Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-spy.html.smitfraud.c [RESOLVED]


  • This topic is locked This topic is locked

#16
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptopsy, :tazz:

(Note: Do the following steps in this post after performing the steps in the previous post I sent you.)

I was talking with another member at the Geeks to Go forums web site and we talked about some possible reasons why your wininet.dll file was being deleted on a reboot. It is possible that your AntiVir Personal Edition anitivirus software is deleting your "wininet.dll" file on a reboot (with this file deletion, your internet explorer browser will not function correctly either). If you are still having problems with the "wininet.dll file being deleted on reboot. Try the following steps:1. Uninstall your AntiVir Personal Edition software. Reboot your computer.
2. Re-install your wininet.dll file from your window 98 cd to your computer. Reboot your computer.
3. See if on reboot, if your computer system tries to delete your "wininet.dll" file. Reboot your computer.
4. Re-install your AntiVir Personal Edition software.
5. Check to see if your Cleanup, Adaware, Spybot programs are running correctly.
6. Check to see if your IE browser is running correctly.
7. Post to me the HijackThis log, silent runners log and the MWAV antivirus tool application log in a reply to this post.
8. In addition, let me know in detail how your computer system is running after performing the above steps.
rambro ;)
  • 0

Advertisements


#17
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I downloaded and ran killbox with no problems. The files which you specified were deleted with no problems and have stayed deleted. After doing this, my computer was still running like before i had run killbox. I couldn't run cleanup, adaware, spybot, and internet explorer without restoring wininet.dll first. MWAV antivirus tool ran fine, but I never had any problems with this anyway.

I then followed your instructions in your 2nd post and uninstalled antivir and rebooted my computer. I then restored wininet.dll but it was still being deleted on rebooting, so it was causing all the same problems as before. I then reinstalled antivir and ran a scan then rebooted. My computer was still deleting wininet.dll on reboot.

Before i ran killbox and did any of the steps in your last 2 posts I also noticed that both my windows help and Adaptec Easy Cd Creator 4 programmes would not operate without wininet.dll being restored. Without the file being restored i get the following message when trying to open Microsoft help:

"Cannot open the file: mk:@MSITStore:C:\WINDOWS\Help\windows.chm"

I get the following message when trying to open Easy Cd Creator 4

"Easy CD Creator engine initialization has failed: (Could not create the engine)"

Upon restoration of wininet.dll both of these were running and operating fine, but opon rebooting wouldn't run again.


My log from running MWAV antivirus tool is as follows:

Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdServX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\scrrun.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\ATL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdServX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB40C160-09A1-11D3-BAF2-000000000000}" refers to invalid object "C:\Program Files\ICQ\IExplorerMime.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f802f260-519b-11d1-bb5d-0060974c6013}" refers to invalid object "C:\Program Files\ICQ\ICQShell.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EDDC2226-92A4-11D2-88F2-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19A34456-852D-11D2-88E8-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995C-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ABA40B01-DDD6-11D1-B674-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7392459A-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73924599-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D116A2F3-8380-11D2-A147-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQP3C.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5D28581-CA46-11d2-A150-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\POP3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D26BB11A-2890-11D3-AF1A-0090270D8D35}" refers to invalid object "C:\PROGRA~1\ICQ\STREAM~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FEA9C971-B6B6-11D2-8A38-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0659DDD1-FAC8-11D2-ACB6-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31D6F701-0B27-11D3-ACB8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{302B93B5-9014-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E37C97F1-904F-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E8A9A21-BE9A-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C031D0D1-312C-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C457A31-C68D-11D2-8A3C-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{980556F1-3128-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08D781E1-3129-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C17-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F411-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F412-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36C1F413-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516251-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25516252-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9AF8C14-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B71-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC772B72-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB5122E3-2F91-11D3-AF14-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3D4E5C2-4990-11D3-ADDF-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{104DD9C5-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99B4815C-2008-11d3-AF17-0090270D6DEC}" refers to invalid object "C:\PROGRA~1\ICQ\ALAGENT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06047-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCB06046-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43D94B25-2B3C-4635-93DE-3240327DC9CD}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B76AB44-9926-48b3-8738-D864D8E1BE5F}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1491A15-2BFE-4094-B631-2871FCD35B3B}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2482B240-E979-11D9-9A77-4445726C1340}" refers to invalid object "C:\WINDOWS\SYSTEM\KFFA.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken.


My log from hijackthis is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 17:10:50, on 22/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\w6tq86az.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5CNetscapeSearch.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\w6tq86az.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yaho...m/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/g.../zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#18
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear crytopsy :tazz:

I would like you to generate a "Startup List" log using the HijackThis application. Here is how you can do this:

Restart your computer.
  • Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
  • Once in the "Configuration" panel, click "Misc Tools" button.
  • Next to the "Generate StartupList log" button, place a check in the checkboxes "List also minor sections" (full) and "List empty sections (complete).
  • Then click the "Generate StartupList log" button.
  • Click "Yes" to the box that pops-up.
  • Then copy and paste the notepad text that appears in the generated "startuplist.txt" file in a reply to this post.
rambro ;)
  • 0

#19
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Cheers, i really appreciate the work you have been doing to try and fix my computer. Here is the startup list log:

StartupList report, 23/07/05, 01:18:32
StartupList version: 1.52.2
Started from : C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
NInit = C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
3dfx Tools = rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
DLF_00001000 = C:\WINDOWS\SYSTEM\Vcdlf.exe /c
LoadQM = loadqm.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
WheelMouse = Amoumain.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TVWatch = C:\WINDOWS\SYSTEM\TVWatch.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_MSBackup_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf

[PerUser_CVT_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[Theme_Windows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*No subkeys found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 22/7/2005, 15:34:48)

[rename]
NUL=C:\WINDOWS\TEMP\DELUS.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

attrib -s -h -r c:\windows\system\wininet.dll
del c:\windows\system\wininet.dll

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE RAM
DOS=HIGH,UMB
DEVICEHIGH=C:\WINDOWS\SAMPLE.SYS /D:MSCD001
DEVICEHIGH=C:\WINDOWS\COMMAND\ANSI.SYS
DEVICEHIGH=C:\WINDOWS\COMMAND\DRVSPACE.SYS /MOVE
[COMMON]

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

ECHO OFF
LH C:\MOUSE\MOUSE
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:MSCD001 /V
LH SMARTDRV

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YACSCOM.DLL
CODEBASE = http://cs6.chat.yaho...m/v/yacscom.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{00000161-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/msaudio.cab

[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/mpeg4ax.cab

[Zoom Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ZACTIVEX.DLL
CODEBASE = http://www.fhm.com/g.../zoomify138.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macr...director/sw.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros.../i386/wmvax.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate...en/actsetup.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...i386/wmv8ax.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...B?1070498057050

[Yahoo! Poker]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://download.game...nts/y/pt3_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Poker.osd

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoft.../as5/asinst.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd,ndis2sup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *mtrr
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386
VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd
VNETBIOS: vnetbios.vxd
VREDIR: (no file)
DFS: dfs.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 24,136 bytes
Report generated in 0.440 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#20
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptopsy, :tazz:

When you restore the "wininet.dll" file back to your computer system (i.e. don't reboot the computer, because this file will get deleted as you are well aware of), I want you to do the following:

Double-click on My Computer and locate the file "wininet.dll" (this should be located in the C:\windows\system directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company Name", "Internal Name", "Language", "Original Filename", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

rambro ;)
  • 0

#21
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptospy, :tazz:

Please go to Start -> Programs -> Accessories and open up the Notepad application (i.e. notepad.exe). Once the Notepad application is open, go to the "File" menu on the notepad application and choose "Open". In the "Open" dialog box, in the "Files of type" text drop-down box, click the downward arrow and choose "All Files (*.*)". Next go to the following file: C:\autoexec.bat and open it (make sure the "Files of type" is set to "All Files"). Copy and paste the contents of the "autoexec.bat" file in a reply to this post. Close the notepad application. Do not alter the "autoexec.bat" file in any way

rambro ;)
  • 0

#22
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here are the wininet.dll file details:

File version: 5.00.2614.3500
Description: Internet Extensions for Win32
Copyright: Copyright © Microsoft Corp. 1981-1999

Company name: Microsoft Corporation
Internal name: wininet.dll
Language: English (United States)
Original filename: wininet.dll
Product name: Microsoft® Windows ® 2000 Operating System
Product version: 5.00.2614.3500


Here are the contents of autoexec.bat from notepad:

attrib -s -h -r c:\windows\system\wininet.dll
del c:\windows\system\wininet.dll
  • 0

#23
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptospy, :tazz:

Read this post over a couple of times before executing the steps in this post.

From your last post, I noticed in the properties of the "wininet.dll" fiile that the product name said "Microsoft® Windows ® 2000 Operating System", are you restoring the wininet.dll file from your windows 98 CD or from a windows 2000 CD? Let me know your reponse in detail.

In this post we are going to manipulate and important file on your computer system called the "autoexec.bat" file through the notpad application. When you "open" and "save" this file in the notepad application, make sure the "Files of type" and the "Save as type" text drop-down boxes are set to "All Files" respectively. Before we manipulate the the "autoexec.bat" file, I want to create a backup of this original "autoexec.bat" file, just in case, the fix in this post does not work, and we have to restore the original file back to your computer system.

Let us first open up our notepad application by going to Start -> Programs -> Accessories -> Notepad. The Notepad application should open up, go the the "File" menu and click on "Open", the "Open" dialogue box will open up, make sure the "Files of type" is changed to "All Files". Go to the following file, which is located at "C:\autoexec.bat" and open it up. Go to the "File" menu in the notepad application and click on "Save As", the "Save As" dialog box should open up, name this file "autoexec.old" and save the file in the C:\ directory, make sure the "Save as type" text drop-down box is set to "All Files". Once this is done, click on the "Save" button and close out of the notepad application. You have just created your "autoexec.bat" backup file and called it "autoexec.old"

Next, open up the notepad application again, and go to the file located at "C:\autoexec.bat" and open up that file, making sure that the "Files of type" is changed to "All Files". Now I want you to delete the following lines in this file (be careful while executing this procedure because this file is important):

attrib -s -h -r c:\windows\system\wininet.dll
del c:\windows\system\wininet.dll


then I want you to go to the "File" menu in the notepad application and click the "Save" item under the "File" heading of the notepad's menu bar.

Restore your "wininet.dll" file from your windows 98 CD-ROM, if you have not done so already and reboot your computer. Let me know in detail, what happens to the "wininet.dll" file on reboot (it should not be deleted on reboot).

Note: if something goes wrong with the current (manipulated) autoexec.bat file, then rename/delete this file and rename the "autoexec.old" file back to the "autoexec.bat" file name.
********************************

Next, I have some files, I want you to delete in the "Safe mode". Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Delete the following file marked in blue (if it exists)

C:\WINDOWS\TEMP\DELUS.EXE

Finally, go to the Start Menu, click "Run", and in the window type cleanmgr. This will run the System Cleanup program. Make sure the box next to "Temporary files" is checked, and then click "OK".

Restart your computer, in normal mode, and then please post a new "Startup List" log using the HijackThis application.

In addition, let me know in detail how your computer system is running after performing the above steps. ;)

Edited by rambro, 23 July 2005 - 05:24 AM.

  • 0

#24
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
In response to your first question i have been restoring wininet.dll from my windows 98 cd. I don't have windows 2000 installed and never had so it struck me as weird when i saw "Microsoft® Windows ® 2000 Operating System" under the product name.

After following your instructions wininet.dll is no longer being deleted on reboot, and the command line has disappeared from the startup screens as expected. I have also had no problems with autoexec.bat.

With regards to how my computer is now running, Cleanup, Adaware and Spybot are able to startup and run fine. My Windows help menu and Adaptec Easy Cd Creator programme are also opening and running fine. Outlook express is opening and running fine.

Internet explorer is opening with no problems and is running pretty much fine. The only problem i am having with it, was when i tried to go to www.hotmail.com i got the following message:

"Cookies must be allowed
Your browser is currently set to block cookies. Your browser must allow cookies before you can use the Passport Network.

Cookies are small text files stored on your computer that tell Passport Network sites and services when you're signed in. To learn how to allow cookies, see online help in your web browser."


I then went into my internet options and noticed that the privacy tab was set at:

"Custom
-Advanced or imported settings"

I then clicked the default button and moved the slider to medium to try and allow cookies. I then clicked on apply and ok. However, when i went back into my internet options straight away, the privacy settings were back to custom again. I tried to changed the slider to a different setting of "allow all cookies" and clicked on apply and ok. However upon going back into the internet options the privacy level was back at custom again.

I then went to the general tab in internet options and clicked on settings for temporary internet files. I then looked at the files and noticed that temporary internet files were being stored from websites i had just viewed as per usual, and the cookie files from certain websites that i had just visited were in there as well. I then tried to access my hotmail inbox via msn messenger and i did so with no problems. After viewing my inbox and signing out i went back into my temporary internet files and noticed that the following cookies were in there:

cookie:family@hotmail.msn.com
cookie:family@msn.com
cookie:family@passport.com

However i still could not access www.hotmail.com by way of internet explorer due to getting the message that cookies must be allowed.

I then went back to the privacy tab in internet options and clicked edit. I then typed in www.hotmail.com and clicked allow, but when doing so i got the following error message:

EXPLORER caused an invalid page fault in
module <unknown> at 0000:00000009.
Registers:
EAX=02848856 CS=017f EIP=00000009 EFLGS=00010286
EBX=70bff27d SS=0187 ESP=028467cc EBP=0284a8ec
ECX=44671102 DS=0187 ESI=00000000 FS=340f
EDX=d4760e40 ES=0187 EDI=00000000 GS=0000
Bytes at CS:EIP:
00 49 06 65 04 70 00 65 04 70 00 54 ff 00 f0 d8
Stack dump:
00000187 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0000012a 00000011 000001d9 00000078 00000303 00000089 00000000 00000000

I tried again but continued to get the same message. To see if i could modify anything in internet options, i changed my homepage and clicked apply and ok. This worked with no problems.

Apart from this problem with hotmail.com, my computer is running and operating with no problems that i am aware of.


Here is my startup list log from hijackthis:

StartupList report, 24/07/05, 12:06:16
StartupList version: 1.52.2
Started from : C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
NInit = C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
3dfx Tools = rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
DLF_00001000 = C:\WINDOWS\SYSTEM\Vcdlf.exe /c
LoadQM = loadqm.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
WheelMouse = Amoumain.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TVWatch = C:\WINDOWS\SYSTEM\TVWatch.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_MSBackup_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf

[PerUser_CVT_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[Theme_Windows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*No subkeys found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 22/7/2005, 15:34:48)

[rename]
NUL=C:\WINDOWS\TEMP\DELUS.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:


--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE RAM
DOS=HIGH,UMB
DEVICEHIGH=C:\WINDOWS\SAMPLE.SYS /D:MSCD001
DEVICEHIGH=C:\WINDOWS\COMMAND\ANSI.SYS
DEVICEHIGH=C:\WINDOWS\COMMAND\DRVSPACE.SYS /MOVE
[COMMON]

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

ECHO OFF
LH C:\MOUSE\MOUSE
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:MSCD001 /V
LH SMARTDRV

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YACSCOM.DLL
CODEBASE = http://cs6.chat.yaho...m/v/yacscom.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{00000161-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/msaudio.cab

[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/mpeg4ax.cab

[Zoom Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ZACTIVEX.DLL
CODEBASE = http://www.fhm.com/g.../zoomify138.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macr...director/sw.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros.../i386/wmvax.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate...en/actsetup.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...i386/wmv8ax.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...B?1070498057050

[Yahoo! Poker]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://download.game...nts/y/pt3_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Poker.osd

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoft.../as5/asinst.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd,ndis2sup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *mtrr
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386
VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd
VNETBIOS: vnetbios.vxd
VREDIR: (no file)
DFS: dfs.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 24,220 bytes
Report generated in 0.388 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#25
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptospy, :tazz:

Since you are using an older version of the "wininet.dll" file. I would like you to re-install a new version of Internet Explorer over your older version. The re-installation of a new version of Internet Explorer will also download a current version of your "wininet.dll" file. Open up your Netscape Navigator browser and download the setup file for the current Internet Explorer browser application from the following web site: http://www.microsoft...&DisplayLang=en.

Once the the Internet Exploxer setup file is downloaded to your computer (you should save this file to your desktop or better yet create a new folder and name it "Internet Explorer Set Up File" and save the IE browser setup file to this folder), exit out of the Netscape Navigator browser. Make sure no other browsers and windows are open, and then proceed to install your Internet Explorer browser application.

If during the installation of the Interenet Explorer browser, the installation should prompt you that you have a "previous installation of Internet Explorer on your computer, and if you want to overwrite your existing Internet Explorer files", choose Yes or OK. This will overwrite your existing IE files and in the process give you a new version of the "wininet.dll" file.

Next, after your new IE browser is installed, double-click on My Computer and locate the file "wininet.dll" (this should be located in the C:\windows\system directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company Name", "Internal Name", "Language", "Original Filename", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright".

In addition, let me know in detail how your computer system is running after performing the above steps. ;)
  • 0

Advertisements


#26
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I reinstalled Internet explorer and i can now go to www.hotmail.com and am able to change my cookie settings with no problems. My computer is now having no problems that i am aware of. Here are the new wininet.dll details:

File version: 6.00.2800.1106
Description: Internet Extensions for Win32
Copyright: © Microsoft Corporation. All rights reserved.

Company name: Microsoft Corporation
Internal name: wininet.dll
Language: English (United States)
Original filename: wininet.dll
Product name: Microsoft® Windows® Operating System
Product version: 6.00.2800.1106
  • 0

#27
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptospy, :tazz:

Here's some recommended changes in the IE browser settings that will help protect your computer from infection.

Go to the Tools menu, then choose Internet Options.

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK

Go to the Security tab & click the Custom Level button.

The following ActiveX section settings should be changed as follows:

* Download signed ActiveX controls: Prompt
* Download unsigned ActiveX controls: Prompt
* Initialize and script ActiveX controls not marked as safe: Disable

In the Microsoft VM section (if it exists), set Java Permissions to "High Safety".

In the Miscellaneous section, set Installations of desktop items to "Prompt"

Click on the Advanced tab and uncheck both Install on demand items.

Click on Apply, then OK.
************************

Dear cryptopy, please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here: http://www.mozilla.o...oducts/firefox/.

I use Firefox as my main browser, to search the Internet and have Internet Explorer as a backup. If you decide to download and run Firefox, and feel comfortable with this browser, then you may want to uninstall your netscape browser.

I use Internet Explorer, for windows 98 updates and to run certain on-line scans such as Housecall and the Panda Active Scan.

rambro ;)

Edited by rambro, 25 July 2005 - 06:02 AM.

  • 0

#28
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptopsy, :tazz:

I would like you to run the following applications.1. Trojan Hunter
2. Housecall by Trend Micro (run from the IE browser)
3. Panda Active Scan (run from the IE browser)
4. Ad-Aware SE (See this link: http://www.bleepingc...showtutorial=48 )
5. Spybot Search and Destroy (See this link: http://www.bleepingc...showtutorial=43 )
6. Test to see if the SilentRunners application is working (you don't have to give me the log, just let me know in a reply to this post if it is working).
7. Test to see if the MWAV antivirus tool application is working (you don't have to give me the log, just let me know in a reply to this post if it is working).
8. Scan your computer with your "AntiVir Personal Edition" antivirus software.
rambro ;)

Edited by rambro, 25 July 2005 - 06:06 AM.

  • 0

#29
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear cryptopsy, :tazz:

Restart your computer and then please post a new HijackThis log. ;)
  • 0

#30
cryptopsy

cryptopsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I changed the internet explorer settings as directed, and will look into firefox further. I ran all the required programmes with no difficulty except silentrunners was still coming up with the same message as before when i tried to start it, of:

Windows Script Host
Script: C:\Windows\Desktop\Silent Runners.vbs
Line: 84
Char: 13
Error: Could not create object named "WScript.Shell".
Code: 80040154
Source: WScript.CreateObject

My computer is currently running fine with no problems that i am aware of.


Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:35:22, on 26/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yaho...m/v/yacscom.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/g.../zoomify138.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP