Here is the result of the 2nd scan- the first time I didn't have the updates, or configured to do a total scan. I am not sure I have it configured right yet or not- nothing reported about the wink or web.exe?
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Saturday, February 25, 2006 4:00:30 PM
* VPS: 0608-1, 02/23/2006
*
c:\WINDOWS\SYSTEM\WBEM\Repository\CIM.REP [L] Voices-1500 (0)
File was successfully moved to chest...
Infected files: 1
Total files: 125419
Total folders: 2629
Total size: 3.1 GB
*
* Task stopped: Saturday, February 25, 2006 9:52:12 PM
* Run-time was 5 hour(s), 51 minute(s), 42 second(s)
*
Full Version: windows 95 laptop
just when you thought it was safe to go in the water...-ran this scan all day, thought things were OK. deleted the wink and web.exe, computer went crazy and shut down, just tried the web (with the virus scanner running) and voila! the wink came back with a vengence- 4 windows open, ads, popping out, as soon as you end one another starts. I HAVE HAD IT> ready to throw in the towel. anyway, just sent the wink to jotti and here are the results:Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan:
Service
Service load: 0% 100%
File: Wink.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 5321f5b488dd943e43531d06e7c16a31
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/Agent.P adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.KQI
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Agent.p
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found AdWare.Win32.Agent.p
Powered by
here is the hijack:Logfile of HijackThis v1.99.1
Scan saved at 1:49:47 AM, on 02/26/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
GRRRRRR
File to upload & scan:
Service
Service load: 0% 100%
File: Wink.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 5321f5b488dd943e43531d06e7c16a31
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/Agent.P adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.KQI
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Agent.p
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found AdWare.Win32.Agent.p
Powered by
here is the hijack:Logfile of HijackThis v1.99.1
Scan saved at 1:49:47 AM, on 02/26/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
GRRRRRR
Did you drop to msdos mode and follow my directions?
This is puzzling. If you only hve 2 gigs space on the drive then why does the report say you have 3.1 Gigs? Do you have another partition on the drive?
Total files: 125419
Total folders: 2629
Total size: 3.1 GB
This is puzzling. If you only hve 2 gigs space on the drive then why does the report say you have 3.1 Gigs? Do you have another partition on the drive?
Total files: 125419
Total folders: 2629
Total size: 3.1 GB
I saw that too- the 3.1? I really don't know- I tgought maybe that since I re-configured the scan, that it scanned some file twice? I don't know- but there are some weird dates on some of the stuff on the computer- some things are dated wrong- 1957, 2057, weird stuff. Tried to download adaware even thogu it doesn't mention win 95, but it is missing WS2_32.DLL, and cool shredder too. I will try safe mode again- is that what you mean by MSDOS? couldn't get in before- it ran scan disc and then said it had to change something and do an undo file or something and I was afraid the wink was taking over something. should I say yes if that happens? If the computer blows up at this point, it is unusable anyway..
No. MsDos is not safe mode.
It is something totally different.
When you go to shutdown the computer, there should be an option to restart in Ms-DOS mode.
So far as weird dates, either that is a problem with the lack of the update for the year 2000. Remember that Millenium bug everyone worried about? or something strange is going on.
Disk space is set in stone. In My computer, how many drives are listed please, and what are the letters you see.
It is something totally different.
When you go to shutdown the computer, there should be an option to restart in Ms-DOS mode.
So far as weird dates, either that is a problem with the lack of the update for the year 2000. Remember that Millenium bug everyone worried about? or something strange is going on.
Disk space is set in stone. In My computer, how many drives are listed please, and what are the letters you see.
If I thought you had a proper installer and all the drivers you needed, I would suggest both an fdisk and format and reinstall. But you don't.
there is a y2k file somewhere that I saw. Will try the MSDOS.
OK. y2k is the millenium bug fix.
I did what you said- here is the latest hijack, and at the bottom I put a file that is dated 08/25/1957- it is in my C:\Program Files\WindowsUpdate, called temp.inf . The wink folder is gone,but the wsetup.exe in the C drive which always sits next to the web.exe is still there.
Logfile of HijackThis v1.99.1
Scan saved at 12:20:17 PM, on 02/26/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
temp.inf file dated 08/25/1957
[Version]
Signature="$Chicago$"
AdvancedINF=2.5
[DestinationDirs]
WUSysDirCopy=11
[InstallControl]
CopyFiles=WUSysDirCopy
RegisterOCXs=WURegisterOCXSection
[WUSysDirCopy]
inseng.dll,,,32
[WURegisterOCXSection]
%11%\inseng.dll
[SourceDisksNames]
55="Disk",,0
[SourceDisksFiles]
inseng.dll=55
Logfile of HijackThis v1.99.1
Scan saved at 12:20:17 PM, on 02/26/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
temp.inf file dated 08/25/1957
[Version]
Signature="$Chicago$"
AdvancedINF=2.5
[DestinationDirs]
WUSysDirCopy=11
[InstallControl]
CopyFiles=WUSysDirCopy
RegisterOCXs=WURegisterOCXSection
[WUSysDirCopy]
inseng.dll,,,32
[WURegisterOCXSection]
%11%\inseng.dll
[SourceDisksNames]
55="Disk",,0
[SourceDisksFiles]
inseng.dll=55
C,D, and A drives listed. Here is the wuhistv.3 log I found>
V3_2|4315|INSTALL|Windows Share Level Password Update|4,0,0,950|2057-08-25 22:41:12|1|SUCCESS|||
V3_2|3595|INSTALL|Security Update, March 17, 2000|1,0,0,0|2057-08-25 22:41:34|1|SUCCESS|||
V3_2|3344|INSTALL|Security Update 2, November 29, 1999|4,0,0,950|2057-08-25 22:41:48|1|SUCCESS|||
V3_2|3305|INSTALL|Security Update, November 12, 1999 |4,0,0,1212|2057-08-25 22:41:55|1|SUCCESS|||
V3_2|4500|INSTALL|Security Update, April 2, 2001|1,0,2195,0|2057-08-25 22:42:02|1|SUCCESS|||
V3_2|3445|INSTALL|Microsoft Internet Explorer High Encryption Pack|4,0,0,87|2006-02-13 16:36:42|1|SUCCESS|||
V3_2|4315|INSTALL|Windows Share Level Password Update|4,0,0,950|2057-08-25 22:41:12|1|SUCCESS|||
V3_2|3595|INSTALL|Security Update, March 17, 2000|1,0,0,0|2057-08-25 22:41:34|1|SUCCESS|||
V3_2|3344|INSTALL|Security Update 2, November 29, 1999|4,0,0,950|2057-08-25 22:41:48|1|SUCCESS|||
V3_2|3305|INSTALL|Security Update, November 12, 1999 |4,0,0,1212|2057-08-25 22:41:55|1|SUCCESS|||
V3_2|4500|INSTALL|Security Update, April 2, 2001|1,0,2195,0|2057-08-25 22:42:02|1|SUCCESS|||
V3_2|3445|INSTALL|Microsoft Internet Explorer High Encryption Pack|4,0,0,87|2006-02-13 16:36:42|1|SUCCESS|||
temp.inf is ok. That's a Windows update file install.
The other is are ok too. wuhistv.3 log That's all to do with Windows Update as well.
Windows update history log.
------------
Wsetup could be anything. This was a work computer? It may be a setup for workstation.
Right click on that file and then click properties on the menu.
If it has a versiun tab, then click that and see if you can get the manufacturer and original file name.
A is floppy. C is the hard drive. D should be the CD drive. Does the icon for D: show as the CD drive?
Can you take it out on the net and see if the problem is still there please?
The other is are ok too. wuhistv.3 log That's all to do with Windows Update as well.
Windows update history log.
------------
Wsetup could be anything. This was a work computer? It may be a setup for workstation.
Right click on that file and then click properties on the menu.
If it has a versiun tab, then click that and see if you can get the manufacturer and original file name.
QUOTE
C,D, and A drives listed.
A is floppy. C is the hard drive. D should be the CD drive. Does the icon for D: show as the CD drive?
Can you take it out on the net and see if the problem is still there please?
it's going beserk-here is the hijack before I lose the internet:StartupList report, 02/26/06, 1:42:56 PM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
wink.lnk = C:\Program Files\Wink\Wink.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 25/2/2006, 12:40:40)
[rename]
nul=C:\PROGRA~1\ALWILS~1\AVAST4\SETUP\REBOOT.TXT
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB
--------------------------------------------------
C:\WINDOWS\WINSTART.BAT listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
*File not found*
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
*No BHO's found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab
[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
--------------------------------------------------
Enumerating Winsock LSP files:
--------------------------------------------------
Enumerating Win9x VxD services:
IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 16,000 bytes
Report generated in 1.190 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
wink.lnk = C:\Program Files\Wink\Wink.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 25/2/2006, 12:40:40)
[rename]
nul=C:\PROGRA~1\ALWILS~1\AVAST4\SETUP\REBOOT.TXT
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB
--------------------------------------------------
C:\WINDOWS\WINSTART.BAT listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
*File not found*
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
*No BHO's found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab
[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
--------------------------------------------------
Enumerating Winsock LSP files:
--------------------------------------------------
Enumerating Win9x VxD services:
IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 16,000 bytes
Report generated in 1.190 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
yes, D is the cd drive.
wsetup.exe 253 KB Application
MSDOS name WSETUP.EXE created Feb. 26,2006 1:40 PM archive button is checked- no tab to check name. Web.exe is back with same date and time as wsetup.exe, as is Wink.exe, and uninstall file and a file for uninstall info with a gear on the icon- when you uninstall it- it typically sets up the web.exe, so there is not point in that- have tried it many times. can't even use the internet without it going crazy- am on my husbands computer. I guess it is hopeless- I guess I have wasted your time. Thanks, I'm really sorry. I guess I will have :sorry: to take it out of use.
wsetup.exe 253 KB Application
MSDOS name WSETUP.EXE created Feb. 26,2006 1:40 PM archive button is checked- no tab to check name. Web.exe is back with same date and time as wsetup.exe, as is Wink.exe, and uninstall file and a file for uninstall info with a gear on the icon- when you uninstall it- it typically sets up the web.exe, so there is not point in that- have tried it many times. can't even use the internet without it going crazy- am on my husbands computer. I guess it is hopeless- I guess I have wasted your time. Thanks, I'm really sorry. I guess I will have :sorry: to take it out of use.
QUOTE
when you uninstall it- it typically sets up the web.exe, so there is not point in that- have tried it many times.
You didn't tell me that. May I have copies of all those files please?
how do I do that?
Create anew folder. then make copies of all the files in question, the uninstaller. the setup web.exe and wink.exe And put those copies into that new folder.
Then zip that new folder please.
Email that new folder to me as an attchment. Include your name inthe subject so I know it is from you.
Katie_3232AThotmail.com
Replce the AT with an @ so the email will work.
I'll get to this as soon as I can. I have a lot of requests to read today.
At any rate, if you have been running an uninstaller which resintalls, that would be a large part of the problem. I saw no reinstaller in your logs and had no idea of what else might be responsible for its coming back.
Then zip that new folder please.
Email that new folder to me as an attchment. Include your name inthe subject so I know it is from you.
Katie_3232AThotmail.com
Replce the AT with an @ so the email will work.
I'll get to this as soon as I can. I have a lot of requests to read today.
At any rate, if you have been running an uninstaller which resintalls, that would be a large part of the problem. I saw no reinstaller in your logs and had no idea of what else might be responsible for its coming back.
OK, I will try this. Take your time. Thanks
Files were sent.
Thanks.
Thanks.
I have had a look and also read your email. I'll try to help.
First please Download WinPFind here:
http://www.bleepingcomputer.com/files/winpfind.php
Read and follow the instructions on the page to download and then run WinPFind and post the results please. But run it in Safe Mode if you can.
------------------
Extract the contents to a convenient folder.
Double click in WinPFind.exe to run it.
Click "Start Scan"
This is going to take considerable time.
Once the Scan has finished it will generate a text file named WinPFind.txt in the WinPFind folder. Post the contents of WinPFind.txt into your next reply here too.
After you have finished with Pfind, then please continue with this next part.
Would you create a new zip file and password protect it please? Create a new folder and Add a copy of C:\web.exe to it and also a copy of
C:\program files\internet explorer\iexplore.exe
Norton stopped web.exe from getting to me. If youpasswrod protect the zip, it may gert through.
Attach the zipped and passworded folder to an email to me.
Then go ahead and follow the earlier instructions again to run that batch file in Ms-Dos mode. Do not run anything else. Start IE and see if you still have the problems.
First please Download WinPFind here:
http://www.bleepingcomputer.com/files/winpfind.php
Read and follow the instructions on the page to download and then run WinPFind and post the results please. But run it in Safe Mode if you can.
------------------
Extract the contents to a convenient folder.
Double click in WinPFind.exe to run it.
Click "Start Scan"
This is going to take considerable time.
Once the Scan has finished it will generate a text file named WinPFind.txt in the WinPFind folder. Post the contents of WinPFind.txt into your next reply here too.
After you have finished with Pfind, then please continue with this next part.
Would you create a new zip file and password protect it please? Create a new folder and Add a copy of C:\web.exe to it and also a copy of
C:\program files\internet explorer\iexplore.exe
Norton stopped web.exe from getting to me. If youpasswrod protect the zip, it may gert through.
Attach the zipped and passworded folder to an email to me.
Then go ahead and follow the earlier instructions again to run that batch file in Ms-Dos mode. Do not run anything else. Start IE and see if you still have the problems.
OK, I will try all that you posted- I got it into safe mode last night and started the avast scanner around 1AM. It is still scanning- don't know why it is taking so long, but will stop it. I wanted to see if it still showed 3 G- could I be sending out things elsewhere that it is scanning that I don't know about? My husband verified that it is 2 G. This computer really has gotten very light use,(it was almost new when he got it) and I have been using it for several years without any problems till now. I have only a few picture files of my cats, and a few other data files from a few years ago that I put on there when we were having problems with the other computer. And my e-mail files. It isn't even connected to a printer. My husband said he has a friend that may be able to reload the system with Win 98 if we can't get it working. I was looking at at a lot of the files last nite and there is a file under cab that is really huge- it is called wowkit.exe. It is over 19,000. Is that an OK file? I didn't quite figure out what was going on when I first did the uninstall wink till I saw that web.exe later on. I only see that file if I click on"C " from my computer. Under the explore C it doesn't show anywhere. It is not in a folder, just on the "C"window under the other stuff at the end. And the virus scanner always says that the "D" drive is locked by another utility. Sometimes it works to play a cd and sometimes it doesnt? And it opens by itself.
Thanks.
Thanks.
D drive locked by another utility? Is that the entire message you get? CD drive door opening on its own is not good Either some infection is doing that or your drive is sick. You have a lot of leftovers from the previous owner.
You have entries in your path statement in autoexec.bat which are leftovers. There are probably a lot of files which are leftovers too.
As I told you earlier, loading Windows fresh is not the issue alone. It is finding the right drivers for your devices, like sound and video etc. You would have to get the right drivers for any device which is not installed correctly after you install the new Windows Version. I cannot guarantee that you'll have an easy time doing that.
2 gigs is not much room for windows. I don't know how much RAM you have, but just 32 is a reach for 98. There are so many issues. Which Windows98 version? First Edition or Second?
You have entries in your path statement in autoexec.bat which are leftovers. There are probably a lot of files which are leftovers too.
As I told you earlier, loading Windows fresh is not the issue alone. It is finding the right drivers for your devices, like sound and video etc. You would have to get the right drivers for any device which is not installed correctly after you install the new Windows Version. I cannot guarantee that you'll have an easy time doing that.
2 gigs is not much room for windows. I don't know how much RAM you have, but just 32 is a reach for 98. There are so many issues. Which Windows98 version? First Edition or Second?
A clean start would be Great! But before you jump, you have to research and plan. Once you wipe that drive, you can't go back.
Here is the winpfind file scan. There are some files on my computer with false dates (1957, 2057), so don't know if it found all new files in the last 60 days - I think that is part of this craziness going on:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 95 Version: 4.00.1111
Internet Explorer Version: 5.00.2919.6307
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\lmhosts
Checking %System% folder...
PTech 11/09/99 3:55:54 PM 88571 C:\WINDOWS\SYSTEM\MDACRDME.HTM
UPX! 01/27/06 5:38:10 PM 503296 C:\WINDOWS\SYSTEM\aswBoot.exe
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02/27/06 3:42:48 PM RHS 6163472 C:\WINDOWS\SYSTEM.DAT
02/27/06 3:41:56 PM RHS 807304 C:\WINDOWS\USER.DA0
02/27/06 3:42:06 PM RHS 6163472 C:\WINDOWS\SYSTEM.DA0
02/27/06 3:43:08 PM RHS 807304 C:\WINDOWS\USER.DAT
02/27/06 3:10:32 PM H 15783 C:\WINDOWS\ttfCache
02/27/06 3:37:28 PM H 193653 C:\WINDOWS\ShellIconCache
02/26/06 6:55:16 PM H 255645 C:\WINDOWS\HELP\windows.GID
02/22/06 4:37:32 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
02/19/06 11:54:54 AM HS 1420 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
Checking for CPL files...
Microsoft Corporation 08/24/96 11:11:10 AM 57344 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 01/29/99 2:34:28 PM 12816 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 48640 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 67072 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 260480 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 52080 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 193024 C:\WINDOWS\SYSTEM\MMSYS.CPL
Symantec Corporation 07/25/98 12:57:48 PM 151040 C:\WINDOWS\SYSTEM\S32LUCP1.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 63488 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 5312 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 37376 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 11/05/99 262864 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 7168 C:\WINDOWS\SYSTEM\INFRARED.CPL
Microsoft Corporation 08/08/99 5:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 10/29/97 53520 C:\WINDOWS\SYSTEM\MLCFG32.CPL
Microsoft Corporation 02/19/99 10:55:00 AM 48640 C:\WINDOWS\SYSTEM\timedate.cpl
Microsoft Corporation 02/10/99 6:48:48 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
FotoNation inc. 03/26/98 2:01:34 PM 27136 C:\WINDOWS\SYSTEM\camcpl.cpl
Microsoft Corporation 10/14/97 5:23:00 PM 229888 C:\WINDOWS\SYSTEM\JOY.CPL
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
11/11/05 9:36:56 AM 544 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
Checking files in %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Microsoft SearchBand = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
Essdc essdc.exe
LoadQM loadqm.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
avast! C:\Program Files\Alwil Software\Avast4\ashServ.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
DisablePwdCaching 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktop 1
NoActiveDesktopChanges 0
NoInternetIcon 0
NoNetHood 0
NoDesktop 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoClosingComponents 0
NoHTMLWallPaper 0
NoChangingWallPaper 0
NoCloseDragDropBands 0
NoMovingBands 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 02/27/06 4:02:37 PM
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 95 Version: 4.00.1111
Internet Explorer Version: 5.00.2919.6307
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\lmhosts
Checking %System% folder...
PTech 11/09/99 3:55:54 PM 88571 C:\WINDOWS\SYSTEM\MDACRDME.HTM
UPX! 01/27/06 5:38:10 PM 503296 C:\WINDOWS\SYSTEM\aswBoot.exe
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02/27/06 3:42:48 PM RHS 6163472 C:\WINDOWS\SYSTEM.DAT
02/27/06 3:41:56 PM RHS 807304 C:\WINDOWS\USER.DA0
02/27/06 3:42:06 PM RHS 6163472 C:\WINDOWS\SYSTEM.DA0
02/27/06 3:43:08 PM RHS 807304 C:\WINDOWS\USER.DAT
02/27/06 3:10:32 PM H 15783 C:\WINDOWS\ttfCache
02/27/06 3:37:28 PM H 193653 C:\WINDOWS\ShellIconCache
02/26/06 6:55:16 PM H 255645 C:\WINDOWS\HELP\windows.GID
02/22/06 4:37:32 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
02/19/06 11:54:54 AM HS 1420 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
Checking for CPL files...
Microsoft Corporation 08/24/96 11:11:10 AM 57344 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 01/29/99 2:34:28 PM 12816 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 48640 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 67072 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 260480 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 52080 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 193024 C:\WINDOWS\SYSTEM\MMSYS.CPL
Symantec Corporation 07/25/98 12:57:48 PM 151040 C:\WINDOWS\SYSTEM\S32LUCP1.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 63488 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 5312 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 37376 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 11/05/99 262864 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 08/24/96 11:11:10 AM 7168 C:\WINDOWS\SYSTEM\INFRARED.CPL
Microsoft Corporation 08/08/99 5:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 10/29/97 53520 C:\WINDOWS\SYSTEM\MLCFG32.CPL
Microsoft Corporation 02/19/99 10:55:00 AM 48640 C:\WINDOWS\SYSTEM\timedate.cpl
Microsoft Corporation 02/10/99 6:48:48 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
FotoNation inc. 03/26/98 2:01:34 PM 27136 C:\WINDOWS\SYSTEM\camcpl.cpl
Microsoft Corporation 10/14/97 5:23:00 PM 229888 C:\WINDOWS\SYSTEM\JOY.CPL
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
11/11/05 9:36:56 AM 544 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
Checking files in %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Microsoft SearchBand = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
Essdc essdc.exe
LoadQM loadqm.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
avast! C:\Program Files\Alwil Software\Avast4\ashServ.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
DisablePwdCaching 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktop 1
NoActiveDesktopChanges 0
NoInternetIcon 0
NoNetHood 0
NoDesktop 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoClosingComponents 0
NoHTMLWallPaper 0
NoChangingWallPaper 0
NoCloseDragDropBands 0
NoMovingBands 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 02/27/06 4:02:37 PM
Hi sheepy22,
Mosaic1 has stopped working these forums, but said that she would handle your topic. As far as I know she cannot answer you anymore, since she's a member (board policies).
So if Mosaic1 still wants to help you, she can PM me, and I'll transfer the posts to here. Otherwise I will take your topic, and try to get your system back into shape. Be advised that just like Mosaic1 I haven't dealt with a Windows 95-system in ages. I do have the means to setup a computer running that though, so I could do that and see if we can get a grip on your situation...
First of all I would need the current state of things in your system. Is that wink thing still going on? Are there other problems? Anything?
Thanks,
BF.
Mosaic1 has stopped working these forums, but said that she would handle your topic. As far as I know she cannot answer you anymore, since she's a member (board policies).
So if Mosaic1 still wants to help you, she can PM me, and I'll transfer the posts to here. Otherwise I will take your topic, and try to get your system back into shape. Be advised that just like Mosaic1 I haven't dealt with a Windows 95-system in ages. I do have the means to setup a computer running that though, so I could do that and see if we can get a grip on your situation...
First of all I would need the current state of things in your system. Is that wink thing still going on? Are there other problems? Anything?
Thanks,
BF.
The current state right now, keeping my fingers crossed is good. I did all that Mosaic told me to do, and also deleted the wink.exe, and web.exe and setup and uninstalls. I also downloaded the Trojan remover that works for win 95 (I found the link here at the gladiator site), and ran that and it didn't find anything. I still have weird date entries- some of the files seem to be corrupted with dates of 08/25/57. And weirdly today when I veiw My Computer files and programs and if I do an explore and view the programs and files, a lot of programs and files are now listed in capital letters that were not before- some are in lower case? Anyway, things are better, and the wink is nowhere to be seen at the moment (but it came back before and everything looked good). I am keeping my internet tools at a prompt of all active x, and pretty much saying no to any, even signed ones. I did download a new version of adobe acrobat this morning, as my other version was outdated. So far so good at the moment. I thank everyone for everything- I thought this computer was out the window. Here is the latest hijack:StartupList report, 03/02/06, 1:11:17 PM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\TROJAN REMOVER\YAGB233.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
TrojanScanner = C:\Program Files\Trojan Remover\Trjscan.exe
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 25/2/2006, 12:40:40)
[rename]
nul=C:\PROGRA~1\ALWILS~1\AVAST4\SETUP\REBOOT.TXT
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB
--------------------------------------------------
C:\WINDOWS\WINSTART.BAT listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
*File not found*
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab
[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
--------------------------------------------------
Enumerating Winsock LSP files:
--------------------------------------------------
Enumerating Win9x VxD services:
IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 16,223 bytes
Report generated in 1.459 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\TROJAN REMOVER\YAGB233.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
TrojanScanner = C:\Program Files\Trojan Remover\Trjscan.exe
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 25/2/2006, 12:40:40)
[rename]
nul=C:\PROGRA~1\ALWILS~1\AVAST4\SETUP\REBOOT.TXT
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB
--------------------------------------------------
C:\WINDOWS\WINSTART.BAT listing:
*File not found*
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
*File not found*
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab
[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
--------------------------------------------------
Enumerating Winsock LSP files:
--------------------------------------------------
Enumerating Win9x VxD services:
IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 16,223 bytes
Report generated in 1.459 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Hi sheepy22,
Good luck, and I'll see you later here.
QUOTE
The current state right now, keeping my fingers crossed is good.
Good! Then Mo did a smashing job! :dance: I heard from her as well, and she told me that she referred you to CTH for the OS problems. I think that the weird dates stem from that. Most of the files in Windows 95 and Windows 98 are in upper case, that's because the Operating System inherited that from MS-DOS the predecessor of Windows 95. There should be a way to get them to display in the case you like, but that can also be a problem with the OS. I don't see anything realy bad in your log, only some cleanup work, so I suggest that you follow through on what Mo told you, and when the system is back in order you get back to tackle the last few hurdles.Good luck, and I'll see you later here.
Thanks, I did sign up on the other site I was referred to, but at this point, will leave well enough alone, unless I have another occurance. 
Thanks again for everything. Mosaic saved me a lot of money, and the plus is that I now have an av on the system that seems to be functioning.
Thanks again for everything. Mosaic saved me a lot of money, and the plus is that I now have an av on the system that seems to be functioning.
Of course that's up to you, but there's still the problem of the weird dates and other things dealing with the Operating System. If I were you I would go to the site she referred you to.
Good luck,
BF.
Good luck,
BF.
If you think it's a problem, then I will. I just needed to take a break from it. I have a few other weird things on there I'd like to ask them about. Also before I go, should I delete the hijack backups that contain the wink files? They show up as a program icon in the backup files and they are larger then the other ones? I am kind of afraid to touch them for fear they will reload. Thanks.
I wouldn't delete it unless everything is completely done. It might be that the reason for the problems is still in the backups, and then it can be restored.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.