Jump to content


Photo

illegal opperation when I click links


  • Please log in to reply
7 replies to this topic

#1 feever

feever

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 May 2004 - 12:18 PM

Please view my startup list and hijack log for anything that shouldn't (or should!) be there. There are a few entries that I'm not familiar with.

The problem I'm having is IE crashes when I try to follow certain links on the web. It "seems" to be only some javascripts or some sumbmit buttons within forms. VERY frustrating! I can no longer bank online or even post to this forum with IE. (I'm using FireFox temporarily).

Also, (related?) when I shut down there is often a program that is waiting to close or causes an error called "route". Does anyone know of a program with this name?

Please help.

Below are my startup list and hijack this log:



StartupList report, 24/05/04, 1:12:30 PM
StartupList version: 1.52
Started from : C:\MARKS TEMP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\FIREFOX.EXE
C:\MARKS TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
CountrySelection = pctptt.exe
$EnterNet = C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart
Creative Launcher = C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A
FCAUEOS = C:\WINDOWS\FCAUEOS.exe
PTSNOOP = ptsnoop.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

McAfeeVirusScanService = C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
SchedulingAgent = mstask.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 24/5/2004, 11:2:4)

[Rename]
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLA.DLL
C:\WINDOWS\SYSTEM\MSXMLR.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLR.DLL
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML.DLL
C:\WINDOWS\SYSTEM\MSXML3R.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3R.DLL
C:\WINDOWS\SYSTEM\MSXML3A.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3A.DLL
C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PLUGIN.OCX
C:\WINDOWS\SYSTEM\MSRATELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATELC.DLL
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\MSCRLREV.DLL
C:\WINDOWS\SYSTEM\MSCRLREV.DLL=C:\WINDOWS\SYSTEM\SET2022.TMP
NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SET2031.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SET2042.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET2043.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe C:\
IF ERRORLEVEL 1 PAUSE
C:\VIAUDIO\VIAUDIO.COM
SET BLASTER=A220 I5 D0 P300
PATH C:\BITWARE\

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Lexico Toolbar - C:\WINDOWS\DOWNLOADED PROGRAM FILES\LEXBAR.DLL (file missing) - {11359F4A-B191-42d7-905A-594F8CF0387B}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,053 bytes
Report generated in 0.114 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only





Logfile of HijackThis v1.97.7
Scan saved at 1:12:20 PM, on 24/05/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\FIREFOX.EXE
C:\MARKS TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\LEXBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\LEXBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [FCAUEOS] C:\WINDOWS\FCAUEOS.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab



Thank You!!!

Edited by feever, 24 May 2004 - 12:21 PM.


#2 feever

feever

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 May 2004 - 03:50 PM

still need help please...

#3 feever

feever

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 May 2004 - 07:41 PM

can anyone help me?

#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 24 May 2004 - 09:14 PM

Hi,
1) Restart in Safe Mode (see "How To:" below)
2) Enable Hidden Files (see "How To:" below)

Locate and delete the following:

C:\WINDOWS\FCAUEOS.exe <--this file

While still in Safe Mode:
Close all open windows, rescan with HijackThis and "Fix checked" the following:

O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\LEXBAR.DLL (file missing)
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\LEXBAR.DLL (file missing)
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [FCAUEOS] C:\WINDOWS\FCAUEOS.exe
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm


Restart normally and see how your browser (IE) acts ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#5 feever

feever

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 May 2004 - 10:22 PM

Thanks for responding!

I tried what you mentioned. I still seem to have the same problems. Here are my latest logs (ie after doing what you said):



StartupList report, 24/05/04, 11:18:57 PM
StartupList version: 1.52
Started from : C:\MARKS TEMP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
D:\FIREFOX.EXE
C:\MARKS TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
CountrySelection = pctptt.exe
$EnterNet = C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart
Creative Launcher = C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
PTSNOOP = ptsnoop.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

McAfeeVirusScanService = C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
SchedulingAgent = mstask.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 24/5/2004, 11:2:4)

[Rename]
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLA.DLL
C:\WINDOWS\SYSTEM\MSXMLR.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLR.DLL
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML.DLL
C:\WINDOWS\SYSTEM\MSXML3R.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3R.DLL
C:\WINDOWS\SYSTEM\MSXML3A.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3A.DLL
C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PLUGIN.OCX
C:\WINDOWS\SYSTEM\MSRATELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATELC.DLL
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\MSCRLREV.DLL
C:\WINDOWS\SYSTEM\MSCRLREV.DLL=C:\WINDOWS\SYSTEM\SET2022.TMP
NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SET2031.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SET2042.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET2043.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe C:\
IF ERRORLEVEL 1 PAUSE
C:\VIAUDIO\VIAUDIO.COM
SET BLASTER=A220 I5 D0 P300
PATH C:\BITWARE\

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,820 bytes
Report generated in 0.110 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




Logfile of HijackThis v1.97.7
Scan saved at 11:18:50 PM, on 24/05/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
D:\FIREFOX.EXE
C:\MARKS TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab



Any other possible causes?

(Also: I did reinstall IE6 and it made no difference at all)

GRRR!

#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 May 2004 - 02:31 AM

Hi,
Your log is clean now ... good job!

often a program that is waiting to close or causes an error called "route".

1) Do you still get this error?
2) Does IE still "crash"? If so what error message is generated?
3) Have you run Scandisk, Defrag, etc. lately?

Also try deleting your browser cache ...


Restart in Ms-Dos Mode
From C:\> (type and press Enter after each command)

cd\windows
smartdrv
deltree tempor~1
deltree history
deltree temp


Restart (Ctrl-Alt-Del)
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#7 feever

feever

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 05:48 PM

Thanks for keeping up with this....

1. I haven't noticed to "route" program waiting at shut-down lately (however even before it didn't happen every time)

2. YES! IE still crashes every time I click on certain links. AAHHHH!

3. Yes. I have run both scan disk and defrag.

I have also cleaned out my cache and temp files (I do so regularly). However I will try doing it from DOS like you suggest.

Here is what the window looks like that pops up when IE crashes:
http://www3.sympatic.../screenshot.jpg

#8 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 May 2004 - 07:04 PM

Hi,
In most cases the "<unknown>" errors are usually caused by 3rd party apps running in the background.

Try trimming down any unneeded programs running in the background.
Identify StartUp Apps
http://www.pacs-port...tup_content.php (Pacman's Portal)
http://www.answersth...es/tasklist.htm
http://www.3feetunde...artup/list.html
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button