Jump to content


Photo

Can't download Hijack This


  • Please log in to reply
38 replies to this topic

#1 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 13 June 2004 - 10:56 AM

This is my first post here. I got hijacked last week by someone taking my browser to "res://mshp.dll/index.html#37049" as the homepage. It also gave me a lot of pop-ps but I wsa otherwise able to navigate normally (albeit slowly). I downloaded Spybot last night. It took care of most the pop-ups but I still get hijacked.
I tried to download HijackThis, but got a message that file :MSVBVM60>DLL was not found. Is this another feature of the spyware or just something my computer (I'm running Windows 98) is lacking?

#2 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 13 June 2004 - 02:26 PM

Please download Coolweb Shredder from here. Unzip it into its own folder and run it hitting fix as opposed to scan only.

Then reboot and try to download hijackthis again, extract it to its own folder and post a log as a reply to this thread. Here are some alternative download locations.

http://www.zerosreal...wnloads/hjt.zip

http://www.spywarein.../HijackThis.exe

http://lurkhere.com/...ackthis1977.zip

#3 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 14 June 2004 - 07:55 PM

Actually, I checked again. Both HijackThis and CWShredder are in my C drive, but I can't open them. Each one gives me the same message that a required DLL file MSVBVM60.DLL is not found. IS this still a download problem?

#4 thorongil

thorongil

    Member

  • New Member
  • Pip
  • 1 posts

Posted 14 June 2004 - 08:54 PM

Similar problem- maybe someone knows if it's really the Same Problem, but XP instead of 98- Cannot download HJT from any site, gets up to 140s of 153KB file and message comes up saying 'CANNOT READ FROM SOURCE DISK'. ALso cannot load from floppy or CD- the drives refuse to 'see' the HJT file. Will not see CWShredder either, but got it to run by typing cwshredder.exe in RUN. If drive won't see HJT, cannot move it to folder, so cannot generate log. Even mIxed in with other files, they're all visible except Shredder and HJT. Already ran minitool. Get hijacked to some "outhost" website. Something regenerates it in registry keys on reboot. Any answers for us?

#5 Xena

Xena

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 14 June 2004 - 10:51 PM

xena deleted comments

Edited by Xena, 14 June 2004 - 11:30 PM.


#6 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 15 June 2004 - 02:39 PM

This error means that you need to upgrade the version of Visual Basic installed on your computer to version 6. You can download what you need at this link: http://download.micr.../vbrun60sp5.exe

thorongil if you would like to start your own thread I'm sure someone will come along and help you.

Edited by nellie2, 15 June 2004 - 02:41 PM.


#7 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 15 June 2004 - 11:25 PM

Sucess!
Here's the log file.

Logfile of HijackThis v1.97.7
Scan saved at 12:25:54 AM, on 6/16/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\CRNA32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\WINDOWS\SYSTEM\IEOH.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\Windows\aheqt.dll/sp.html#37049
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\IEXL\NTHA32.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\SYSQE\SYSQE.DLL (file missing)
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\SYSQE\ATLID32.DLL (file missing)
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
O2 - BHO: (no name) - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLSI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install
O4 - HKLM\..\Run: [IEOH.EXE] C:\WINDOWS\SYSTEM\IEOH.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [CRNA32.EXE] C:\WINDOWS\CRNA32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

Edited by Dave_K, 15 June 2004 - 11:28 PM.


#8 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 16 June 2004 - 03:09 PM

Hi Dave!

You have a coolweb infection! Download CWShredder from here, extract it to it's own folder and then run it with all other windows closed and hit fix as opposed to scan only. Let it fix anything it finds.

Then go here and do an online virus scan.

I see you have Spybot Search and destroy, please click on the update button to make sure that you have the latest updates. Also, ensure you have version 1.3 final. If not then you can get it from this link, but make sure you uninstall the old version before installing the new version.
Home - The home of Spybot-S&D!: http://www.safer-networking.org/

Run Spybot search and Destroy and then reboot.

Then, download Adaware(please ensure you have version 6 build 6. 181)
Downloads - Support - Lavasoft#free: http://www.lavasoftu.../download/#free

The following explains how to set Ad-aware's settings to perform a "Full Scan."
And some settings that should be made prior to using the first time.

In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning

In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot

UNCHECK Automatically try to unregister objects prior to deletion

Click Proceed to save these settings.
Now press "check for updates Now" Always check before scanning.
Click start [x] choose use default scanning options
click next and let it fix anything it finds

Reboot
http://www.lavahelp....scan/index.html

Then post me a fresh hijack log please :wave:

#9 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 June 2004 - 10:19 PM

Hi, Nellie. Hope you've had a good weekend, and thanks for helping. I finally got a chance to do all this and here's the Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 11:12:07 PM, on 6/21/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\CRNA32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\WINDOWS\SYSTEM\IEOH.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\HP INSTANT SUPPORT\COMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\Windows\aheqt.dll/sp.html#37049
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\SYSQE\SYSQE.DLL (file missing)
O2 - BHO: (no name) - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLSI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\Run: [IEOH.EXE] C:\WINDOWS\SYSTEM\IEOH.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [CRNA32.EXE] C:\WINDOWS\CRNA32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

I'm still getting the pop-ups and malicious homepage. Any ideas?

#10 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 22 June 2004 - 05:07 PM

Hi Dave_K

First of all can you put hijackthis into its own folder, when we do a fix it will make backups and if you just leave it at the root of your C drive you will get backups all over your C drive!

Then can you make sure that adaware is updated and that you have the lates reference files.

Then boot into safe mode, run hijackthis and fix the following;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aheqt.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\Windows\aheqt.dll/sp.html#37049

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\SYSQE\SYSQE.DLL (file missing)

O4 - HKLM\..\Run: [IEOH.EXE] C:\WINDOWS\SYSTEM\IEOH.EXE
O4 - HKLM\..\RunServices: [CRNA32.EXE] C:\WINDOWS\CRNA32.EXE

then search for and delete these files

C:\WINDOWS\SYSTEM\IEOH.EXE
C:\WINDOWS\CRNA32.EXE

Then still in safe mode, run Adaware, let it fix what it finds then reboot and post a fresh log!

#11 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 25 June 2004 - 09:00 PM

Hiya, Nellie. Here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 9:55:40 PM, on 6/25/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\HP INSTANT SUPPORT\COMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLSI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

#12 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 26 June 2004 - 03:41 PM

Hi Dave.. we are nearly there.. I hope!! :p

You are now running hijackthis out of a temporary directory, can you create a folder in My Documents and call it 'hijack' or something similar, then move the hijackthis exe into this folder and run it from there.

Then boot into safe mode and fix this item in the same way that you did before

O2 - BHO: (no name) - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLSI.DLL

Still in safe mode have a look for

C:\WINDOWS\ATLSI.DLL if you find it then delete it.

Reboot and post a fresh log please

#13 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 27 June 2004 - 12:35 PM

Hi, Nellie: Here's the log file. I couldn't find any programs C:\WINDOWS|ATLS.DLL but I did find a similar BHO when I ran HijackThis to get the log.
I thought about deleting it but then thought I should check with you first.


Logfile of HijackThis v1.97.7
Scan saved at 1:25:42 PM, on 6/27/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\HP INSTANT SUPPORT\COMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\Windows\aheqt.dll/sp.html#37049
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {BDB24C00-14A7-757E-DA3B-70B5402AC77E} - C:\WINDOWS\ATLSI.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [APPJK32.EXE] C:\WINDOWS\SYSTEM\APPJK32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

#14 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 28 June 2004 - 02:14 PM

:cool:

Download: "StartDreck", from here:
http://members.black...21...tdreck.htm
Unzip to its own folder and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Post the log in this thread.

#15 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 29 June 2004 - 07:33 PM

Nellie, when I tried to access that page I got a notice that "the page does not exist or you have entered the URL incorrectly". The main page is in German so I can't search for the program. Are you sure the address was right?

#16 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 30 June 2004 - 03:31 PM

Yes I thought it was, but I get the same problem when I click on the link... :unsure:

try this one

http://members.black.../startdreck.zip

or this one

http://www10.brinkst...st/Win98Fix.zip

Edited by nellie2, 30 June 2004 - 03:35 PM.


#17 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 05 July 2004 - 08:36 PM

Hi, Nellie.
Here it is:

StartDreck (build 2.1.5 public BETA) - 2004-07-05 @ 21:31:43
Platform: Windows 98 (Win 4.10.1998 )

»Registry
»Run Keys
»Current User
»Run
*Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
»RunOnce
»Default User
»Run
*Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
»RunOnce
»Local Machine
»Run
*SystemTray=SysTray.Exe
*AtiCwd32=Aticwd32.exe
*AtiKey=Atitask.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*AccessRampMonitor="C:\Program Files\EarthLink\FastLane\ARMon32.exe"
*VsecomrEXE=C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
*Vshwin32EXE=C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
*mgavrtclexe=C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
*hpinstantsupport="c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*Vshwin32EXE=C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
*mgavrtclexe=C:\Windows\MCBin\AV\Rt\mgavrte.exe
*APPJK32.EXE=C:\WINDOWS\SYSTEM\APPJK32.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
*.bat
*batfile="%1" %*
*.com
*comfile="%1" %*
*.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
*.exe
*exefile="%1" %*
*.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
*.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
*.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
*.js
*JSFile=C:\Windows\WScript.exe "%1" %*
*.jse
*JSEFile=C:\Windows\WScript.exe "%1" %*
*.pif
*piffile="%1" %*
*.scr
*scrfile="%1" /S
*.txt
*txtfile=C:\Windows\NOTEPAD.EXE %1
*.vbs
*VBSFile=C:\Windows\WScript.exe "%1" %*
*.vbe
*VBEFile=C:\Windows\WScript.exe "%1" %*
*.wsh
*WSHFile=C:\Windows\WScript.exe "%1" %*
*.wsf
*WSFFile=C:\Windows\WScript.exe "%1" %*
*.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*Class/{BDB24C00-14A7-757E-DA3B-70B5402AC77E}
`InprocServer32=C:\WINDOWS\ATLSI.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Greetings Reminders.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Reminder-hpc41001.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\CAMEDIA Master.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Greetings Reminders.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Reminder-hpc41001.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\CAMEDIA Master.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=hpfsched
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\WINDOWS\msdos.sys
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\dosstart.bat
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
*FFCFE7FF=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFE3B9B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFE2D0B=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE0BE7=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFEBADF=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFE71EF=C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
*FFFED933=C:\WINDOWS\EXPLORER.EXE
*FFFD1F9F=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFD69F7=C:\WINDOWS\SYSTEM\ATICWD32.EXE
*FFFD1C57=C:\WINDOWS\SYSTEM\ATITASK.EXE
*FFFDB30F=C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
*FFFD89A3=C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
*FFFDC16B=C:\WINDOWS\CWD3DSND.EXE
*FFFC2323=C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
*FFFD99DB=C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
*FFFD498F=C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
*FFFCBC03=C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
*FFFCA873=C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
*FFFC846F=C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
*FFFC497F=C:\WINDOWS\SYSTEM\TAPISRV.EXE
*FFF97E9B=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFFD4893=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*FFFB602F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
*FFF8DEAF=C:\WINDOWS\SYSTEM\PSTORES.EXE
*FFFAE28F=C:\STARTDRECK\STARTDRECK.EXE
»NT Services
»Application specific

(And did I tell you thanks for being so patient with me and giving so much help?)

#18 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 06 July 2004 - 05:05 PM

Hello Dave, I was wondering where you had gotten too!!! :)

I don't see the bad file I was expecting to see in the startdreck log! Which is a bit of a nuisance!! :(

Adaware however has been updated to deal with some of these variants.. so we will give that a go before anything else.

Open up Adaware and click on the check for updates link... download any updates and then boot into safe mode <--- this is important.

Run Adaware and let it fix what it finds, then reboot into normal mode... perhaps it may be an idea to reboot a couple of times... then post me a fresh log. If the problem is still there then I will ask for some help ;)

#19 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 06 July 2004 - 08:53 PM

:wave: Hi, Nellie. Actually I was on vacation for a bit. I should mention that you've done a lot of good already. I haven't seen a pop-up in a while and the coolweb bogus homepage is gone, replaced by the real msn.com page. I can't change the homepage setting though, and my computer's still real slow, so something is still lurking in there. :unsure:
Anyway, here's the log:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, July 06, 2004 9:00:42 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R329 06.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-6-04 9:00:42 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291816133
Threads : 5
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294850209
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294844465
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294837537
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294883325
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright © Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 6/18/03 2:32:18 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 6/18/03 2:32:20 AM

#:6 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\PLUS!\VIRUSCAN\
ProcessID : 4294868205
Threads : 3
Priority : Normal
FileSize : 139 KB
FileVersion : 3.1.6
ProductVersion : 3.1.6
Copyright : Copyright
CompanyName : Network Associates Inc
FileDescription : VShield
InternalName : VShield
OriginalFilename : VSHWIN95.EXE
ProductName : McAfee VirusScan
Created on : 5/22/99 12:37:31 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/1/98 8:01:02 PM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294901165
Threads : 11
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 5/12/98 12:01:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:8 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294799361
Threads : 1
Priority : Normal
FileSize : 36 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:9 [aticwd32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294799561
Threads : 1
Priority : Normal
FileSize : 20 KB
FileVersion : 4.10.2339
ProductVersion : 4.10.2339
Copyright : Copyright
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATICWD32
OriginalFilename : ATICWD32.EXE
ProductName : ATI Technologies Inc.
Created on : 9/30/98 5:30:55 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 3/23/98 11:11:56 AM

#:10 [atitask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294817897
Threads : 1
Priority : Normal
FileSize : 184 KB
FileVersion : 4.10.2304
ProductVersion : 4.10.2304
Copyright : Copyright
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Application
InternalName : AtiTask
OriginalFilename : AtiTask
ProductName : ATI Technologies, Inc.
Created on : 9/30/98 5:30:54 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 6/3/98 7:22:58 PM

#:11 [armon32.exe]
FilePath : C:\PROGRAM FILES\EARTHLINK\FASTLANE\
ProcessID : 4294807965
Threads : 2
Priority : Normal
FileSize : 61 KB
FileVersion : 4,0,0,2
ProductVersion : 4,0,0,27
Copyright : Copyright
CompanyName : Inverse Network Technology
FileDescription : ARMon32
InternalName : ARMon32
OriginalFilename : ARMon32.exe
ProductName : Inverse IP InSight
Created on : 5/18/99 2:19:33 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 3/17/99 11:23:48 PM

#:12 [reminder.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\
ProcessID : 4294826429
Threads : 1
Priority : Normal
FileSize : 35 KB
FileVersion : 7.00.0724
ProductVersion : 7.00.0724
Copyright : Copyright © Microsoft Corp. 1990-1998. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Reminder
InternalName : REMINDER
OriginalFilename : REMINDER.EXE
ProductName : Microsoft Money
Created on : 7/25/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 7/25/98 4:00:00 AM

#:13 [cwd3dsnd.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294706365
Threads : 1
Priority : Normal
FileSize : 202 KB
FileVersion : 4.05.2720
ProductVersion : 4.05.2720
Copyright : Copyright
CompanyName : Crystal Semiconductor, Inc.
FileDescription : Crystal 3D Audio Control
InternalName : CWD3DSND
OriginalFilename : CWD3DSND.EXE
ProductName : Crystal Ware ™ Windows Audio Drivers
Created on : 9/30/98 5:31:02 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 4/1/98 4:27:20 AM

#:14 [findfast.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\
ProcessID : 4294734857
Threads : 2
Priority : Normal
FileSize : 108 KB
Copyright :

Created on : 8/19/97 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/19/97 4:00:00 AM

#:15 [osa.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\
ProcessID : 4294724589
Threads : 1
Priority : Normal
FileSize : 50 KB
Created on : 8/19/97 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/19/97 4:00:00 AM

#:16 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\MSWORKS\CALENDAR\
ProcessID : 4294748897
Threads : 2
Priority : Normal
FileSize : 66 KB
FileVersion : 1,0,1,1921
ProductVersion : 1,0,1,1921
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Works Calendar Advise/Reminder Server
InternalName : Advise Server
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft Works
Created on : 7/21/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 7/21/98 4:00:00 AM

#:17 [mhprmind.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\
ProcessID : 4294745285
Threads : 1
Priority : Normal
FileSize : 40 KB
FileVersion : 3, 0, 1, 2006
ProductVersion : 3, 0, 0, 0
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Graphics Studio Home Publishing & Greetings
InternalName : Microsoft Graphics Studio Home Publishing & Greetings
OriginalFilename : MHPRMNDD.EXE
ProductName : Microsoft Graphics Studio Home Publishing & Greetings
Created on : 8/13/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/13/98 4:00:00 AM

#:18 [remind32.exe]
FilePath : C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\
ProcessID : 4294738249
Threads : 1
Priority : Normal
FileSize : 66 KB
Copyright : : Microsoft Corporation
FileDescription : Microsoft Graphics Studio Home Publishing & Greetings
InternalName : Microsoft Graphics Studio Home Publishing & Greetings
OriginalFilename : MHPRMNDD.EXE
ProductName : Microsoft Graphics Studio Home Publishing & Greetings
Created on : 8/13/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/13/98 4:00:00 AM

#20 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 06 July 2004 - 08:54 PM

:wave: Hi, Nellie. Actually I was on vacation for a bit. I should mention that you've done a lot of good already. I haven't seen a pop-up in a while and the coolweb bogus homepage is gone, replaced by the real msn.com page. I can't change the homepage setting though, and my computer's still real slow, so something is still lurking in there. :unsure:
Anyway, here's the log:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, July 06, 2004 9:00:42 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R329 06.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-6-04 9:00:42 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291816133
Threads : 5
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294850209
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294844465
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294837537
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294883325
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright © Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 6/18/03 2:32:18 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 6/18/03 2:32:20 AM

#:6 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\PLUS!\VIRUSCAN\
ProcessID : 4294868205
Threads : 3
Priority : Normal
FileSize : 139 KB
FileVersion : 3.1.6
ProductVersion : 3.1.6
Copyright : Copyright
CompanyName : Network Associates Inc
FileDescription : VShield
InternalName : VShield
OriginalFilename : VSHWIN95.EXE
ProductName : McAfee VirusScan
Created on : 5/22/99 12:37:31 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/1/98 8:01:02 PM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294901165
Threads : 11
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 5/12/98 12:01:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:8 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294799361
Threads : 1
Priority : Normal
FileSize : 36 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 7/6/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:9 [aticwd32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294799561
Threads : 1
Priority : Normal
FileSize : 20 KB
FileVersion : 4.10.2339
ProductVersion : 4.10.2339
Copyright : Copyright
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATICWD32
OriginalFilename : ATICWD32.EXE
ProductName : ATI Technologies Inc.
Created on : 9/30/98 5:30:55 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 3/23/98 11:11:56 AM

#:10 [atitask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294817897
Threads : 1
Priority : Normal
FileSize : 184 KB
FileVersion : 4.10.2304
ProductVersion : 4.10.2304
Copyright : Copyright
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Application
InternalName : AtiTask
OriginalFilename : AtiTask
ProductName : ATI Technologies, Inc.
Created on : 9/30/98 5:30:54 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 6/3/98 7:22:58 PM

#:11 [armon32.exe]
FilePath : C:\PROGRAM FILES\EARTHLINK\FASTLANE\
ProcessID : 4294807965
Threads : 2
Priority : Normal
FileSize : 61 KB
FileVersion : 4,0,0,2
ProductVersion : 4,0,0,27
Copyright : Copyright
CompanyName : Inverse Network Technology
FileDescription : ARMon32
InternalName : ARMon32
OriginalFilename : ARMon32.exe
ProductName : Inverse IP InSight
Created on : 5/18/99 2:19:33 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 3/17/99 11:23:48 PM

#:12 [reminder.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\
ProcessID : 4294826429
Threads : 1
Priority : Normal
FileSize : 35 KB
FileVersion : 7.00.0724
ProductVersion : 7.00.0724
Copyright : Copyright © Microsoft Corp. 1990-1998. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Reminder
InternalName : REMINDER
OriginalFilename : REMINDER.EXE
ProductName : Microsoft Money
Created on : 7/25/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 7/25/98 4:00:00 AM

#:13 [cwd3dsnd.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294706365
Threads : 1
Priority : Normal
FileSize : 202 KB
FileVersion : 4.05.2720
ProductVersion : 4.05.2720
Copyright : Copyright
CompanyName : Crystal Semiconductor, Inc.
FileDescription : Crystal 3D Audio Control
InternalName : CWD3DSND
OriginalFilename : CWD3DSND.EXE
ProductName : Crystal Ware ™ Windows Audio Drivers
Created on : 9/30/98 5:31:02 PM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 4/1/98 4:27:20 AM

#:14 [findfast.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\
ProcessID : 4294734857
Threads : 2
Priority : Normal
FileSize : 108 KB
Copyright :

Created on : 8/19/97 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/19/97 4:00:00 AM

#:15 [osa.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\
ProcessID : 4294724589
Threads : 1
Priority : Normal
FileSize : 50 KB
Created on : 8/19/97 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/19/97 4:00:00 AM

#:16 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\MSWORKS\CALENDAR\
ProcessID : 4294748897
Threads : 2
Priority : Normal
FileSize : 66 KB
FileVersion : 1,0,1,1921
ProductVersion : 1,0,1,1921
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Works Calendar Advise/Reminder Server
InternalName : Advise Server
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft Works
Created on : 7/21/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 7/21/98 4:00:00 AM

#:17 [mhprmind.exe]
FilePath : C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\
ProcessID : 4294745285
Threads : 1
Priority : Normal
FileSize : 40 KB
FileVersion : 3, 0, 1, 2006
ProductVersion : 3, 0, 0, 0
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Graphics Studio Home Publishing & Greetings
InternalName : Microsoft Graphics Studio Home Publishing & Greetings
OriginalFilename : MHPRMNDD.EXE
ProductName : Microsoft Graphics Studio Home Publishing & Greetings
Created on : 8/13/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/13/98 4:00:00 AM

#:18 [remind32.exe]
FilePath : C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\
ProcessID : 4294738249
Threads : 1
Priority : Normal
FileSize : 66 KB
Copyright : : Microsoft Corporation
FileDescription : Microsoft Graphics Studio Home Publishing & Greetings
InternalName : Microsoft Graphics Studio Home Publishing & Greetings
OriginalFilename : MHPRMNDD.EXE
ProductName : Microsoft Graphics Studio Home Publishing & Greetings
Created on : 8/13/98 4:00:00 AM
Last accessed : 7/6/04 4:00:00 AM
Last modified : 8/13/98 4:00:00 AM

#21 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 08 July 2004 - 03:36 PM

oh, I'm not very good at adaware logs!! What I meant was, boot into safe mode and run adaware and let it fix what it finds.

Then reboot and post another hijack log.. :cool:

#22 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 July 2004 - 05:57 AM

Oops. Hijack log coming up:

Logfile of HijackThis v1.97.7
Scan saved at 6:50:28 AM, on 7/9/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\Windows\aheqt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\Windows\aheqt.dll/sp.html#37049
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {BDB24C00-14A7-757E-DA3B-70B5402AC77E} - C:\WINDOWS\ATLSI.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [APPJK32.EXE] C:\WINDOWS\SYSTEM\APPJK32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

#23 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 09 July 2004 - 05:33 PM

I haven't forgotten you dave, will get back to you asap :cool:

#24 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 10 July 2004 - 07:55 AM

I'm back.... been getting some lessons in the back room!! :p

Please download About:Buster and unzip it to your desktop.

Then boot into safe mode, Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

But before you do, whilst still in safe mode, run adaware again and let it fix what it finds.

Then reboot and post the logs.

#25 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 10 July 2004 - 06:33 PM

Nellie: When I tried opening AboutBusters in Safe mode, I got an error message

Component "MsComCtl.ocx" or one of its dependencies not correctly registered. A file is missing or invalid.

Is there another file I need to download? Is this just not my day?

#26 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 11 July 2004 - 10:02 AM

Hi Dave, may need to install the Visual Basic 6 runtimes files below

Download them here and install them.

#27 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 12 July 2004 - 04:24 PM

Dave... forget what I said in my last post... you already did the visual basic thing!! Sorry. :whistle:

I've gotten some advice from the developer of About:Buster (thanks RubbeR DuckY :wub: )

You need to download and run this

#28 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 12 July 2004 - 07:06 PM

Thanks, Nellie (and Rubber Ducky!). I was able to run AboutBusters with the help of the missingfile download.
I'm facing a bit of a catch-22 posting the log, though. When I boot out of Safe mode to go back on line, I lose the file from my copy&paste function. I tried running AboutBusters in regular mode, but it wouldn't give me a log.
However, here's the HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 7:56:36 PM, on 7/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HP INSTANT SUPPORT\COMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\NEW FOLDER (2)\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {BDB24C00-14A7-757E-DA3B-70B5402AC77E} - C:\WINDOWS\ATLSI.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [APPJK32.EXE] C:\WINDOWS\SYSTEM\APPJK32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

#29 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 12 July 2004 - 07:36 PM

It looks like we are almost there now,

Bring up Task Manager and end this process

C:\WINDOWS\SYSTEM\APPJK32.EXE

Then have hijackthis fix the following

O2 - BHO: (no name) - {BDB24C00-14A7-757E-DA3B-70B5402AC77E} - C:\WINDOWS\ATLSI.DLL (file missing)

O4 - HKLM\..\RunServices: [APPJK32.EXE] C:\WINDOWS\SYSTEM\APPJK32.EXE

Boot into safe mode again and delete this file

C:\WINDOWS\SYSTEM\APPJK32.EXE

Then reboot and post me a fresh log.... oh and hijackthis has been updated to version 1.98.0 You can update yours by clicking on config > misc tools> check for update online.

#30 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 13 July 2004 - 09:28 PM

Umm, Nellie. :oops: How do I bring up Task Manager? I realize this is a dumb question but I really can't find it anywhere. Did it have a different name with Windows 98?

#31 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 14 July 2004 - 06:27 AM

Sorry Dave, I should have said.... if you press Ctrl - Alt - Del together it should bring up the task manager.... :cool:

#32 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 15 July 2004 - 08:56 PM

I tried Task Manager and it doesn't have a process that looks anything like APPJK32.exe. Can't find the file anywhere in Windows either.
Can you help?
And thanks again, nellie--you've been incredibly patient with my cyber-ineptness. :)

#33 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 16 July 2004 - 04:22 PM

Dave.... when we get married I will just have to sort you out!! :D :D :D

Task manager in W98 is a bit basic, please don't worry about it.

Boot into safe mode then and have hijackthis fix the following

O2 - BHO: (no name) - {BDB24C00-14A7-757E-DA3B-70B5402AC77E} - C:\WINDOWS\ATLSI.DLL (file missing)

O4 - HKLM\..\RunServices: [APPJK32.EXE] C:\WINDOWS\SYSTEM\APPJK32.EXE

Go to start > search and do a search for APPJK32.EXE If you can find it then delete it, if not.... well... post me another hijack log and lets see if it is still there. :whistle:

#34 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 19 July 2004 - 09:33 PM

Aw, gee Nellie, I didn't realize my prose style was so appealing! :wub:

Anyway I ran HijackThis and neither of the files you told me to fix were in there. This seems too good to be true--can it be that the problem's fixed?? :bounce:

Take a peek at the log:
Logfile of HijackThis v1.97.7
Scan saved at 10:07:29 PM, on 7/19/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EARTHLINK\FASTLANE\ARMON32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\HP DESKJET 690C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\HP INSTANT SUPPORT\COMMON\MOTIVEDIRECTORY.EXE
C:\NEW FOLDER (2)\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AccessRampMonitor] "C:\Program Files\EarthLink\FastLane\ARMon32.exe"
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpinstantsupport] "c:\program files\hp instant support\bin\matcliwrapper.exe" "c:\program files\hp instant support\" -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\Windows\MCBin\AV\Rt\mgavrte.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://cbop.lifepics...oad/xupload.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8006.8169907407

#35 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 20 July 2004 - 03:01 PM

Well Dave I've peeked and you look as clean as a whistle!! :bounce:

Have a look at this article by Tony Klein, it contains some useful information and some download links.

If the problem does come back.... and it might, :( Just post to this thread.. It's been nice working with you. ;)

#36 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 20 July 2004 - 07:45 PM

It looks like the only problem is that I can't change my homepage from the default, but I can live with that. :cool:

I just wanted to say Thanks and Thanks again to you for all the patience and help you've shown me.
You and all your friends are on my Good List forever. :wave:

#37 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 21 July 2004 - 01:32 PM

Dave all is not lost.... you can set your home page to where ever you wish.

I take it that at the moment, when you go to Tools > Internet Options the option for setting your home page is greyed out.

Open up Spybot Search and Destroy in Advanced mode, click on tools>IE tweaks and see if the option to lock your IE start page is ticked. If it is then untick it for now, change your home page and then retick it if you want it to stay locked. :)

#38 Dave_K

Dave_K

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 22 July 2004 - 08:28 PM

It worked, Nellie. That's one more I owe you! :)

#39 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 23 July 2004 - 06:02 PM

*sigh, the end of a beautiful relationship... keep safe whilst on the net Dave and although I will miss talking to you I am glad your problems are resolved at last!! :wave:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button