfile of HijackThis v1.97.7
    Scan saved at 23:36:27, on 21/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CARD READER\SHWICON.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.2.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device Ver. 1.3] "C:\Program Files\Card Reader\shwicon.exe" -t"The Company\USB Storage Device Ver. 1.3"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [S] S
    O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
    O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
    O4 - Startup: Shortcut to N OTES.txt.lnk = C:\WINDOWS\Desktop\N OTES.txt
    O4 - Startup: MRU-Blaster.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\SYSTEM\MetaProducts\Add_Url.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: PRDIE (HKLM)
    O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?37870.4021875
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  2. #2
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Your log looks pretty clean. These are suspicious, but don't seem likely to cause the problem you note:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\RunServices: [S] S
    O4 - Startup: Shortcut to N OTES.txt.lnk = C:\WINDOWS\Desktop\N OTES.txt

    What have you run to clean it out and what did you find that you cleaned??
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  3. #3
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    I ran....,

    spybot
    eraser
    mru blaster
    bho cop
    win patrol
    spyware blaster
    clean up
    regclean
    easycleaner
    privacy defender

    but for the posted log I did'nt run anything, in the hope that the offender might be spotted.

    previously there was too much to itemise so I cleared the lot (knowing that I had a backup)

    of the ones you suggest are suspicious, O4 - Startup: Shortcut to N OTES.txt.lnk = C:\WINDOWS\Desktop\N OTES.txt

    is just a copy of notepad that I have open on the desktop at boot, so that when I switch off I jot down any notes for next day etc. so that one is ok.
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  4. #4
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Did you fix the other 3 items?? If so, is the problem gone?? If not, there are a couple of other scans we can run, but you don't seem to have indications of any of the problems that would suggest them. Is anything disabled in msconfig?? If so, enable them and run a new HJT scan and post it here....
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  5. #5
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    thanks budfred,

    I have just fixed the 3 items, set msconfig from 'selective startup' to 'normal startup' so I will see how it goes this evening, and here is new log........
    ----------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 19:41:16, on 23/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CARD READER\SHWICON.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.2.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device Ver. 1.3] "C:\Program Files\Card Reader\shwicon.exe" -t"The Company\USB Storage Device Ver. 1.3"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
    O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
    O4 - Startup: Shortcut to N OTES.txt.lnk = C:\WINDOWS\Desktop\N OTES.txt
    O4 - Startup: MRU-Blaster.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\SYSTEM\MetaProducts\Add_Url.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: PRDIE (HKLM)
    O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?37870.4021875
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  6. #6
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Still not seeing anything... I am wondering if one of the security programs you are running could actually be causing the problem. Check through your cursors and see if you can find the one that is bugging you and some idea of what it is associated with.

    You could also run an StartupList Log from HJT... Look in Config, Tools and StartupList Log to run it (if I remember correctly)... If that doesn't do it, we can try a couple of other special tools...

    Also, it looks like you haven't run AdAware, try that....
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  7. #7
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    nothing in cursors...

    it looks something like....(see image)

    and it attaches itself to the (arrow) cursor, like the egg timer does. !

    nothing in adaware.

    ran msconfig, but there is nothing shown in config.sys (nor autoexec.bat) yet both are on system and contain comands, ?
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  8. #8
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    image
    Attached Images Attached Images  
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  9. #9
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    startup list from hjt

    -------------------

    StartupList report, 24/04/04, 10:23:54
    StartupList version: 1.52
    Started from : C:\PROGRAM FILES\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CARD READER\SHWICON.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Shortcut to N OTES.txt.lnk = C:\WINDOWS\Desktop\N OTES.txt
    MRU-Blaster.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    ShowIcon_The Company_USB Storage Device Ver. 1.3 = "C:\Program Files\Card Reader\shwicon.exe" -t"The Company\USB Storage Device Ver. 1.3"
    InCD = C:\Program Files\Ahead\InCD\InCD.exe
    AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    InstantAccess = C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    SiS KHooker = C:\WINDOWS\SYSTEM\khooker.exe
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
    Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    TaskMonitor = C:\WINDOWS\taskmon.exe
    LoadQM = loadqm.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    TClockEx = C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
    Eraser = C:\PROGRAM FILES\ERASER\ERASER.EXE -hide

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  10. #10
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [SetupcPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

    [AppletsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

    [FontsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

    [{5A8D6EE0-3E18-11D0-821E-444553540000}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

    [PerUser_ICW_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
    StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

    [PerUser_Msinfo] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

    [PerUser_Msinfo2] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

    [MotownMmsysPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

    [MotownAvivideoPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

    [MotownMPlayPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

    [PerUser_Base] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

    [ShellPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

    [Shell2PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

    [PerUser_winbase_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_winapps_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [TapiPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

    [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

    [PerUserOldLinks] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

    [MmoptRegisterPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [OlsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsMsnPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

    [PerUser_Paint_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_Calc_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_dxxspace_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

    [PerUser_CVT_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

    [MotownRecPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

    [PerUser_Vol] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

    [PerUser_MSWordPad_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

    [PerUser_RNA_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

    [PerUser_Wingames_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_Dialer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_CDPlayer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .W95

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [PerUser_MSBackup_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf

    [PerUser_Sysmon_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_Sysmeter_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_CharMap_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_ClipBrd_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:

    *File not found*

    --------------------------------------------------
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  11. #11
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 18/4/2004, 13:31:18)

    [Rename]
    NUL=c:\windows\cookies\vic@2o7[1].txt
    NUL=c:\windows\cookies\vic@cgi-bin[2].txt
    NUL=c:\windows\cookies\vic@bluestreak[1].txt
    NUL=c:\windows\cookies\vic@questionmarket[2].txt
    NUL=c:\windows\cookies\vic@clickbank[1].txt
    NUL=c:\windows\cookies\vic@targetnet[2].txt
    NUL=c:\windows\cookies\vic@adtech[1].txt
    NUL=c:\windows\cookies\vic@servedby.advertising[2].txt
    NUL=c:\windows\cookies\vic@advertising[2].txt
    NUL=c:\windows\cookies\vic@atdmt[2].txt
    NUL=c:\windows\cookies\vic@gator[1].txt
    NUL=c:\windows\cookies\vic@fastclick[2].txt
    NUL=c:\windows\cookies\vic@tribalfusion[1].txt
    NUL=c:\windows\cookies\vic@hc2.humanclick[1].txt
    NUL=c:\windows\cookies\vic@bfast[1].txt
    NUL=c:\windows\cookies\vic@mediaplex[1].txt
    NUL=c:\windows\cookies\vic@adviva[2].txt
    NUL=c:\windows\cookies\vic@edge.ru4[1].txt
    NUL=c:\windows\cookies\vic@doubleclick[1].txt

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    *File not found*

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    *File not found*

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    *File not found*

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: not hidden
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    Popup Manager - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.2.DLL - {08E74C67-99A6-45C7-94DA-A397A8FD8082}
    (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    *No jobs found*

    --------------------------------------------------

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [DirectAnimation Java Classes]
    CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
    OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    [Internet Explorer Classes for Java]
    CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

    [Java Plug-in 1.3.1_01]
    InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_01\bin\npjava131_01.dll
    CODEBASE = http://java.sun.com/products/plugin/...131_01-win.cab

    [Java Plug-in 1.3.1_01]
    InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_01\bin\npjava131_01.dll
    CODEBASE = http://java.sun.com/products/plugin/...131_01-win.cab

    [webhelper Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\BTWEBCONTROL.DLL
    CODEBASE = http://register.btopenworld.com/temp...control012.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.co...?37870.4021875

    [PCPitstop Utility]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [{32564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

    [{31564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

    [EPSImageControl Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EPSCONTROL.DLL
    CODEBASE = http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab

    [AV Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
    CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
    Protocol #1: imslsp.dll (file MISSING)
    Protocol #2: imslsp.dll (file MISSING)
    Protocol #3: imslsp.dll (file MISSING)
    Protocol #4: C:\WINDOWS\SYSTEM\mswsosp.dll
    Protocol #5: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #6: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #7: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #8: C:\WINDOWS\SYSTEM\rsvpsp.dll
    Protocol #9: C:\WINDOWS\SYSTEM\rsvpsp.dll
    Protocol #10: imslsp.dll (file MISSING)

    --------------------------------------------------

    Enumerating Win9x VxD services:

    VNETSUP: vnetsup.vxd
    NDIS: ndis.vxd,ndis2sup.vxd
    JAVASUP: JAVASUP.VXD
    CONFIGMG: *CONFIGMG
    NTKern: *NTKERN
    VWIN32: *VWIN32
    VFBACKUP: *VFBACKUP
    VCOMM: *VCOMM
    COMBUFF: *COMBUFF
    IFSMGR: *IFSMGR
    IOS: *IOS
    MTRR: *mtrr
    SPOOLER: *SPOOLER
    UDF: *UDF
    VFAT: *VFAT
    VCACHE: *VCACHE
    VCOND: *VCOND
    VCDFSD: *VCDFSD
    VXDLDR: *VXDLDR
    VDEF: *VDEF
    VPICD: *VPICD
    VTD: *VTD
    REBOOT: *REBOOT
    VDMAD: *VDMAD
    VSD: *VSD
    V86MMGR: *V86MMGR
    PAGESWAP: *PAGESWAP
    DOSMGR: *DOSMGR
    VMPOLL: *VMPOLL
    SHELL: *SHELL
    PARITY: *PARITY
    BIOSXLAT: *BIOSXLAT
    VMCPD: *VMCPD
    VTDAPI: *VTDAPI
    PERF: *PERF
    VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386
    VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd
    VNETBIOS: vnetbios.vxd
    VSDATA95: vsdata95.vxd
    VREDIR: vredir.vxd
    DFS: dfs.vxd
    Selah: Intelsdb.vxd

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 23,674 bytes
    Report generated in 0.202 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    -----------------------------------
    have run msconfig, but there is nothing shown in config.sys (or autoexec.bat) although both are present on the system and contain comands ?

    nothing appeared suspicious in startup.

    nothing (absolutely nothing) in adaware.
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  12. #12
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    sorry about the number of posts, had quite some difficulty with it, partic as my connection kept dropping, seems a better way (I have now discovered) would be to change the hjt file to a .txt file and post it as an attachment.

    hjt log (.txt)
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  13. #13
    Join Date
    Aug 2003
    Location
    Halifax, England
    Posts
    264
    Is this a quartine list from a clean with ad-aware or spybot s&d or are these actual cookies.

    [Rename]
    NUL=c:\windows\cookies\vic@2o7[1].txt
    NUL=c:\windows\cookies\vic@cgi-bin[2].txt
    NUL=c:\windows\cookies\vic@bluestreak[1].txt
    NUL=c:\windows\cookies\vic@questionmarket[2].txt
    NUL=c:\windows\cookies\vic@clickbank[1].txt
    NUL=c:\windows\cookies\vic@targetnet[2].txt
    NUL=c:\windows\cookies\vic@adtech[1].txt
    NUL=c:\windows\cookies\vic@servedby.advertising[2].txt
    NUL=c:\windows\cookies\vic@advertising[2].txt
    NUL=c:\windows\cookies\vic@atdmt[2].txt
    NUL=c:\windows\cookies\vic@gator[1].txt
    NUL=c:\windows\cookies\vic@fastclick[2].txt
    NUL=c:\windows\cookies\vic@tribalfusion[1].txt
    NUL=c:\windows\cookies\vic@hc2.humanclick[1].txt
    NUL=c:\windows\cookies\vic@bfast[1].txt
    NUL=c:\windows\cookies\vic@mediaplex[1].txt
    NUL=c:\windows\cookies\vic@adviva[2].txt
    NUL=c:\windows\cookies\vic@edge.ru4[1].txt
    NUL=c:\windows\cookies\vic@doubleclick[1].txt


    If they turn out to be actual cookies I would say that this is where your problem is, If there not cookies then there is nothing that I can see that is wrong with your machine.

    vic 970 you could of added the attatchment to your post instead of starting a new thread and placing a link to the thread in your last post.
    Last edited by tweeky; 04-24-2004 at 06:36 AM.

  14. #14
    Join Date
    Aug 2003
    Location
    Northern California
    Posts
    13,383
    tweeky,
    You confused me, I finally figured out you were quoting from
    Vic970. Those should be backups after removal.
    Last edited by PrntRhd; 04-24-2004 at 09:04 AM.

  15. #15
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    hi tweeky,

    the cookies are 'current session' the NULL indicates that they will be deleted at next re-boot. I have since re-booted and they are gone.

    the attachment idea came to me after I had (struggled) and posted, so I checked it out in testing forum, and when it worked tried to add it to my post,
    but alas pc guide wouldn't let me do that as it was a 'duplicate' so I tried to delete the post in testing, but wasn't able to do that either,

    therefore the only alternative was to post the link.

    in future it will be possible to attach within the post, which should help as I notice that many members have had to split hjt logs in the past.
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  16. #16
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    I am not seeing the problem here either... I am guessing it may be one of your legit helper programs that is doing it. The popup stopper would be the prime suspect, but it could be something else as well....

    As someone who reads a lot of these logs, I really HATE it when people put them in as attachments and will usually just ignore those posts... It is no problem to have them span several posts if that is what it takes....
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  17. #17
    Join Date
    Aug 2003
    Location
    Northern California
    Posts
    13,383
    vic970,
    It forces everyone to choose what to open the file with, just a pain.
    I would suggest Spywareblaster be installed after you get this cleaned, the Gator type stuff has to be kept off the computer and it will help somewhat.

    Edit: Budfred, don't you ever sleep?

  18. #18
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    I'll see how it goes tomorrow then try un-installing the pop up stopper. trouble is with it being intermittent, it will be a while before I can say it is clear. on the other hand if it remains or comes
    back then the message is clear.

    I thought the attachment was a better method (certainly for posting) but as that is not the prefered method for you, will stick with the multi posts as required.

    PrntRhd.

    Spyware blaster is already installed, in fact I have just done an update, however I haven't studied it much or configured it, just checked automatically protect everything.
    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



  19. #19
    Join Date
    Oct 2000
    Location
    Crewe, Cheshire, England
    Posts
    1,668
    got rid of pop up stopper, did'nt have the prob for a while, but both ie 6 message and star are back again now.

    for every question there's an answer. Then a load more questions.

    Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

    Regards..,
    Vic.



Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •