Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

lz32.dll


  • Please log in to reply

#1
hwill

hwill

    New Member

  • Member
  • Pip
  • 9 posts
Greetings.

Thank you for your guide on how to prepare a post for Hijck This (You Must Read This Before Posting A Hijackthis Log.)

I am running Windows 98 SE and have been experiencing some confusion over the appearance of a message during boot up that states: "LZ32.DLL file cannot start. Check the file to determine the problem."

Other peculiarities include: Power Management and Volume Control icons disappearing from the system tray.

Inability to access display settings (either through control panel or video card control software).

Google toolbar disappeared from Internet Explorer even though it is checked under View->Toolbars.



I believe I have done everything that was suggested by your tutorial

1) Ran Ad-aware SE according to the recommended custom settings.

2) Did NOT run CWShredder as the download is a trial version and I am a little leery of exactly what such offers can do for me. (ie. Will it run a check and withold solutions pending "registration"?)

3) Ran Spybot S&D.
Checked for updates and ran program. No spybots were found. Immunized system.

4) Ran Panda software ActiveScan. 14 viruses detected. All detected viruses cleaned (although, during the scan, the summary indicated that only 4 of the 14 viruses found were cleaned.)

5) Downloaded and ran TDS-3. Summary of scan indicated 6 alarms. Displayed several messages indicating "dual extensions". One "positive identification (embedded in file)" message (file resides in windows 98 backup.

6) Performed a Windows Update that involved downloading and installing critical updates deemed as such by Microsoft.

7) Enabled all programs handled by ZDNet Startup Manager to load on subsequent reboot of system. System tray was heavily loaded with startup programs and many error windows (LZ32.DLL included, which has appeared intermittently before today).

8) Ran Hijack This and saved a log of the process.


Here are the results:


Logfile of HijackThis v1.99.0
Scan saved at 3:44:51 PM, on 4/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ASUS\PROBE\ASUSPROB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\GAH95ON6.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\RCMAN.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\ASUS\SMARTDOCTOR\VGAPROBE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\OSDMENU.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\EAX.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\CENTER\RCENTER.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
C:\PROGRAM FILES\ASUS\PROBE\COOLING.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MOTIVE\ENCMNSVR.EXE
C:\MYSQL\BIN\WINMYSQLADMIN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\MYSQL\BIN\MYSQLD-OPT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LOOK Communications Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=c:\lotsuite\smartctr\SmartCtr
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Program Files\ASUS\Tweaking Utilities\atstart.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Creative Launcher] C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [kszbjrdn] C:\WINDOWS\SYSTEM\ghxvqqlc.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
O4 - HKLM\..\Run: [mswspl] C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\Creative\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [xitami] C:\XITAMI\XIWIN32.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\VGAProbe.exe FirstTime
O4 - HKCU\..\Run: [NOMAD Detector] "C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE"
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\ITOUCH\iTouch.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\Motive\EnCmnSvr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Winzip81\WZQKPICK.EXE
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .rsm;jsessionid=235D51A65876F83674DEEAA538B337B1: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://reports.mindl...load/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab


Is my problem with LZ32.DLL related to any of the above information? Are there other, unrelated problems in this log?

Please advise.

Regards,

Will
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe

O4 - HKLM\..\Run: [kszbjrdn] C:\WINDOWS\SYSTEM\ghxvqqlc.exe

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
O4 - HKLM\..\Run: [mswspl] C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab

Allow the changes we are trying to make (you have a lot of inactive startups, so I think something is protecting them). Then get the latest version of HijackThis (1.99.1) and post a new log made with that.

Regards,
  • 0

#3
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Pieter,

Thank you for your reply.

Hopefully, I followed your instructions correctly and the new log (listed below) will prove useful.

FYI: the first scan was performed after following the instructions posted in "You Must Read This Before Posting a Hijackthis log", hence why all of the inactive startup items appeared in the log.

I have since downloaded, installed and run some utilities recommended by Geeks to Go in an effort correct whatever ails my system...to no avail.

A persistent warning window that pops up during start up reads "Common.ini file is missing."


Here are the results of the latest Hijack This scan:

Logfile of HijackThis v1.99.1
Scan saved at 12:28:41 PM, on 5/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\RCMAN.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ASUS\SMARTDOCTOR\VGAPROBE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE
C:\PROGRAM FILES\COMMON FILES\MOTIVE\ENCMNSVR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\OSDMENU.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\EAX.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\CENTER\RCENTER.EXE
C:\MYSQL\BIN\WINMYSQLADMIN.EXE
C:\WINZIP81\WZQKPICK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\MYSQL\BIN\MYSQLD-OPT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LOOK Communications Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=c:\lotsuite\smartctr\SmartCtr
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Program Files\ASUS\Tweaking Utilities\atstart.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Creative Launcher] C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\Creative\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [xitami] C:\XITAMI\XIWIN32.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\VGAProbe.exe FirstTime
O4 - HKCU\..\Run: [NOMAD Detector] "C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE"
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\ITOUCH\iTouch.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\Motive\EnCmnSvr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Winzip81\WZQKPICK.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .rsm;jsessionid=235D51A65876F83674DEEAA538B337B1: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://reports.mindl...load/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409


Can you help?

Regards,

Will
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Your log looks good now. Combined with your problems I am reminded of what is known as a Bube infection.

To confirm or rule that possibility out I'd like you to use this online scan:
http://www.kaspersky...oduct=161744315

Since you already have an AV installed I don't think it's wise to install Kaspersky as well, but the online scan would certainly recognize the infection if present.

Let me know,
  • 0

#5
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Pieter,

Thanks for your super-fast reply!

I attempted to run Kaspersky's AV software.

I received an error message "Error loading SETUPAPI.DLL"


Any ideas?


Regards,

Will
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Can you follow the instructions to use the sfc here:
http://www.techadvic...m/w98/S/SFC.htm

Let me know the results,
  • 0

#7
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Pieter,

I just ran SFC and no problems were reported.


Regards,

Will
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Please click :
Start > Programs > Accessories > System Tools > System Information.
Click on "Tools" at the top, then click on "Internet Explorer Repair Tool".

Let me know if you can use the Kaspersky scan after doing that.

Regards,
  • 0

#9
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Arrghh!


I ran the IE Repair tool, selecting the "Repair Internet Explorer" option but the tool could not repair IE.

I have attached a screen capture of the window that listed all of the errors encountered during the attempted repair.

Sorry about all the blind alleys.

Regards,

Will

Attached Thumbnails

  • IE6_Repair_Errors_Log.jpg

  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Did you ever before notice something went sour when you installed IE 6 ?
Or is this something that you would say is related to the infections we removed?

One thing we ought to do as a shortcut is an idea of my friend ScHwErV:
Download and install Firefox:
http://www.mozilla.org/download.html
So you will at least have a dependable browser we can fall back on, when IE croaks completely.

Let me know if that'll work,
  • 0

Advertisements


#11
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Pieter,

Yes, I have a version of Firefox which I use from time to time.

As for problems with installing IE6: none that I can recall.

The original post to this thread was prompted shortly after a mysterious icon showed up in my tray. It was some sort of browser optimizer but I didn't knowingly download anything. My guess is that I somehow got onto a website and clicked something I didn't know I had clicked.

At any rate, I removed this program...at least I think I did. The icon immediately disappeared but that's also when the problems I've described started occurring.

The thought of reinstalling windows without losing data (as suggested by this topic http://www.geekstogo...8_95-t479.html) has crossed my mind but it seems risky and might leave me without a working computer at all.

FYI: I have an image viewing program which was working at one point but will no longer load. I get a "DDRAW.DLL file cannot start. Check the file to determine the problem" message when I do try and start this program.

I think this is part of the ActiveX suite of software and, since the error I received when attempting to use Kaspersky's AV software seems related to an ActiveX program, maybe the problem is with ActiveX of which I have no idea how to fix.


What do you think?

Regards,

Will
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
With all the DLL's missing I quite honestly think you'd be better of trying the Repair install.

Not your fault, but everything we try only seems to bring out more problems.
I think when you removed that program you mentioned it took out a part of your OS with it.

Regards,
  • 0

#13
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Pieter,

I just wanted to inform you that I attempted to run a Kaspersky scan.

I noticed, that during boot up, the error message that was the subject of the first post in this thread did not appear. The power management and volume control icons appeared in the sys tray--which they do not do when the lz32.dll message appears.

Thinking that the SETUPAPI.DLL error message that appeared when I tried running Kaspersky as per your suggestion (Post 4 and Post 5 of this thread). This time the scan worked!

According to Kaspersky, my computer is infected.

This is the summary:

Total number of scanned objects: 88905
Number of viruses found: 7
Number of infected objects: 14
Number of suspicious objects: 1
Duration of the scan process: 36379.756 sec

These are the infected files and their corresponding virus names:

c:\WINDOWS\SY...veScan\imscan.dll
Virus.Dos.Terronia.2538

c:\WINDOWS\Ap...zeFindBridge8.zip
Password-protected-EXE

c:\WINDOWS\Do...mose-hardcore.exe (9x)
Trojan.Win32.Dialer.fq (9x)

c:\Program Fi...tine\75513DE6.hta
Trojan-Dropper.VBS.Delud

c:\Program Fi...\crazy-window.htm
not-virus:Joke.JS.RJump.d

c:\rivizor.chm
Trojan.Win32.Dialer.ce

c:\d25c119d.hta
Trojan-Downloader.BVS.Psyme.av


Does this information help you in terms of "fixing" my computer or are there other unrelated problems?

Will
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Not really anything that accounts for the problems you are having.

Two dialers, a Joke-virus and a few exploits.

It shows your protection is rather low, but that is to be expected for Windows 98
  • 0

#15
hwill

hwill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks Pieter!


Any thoughts on what might be causing the intermittent appearance/disappearance of error messages and icons during boot up?

Regards,

Will
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP