[Baho]

Hi Guys and girls.
Well heres my problem and I hope someone can help me out with this.
Regards

"Microsoft Visual C++ Runtime Library

Buffer overrun detected!

Program C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

A buffer overrun has been detected which has corrupted the programs internal state.
The program cannot safely continue execution and must now be terminated."

Other problems include:
Norton Intrusion detection will not enable in the firewall as no windows access apparantely.
A program le9f C:\Dajarubs.exe is located in msconfig startup files, but no mention of it can be found on my hard drive.
I have no idea what it relates to.
The following programs were identified and un installed previous to the above problem and probally the cause.
'Sidefind'
'Slotch Bar'
'Surf Accuracy'
'The Bullseye network'
I can only access internet explorer through a shortcut to Microsoft located on Control Panel page.
All other means bring up an error message.
Clicking on links then freezes internet explorer and shuts down other programs like Norton etc
Pasting the address in works though.
Norton virus scan has been done after recent update.
Tried to do an online scan. Trend Housecall but get error message(Buffer overun)
Ad aware, CWShredder, Spywareblaster, Spybot and HJT have been run.
Also latest Windows updates have been done.
Anything else I can check while waiting for a response?


Heres the HJT log.
 AdawareLog110905.txt   34.74KB   239 downloads

[Advertisements]

Hi and welcome Baho
Could you post a HJT log for us please,

[don77]

Hi and welcome Baho
Could you post a HJT log for us please,

[Baho]

G'day Ty for the reply.
Heres the log. Normal startup all startup items selected.
Regards

Logfile of HijackThis v1.99.1
Scan saved at 7:29:17 AM, on 12/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\E_S4I3T1.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\MY PROGRAMS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~2\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-au\msnappau.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~1\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Encarta &Definition - http://au.encarta.ms...kDictionary.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/MsnChat45.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab

[don77]

Hi again Baho,
Reboot into SAFE MODE

Next
Click Start | Run | type in cleanmgr | OK

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.

Next
While still in safe mode
Open Ad-aware and perform a full scan with it please, when it has finished scanning, Have it fix all it finds,

Next
Restart your computer head over to windows updates make sure you have all the current windows updates,


Next
Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[Baho]

G'day again Don
Ty for the quick response.

Windows updates:
823559: Security Update for Microsoft Windows
Download size: 305 KB, < 1 minute
An identified security issue in Microsoft Windows could allow an
attacker to compromise a Microsoft Windows-based system and then take a
variety of actions. For example, an attacker could execute code on the system.
By installing this update, you can help protect your computer.

Have downloaded this a few times but everytime I go there it still says I require it.
So downloaded it once more, not sure if its done though.

Had to install wmi9x.exe as management tool.

But so far so good..

Here's the Silent Runners Log. Thanks for the time. I await your reply


"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Taskbar Display Controls" = "RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY" [MS]
"msnmsgr" = ""C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"]
"Norton eMail Protect" = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE" ["Symantec Corporation"]
"NAV DefAlert" = "C:\PROGRA~1\NORTON~2\NORTON~2\DEFALERT.EXE" ["Symantec Corporation"]
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"CriticalUpdate" = "C:\WINDOWS\SYSTEM\wucrtupd.exe -startup" [MS]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NPROTECT" = "C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe" ["Symantec Corporation"]
"Norton Auto-Protect" = "C:\PROGRA~1\NORTON~2\NORTON~2\NAVAPW32.EXE /LOADQUIET" ["Symantec Corporation"]
"QD FastAndSafe" = "C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup" ["Symantec Corporation"]
"EPSON Stylus C45 Series" = "C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"" ["SEIKO EPSON CORPORATION"]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup" [MS]
"POINTER" = "C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [MS]
"BigPond Toolbar" = ""C:\Program Files\Telstra\Toolbar\bpumTray.exe"" ["Telstra"]
"THGuard" = ""C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"" ["Mischel Internet Security"]
"LoadQM" = "loadqm.exe" [MS]
"KodakCCS" = "C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"" ["Eastman Kodak Company"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"(Default)" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
"Nisum" = "C:\Program Files\Norton Personal Firewall\NISUM.EXE" ["Symantec Corporation"]
"ccPxySvc" = "C:\PROGRA~1\NORTON~1\CCPXYSVC.EXE" ["Symantec Corporation"]
"SchedulingAgent" = "mstask.exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"NPROTECT" = "C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe" ["Symantec Corporation"]
"CSINJECT.EXE" = "C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE" ["Symantec Corporation"]
"SymTray - Norton SystemWorks" = "C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"" ["Symantec Corporation"]
"KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL" [MS]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL" [MS]
{4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}\(Default) = "ActivateBand Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL" ["Telstra"]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = "EpsonToolBandKicker Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL" ["SEIKO EPSON CORPORATION"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{30424D42-5946-11D2-B8E5-006097C9C6FF}" = "Norton WipeInfo"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ILLUSTRATE\DBPOWERAMP\DBSHELL.DLL" ["$"]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ILLUSTRATE\DBPOWERAMP\DMCSHELL.DLL" ["$"]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: [email protected]"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVCPL.DLL" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL" ["Yahoo! Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\COMMON FILES\KODAK\IFSCORE\KODAKSHX.DLL" ["Eastman Kodak Company"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]
NortonAntivirus\(Default) = "{067DF822-EAB6-11cf-B56E-00A0244D5087}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navshell.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL" ["Yahoo! Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]
NortonAntivirus\(Default) = "{067DF822-EAB6-11cf-B56E-00A0244D5087}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navshell.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"Norton System Doctor" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE /startup" ["Symantec Corporation"]
"CleanSweep Smart Sweep-Internet Sweep" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe" ["Symantec Corporation"]
"Kodak EasyShare software" -> shortcut to: "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Tune-up Application Start" -> launches: "walign" [MS]
"Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]
"Scan for Viruses" -> launches: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE /L" ["Symantec Corporation"]
"Run Norton System Check" -> launches: "C:\Program Files\Norton SystemWorks\Norton Utilities\SYSCHECK.EXE /auto:ip,wp,dp,pm," ["Symantec Corporation"]
"Windows Critical Update Notification" -> launches: "C:\WINDOWS\SYSTEM\WUCRTUPD.EXE" [MS]
"Maintenance-Defragment programs" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:0" [MS]
"Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS]
"Maintenance-Disk cleanup" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "ninemsn" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL" [MS]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]

"{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98}" = "BigPond Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL" ["Telstra"]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL" [MS]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]

"{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98}" = "BigPond Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL" ["Telstra"]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL" ["SEIKO EPSON CORPORATION"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 29 seconds, including 18 seconds for message boxes)

[don77]

Error gone ?
Ad-aware find much? cleanmgr clean out a good bit for you ?

[Baho]

Hi Don
Mainly Alexa objects associated with Internet Explorer.
Cleanmgr did the temp, temp internet and recycle bin.
Still says I need the 823559: Security Update for Microsoft Windows when I check the update site.
I still get the same error message and prevents Internet Explorer from opening.
The error message also comes up when I try to open jpg and gif files?
My only access to the internet is through a shortcut in Control Panel which leads to Microsoft Home and Technical Support. From there I can access here etc. By clicking on some links I get the error messeage and I lock up etc. This closes Norton System works etc.
Get back to me if you think you can still help with this.
In the meantime I am looking around elsewhere for a solution.
I will certainly advise you promptly if I find anything first though to see what you recommend etc.
Do you think I should try to re install Internet Explorer? I have previously Tried to 'Restore Previous Config' and also 'Repair' etc, but to no avail.
Ok Regards
Here from you soon

[Baho]

Also Don
Was looking around and found someone previously had trouble with MSN Toolbar etc with this same problem.

Well since it was not working I tried to uninstall it.......

Unable to remove MSN Toolbar
PPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MTBS.exe
Buffer overrun in Internet Explorer etc.another of the same error

Regards

[don77]

Lets try a couple different things here,

• Please go to Jotti's malware scan
  
• Copy and paste the following file path C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
  into the box on the top of the page:
  
  
• Click on the submit button
  
• Please post the results in your next reply.

Also
Download winpfind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

[Baho]

Ty Don
I'll give it a go!
If you have the full address for these sites where to download etc I would appreciate it. Links dont work. For now I'll search.
regards.

[Baho]

Hi Don,
Here they are
TY


http://virusscan.jotti.org/

Last file scanned at least one scanner reported something about: PcHide1.sys, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet W32/RKPort.B04A-tr
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
UNA X
VBA32 X



WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts


Checking %System% folder...
UPX! 18/05/03 10:53:56 AM 60928 C:\WINDOWS\SYSTEM\HDResources.dll
UPX! 24/03/99 7:00:00 AM 35328 C:\WINDOWS\SYSTEM\ATL.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/09/05 12:43:50 PM RH 1450016 C:\WINDOWS\USER.DAT
13/09/05 12:43:50 PM RH 9912352 C:\WINDOWS\SYSTEM.DAT
13/09/05 11:36:42 AM RH 712736 C:\WINDOWS\HWINFO.DAT
5/09/05 10:08:08 AM H 13122 C:\WINDOWS\folder.htt
5/09/05 10:08:08 AM H 266 C:\WINDOWS\desktop.ini
13/09/05 12:42:24 PM H 1101846 C:\WINDOWS\ShellIconCache
5/09/05 2:18:12 PM H 29038 C:\WINDOWS\ttfCache
11/09/05 9:23:20 PM HS 32 C:\WINDOWS\{20653645-230A-11DA-9081-000FEA5517D8}.dat
5/09/05 10:08:08 AM H 13122 C:\WINDOWS\SYSTEM\folder.htt
5/09/05 10:08:08 AM H 266 C:\WINDOWS\SYSTEM\desktop.ini
11/09/05 9:23:20 PM HS 32 C:\WINDOWS\SYSTEM\{20653644-230A-11DA-9081-000FEA5517D8}.dat
6/09/05 9:42:36 AM H 9793 C:\WINDOWS\HELP\windows.GID
4/09/05 10:35:30 AM H 8628 C:\WINDOWS\HELP\SECAUTH.GID
5/09/05 10:08:10 AM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
5/09/05 10:08:10 AM H 266 C:\WINDOWS\SYSTEM32\desktop.ini
5/09/05 10:08:10 AM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF
5/09/05 10:08:10 AM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
5/09/05 10:08:10 AM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
5/09/05 10:08:10 AM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
5/09/05 10:08:10 AM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
5/09/05 10:08:10 AM H 855 C:\WINDOWS\WEB\webview.css
5/09/05 10:08:10 AM H 14258 C:\WINDOWS\WEB\default.htt
5/09/05 10:08:10 AM H 5403 C:\WINDOWS\WEB\nethood.htt
5/09/05 10:08:10 AM H 8088 C:\WINDOWS\WEB\recycle.htt
5/09/05 10:08:10 AM H 5495 C:\WINDOWS\WEB\schedule.htt
5/09/05 10:08:10 AM H 5521 C:\WINDOWS\WEB\dialup.htt
5/09/05 10:08:10 AM H 44686 C:\WINDOWS\WEB\wvleft.bmp
5/09/05 10:08:10 AM H 840 C:\WINDOWS\WEB\wvline.gif
5/09/05 10:08:10 AM H 10931 C:\WINDOWS\WEB\ftp.htt
7/09/05 7:48:50 AM HS 1422 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
13/09/05 11:13:16 AM H 376 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata00.sqm
18/08/05 8:34:50 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata01.sqm
19/08/05 8:51:50 AM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata02.sqm
19/08/05 8:45:28 PM H 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata03.sqm
19/08/05 8:45:30 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata04.sqm
20/08/05 7:40:32 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata05.sqm
21/08/05 7:52:46 PM H 1300 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata06.sqm
21/08/05 7:52:48 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata07.sqm
22/08/05 8:31:30 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata08.sqm
23/08/05 6:39:18 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata09.sqm
24/08/05 7:21:14 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata10.sqm
24/08/05 7:37:46 PM H 328 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata11.sqm
25/08/05 3:05:16 PM H 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata12.sqm
25/08/05 9:02:36 PM H 1084 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata13.sqm
25/08/05 9:02:38 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata14.sqm
26/08/05 7:58:22 AM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata15.sqm
26/08/05 5:19:06 PM H 484 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata16.sqm
26/08/05 9:36:52 PM H 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata17.sqm
27/08/05 12:00:42 PM H 340 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata18.sqm
27/08/05 6:39:30 PM H 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3545699001\sqmdata19.sqm
6/09/05 9:38:08 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/09/05 12:54:38 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
12/09/05 10:13:34 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
12/09/05 10:17:02 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\W1UVKPIN\desktop.ini
12/09/05 10:17:14 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\FUSB3P09\desktop.ini
12/09/05 10:22:40 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\C73R60TP\desktop.ini
12/09/05 10:22:56 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\2HLIBAXS\desktop.ini
12/09/05 10:29:58 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\K6EGS30B\desktop.ini
12/09/05 10:46:12 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\66K3VE6P\desktop.ini
12/09/05 11:09:44 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\IR2FGDKP\desktop.ini
12/09/05 11:10:18 AM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\H84BA083\desktop.ini
13/09/05 8:03:30 AM H 6 C:\WINDOWS\Tasks\SA.DAT
12/09/05 3:02:36 PM RHS 227 C:\WINDOWS\assembly\Desktop.ini
6/09/05 9:38:12 AM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini

Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 7952 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 30/10/01 5:40:00 PM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
C-Media Corporation 11/12/03 3:44:36 PM 2453504 C:\WINDOWS\SYSTEM\CMICNFG.CPL
Microsoft Corporation 10/02/99 10:18:48 PM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
NVIDIA Corporation 12/07/04 4:50:00 PM 73728 C:\WINDOWS\SYSTEM\nvtuicpl.cpl
Apple Computer, Inc. 11/04/01 12:22:06 PM 287232 C:\WINDOWS\SYSTEM\QuickTime.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
8/08/05 7:38:24 PM 542 C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk
8/08/05 7:38:24 PM 536 C:\WINDOWS\Start Menu\Programs\StartUp\Norton System Doctor.lnk

Checking files in %USERPROFILE%\Application Data folder...
5/09/05 3:57:42 PM 4962 C:\WINDOWS\Application Data\dw.log

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\navshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\navshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}
ActivateBand Class = C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
EpsonToolBandKicker Class = C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = ninemsn : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} = BigPond Toolbar : C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = ninemsn : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} = BigPond Toolbar : C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
Norton eMail Protect C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE
NAV DefAlert C:\PROGRA~1\NORTON~2\NORTON~2\DEFALERT.EXE
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
NvMediaCenter RunDLL32.exe NvMCTray.dll,NvTaskbarInit
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SpeedTouch USB Diagnostics "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
TaskMonitor C:\WINDOWS\taskmon.exe
nwiz nwiz.exe /install
NPROTECT C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
Norton Auto-Protect C:\PROGRA~1\NORTON~2\NORTON~2\NAVAPW32.EXE /LOADQUIET
QD FastAndSafe C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
EPSON Stylus C45 Series C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
SystemTray SysTray.Exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
POINTER C:\Program Files\Microsoft Hardware\Mouse\point32.exe
BigPond Toolbar "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
THGuard "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
ccEvtMgr "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Nisum C:\Program Files\Norton Personal Firewall\NISUM.EXE
ccPxySvc C:\PROGRA~1\NORTON~1\CCPXYSVC.EXE
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
NPROTECT C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
CSINJECT.EXE C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
SymTray - Norton SystemWorks C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Taskbar Display Controls RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
msnmsgr "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98/ME KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs APITRAP.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/09/05 12:47:32 PM

[Baho]

HI Don,

Guess what!
I never posted anywhere else or anything but it seems to be fixed now!
What I did do for information was 'disable third party browsing' from Internet Explorer. Doesn't solve the problem, but enables access. Whomever the third party is!
This so far allows me to access the internet fully. I hope!

I am still having trouble with MSN Toolbar which, alas, I am tending to beleive was the whole cause!

I found this on another web site, due to a similar problem.


http://forums.neopla...=buffer overrun

'quote'

I've done a bit of searching around and found a couple of
instances where the MSN toolbar was removed and this seemed to solve the problem.
I don't know if it will in your case though... but you can try it if you wish.

To remove the toolbar fix these entries using hijackthis

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL

Fix these whilst you are at it... nothing much to worry about

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
'end quote'

Thats not my log!

Is there anything you can recommend with my own HJT log to delete etc?
I cant get rid of either MSN messenger or the toolbar etc due to numerous problems. I really want to get these removed and re install. Apparantely Messenger installs without deleting the previous copy and the toolbar comes auto with it now.
If you can still help I would appreciate it as these are only my un-trained assumptions.

If you have any solutions still I appreciate them, but if it belongs now in another forum, please recommend? Theres no hurry as it seems to be working ok now.


Regards
I really do appreciate your time and effort in this.

[Baho]

Uh! Oh!
I have been researching BHO'S!
Nasty litle things!
Not only do I want to get rid of the ones I dont really need but to delete the programs completely(select)!

Everything seems to still be working fine(after 2 hours) except MSN toolbaretc which doesn't show up.

regards

[don77]

Hi there,
I have to run out shortly but go to Add/Remove programs and see if you can remove MSN messenger from there,
Restart your computer and post back a fresh HJT log for me please

[Baho]

I cant remove MSN messenger. Toolbar is a part of it
I remove V7.00 but 6.2 listed and v7.00 still runs
File not found when un in stall messenger
C:\WINDOWS\TEMP\IXP001.TMP\C:\WINDOWS\TEMP\IXP001.TMP\
Its disapeared. ie Temp files deleted


Unable to remove MSN Toolbar
PPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MTBS.exe
Buffer overrun in Internet Explorer etc
That file is there is but no access


Tell me? Will removing BHO's from HJT remove and uninstall the program completely?

Will an Orphan registry check be good?

regards
ps I have to run out a bit as well .........I owe .........I owe ........I owe ........and its off to work I must go........and it isn't even xmas.