Good morning,
I think i have some malware and when i first boot up a screen pops up stating, "you are here", then it disappears and my regular desktop loads. I have win 98, ie6 and run avg free anti virus. I gope someone can assist me in getting rid of this stuff. here is a 2.02 hij log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:59 AM, on 9/3/08
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YT.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE6.0
O4 - HKUS\.DEFAULT\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE6.0 (User 'Default user')
O4 - .DEFAULT Startup: starttmp (User 'Default user')
O4 - .DEFAULT Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.EXE (User 'Default user')
O4 - .DEFAULT Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\My Music\Webshots\Launcher.exe (User 'Default user')
O4 - Startup: starttmp
O4 - Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Startup: Webshots.lnk = C:\My Music\Webshots\Launcher.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Download with GetRight - C:\My Documents\EAB\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\My Documents\EAB\GetRight\GRbrowse.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipping.net/fvlite/fvliteY.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www4.ci.detroit.mi.us/CityofDetroit...s/acgm/acgm.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7...pdatePortal.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...138/mcfscan.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37390.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks.yahoo.com/YbConvFav.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
--
End of file - 10831 bytes
Thanks for your time.
Full Version: Malware?
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
moved to Malware forum
Welcome to SAF, stibil2.
Nice to see a Win98 log. Brings back memories.
If the message shows early in the boot process, it's not caused by one of the programs in the startup group as they load when the desktop does. So it may be in system.ini, win.ini or the like.
Run HijackThis and click on 'Open the Misc Tools Section'. Click on 'Generate StartupList log' and post the log that results.
Nice to see a Win98 log. Brings back memories.
If the message shows early in the boot process, it's not caused by one of the programs in the startup group as they load when the desktop does. So it may be in system.ini, win.ini or the like.
Run HijackThis and click on 'Open the Misc Tools Section'. Click on 'Generate StartupList log' and post the log that results.
Thank you, here is the hjt start up list:
StartupList report, 9/4/08, 11:31:19 AM
StartupList version: 1.52.2
Started from : C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\MY DOCUMENTS\EAB\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SNDVOL32.EXE
C:\CHAMCHES\CHAMPION.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CallWave.lnk = C:\Program Files\CallWave\IAM.EXE
AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
Webshots.lnk = C:\My Music\Webshots\Launcher.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
AtiCwd32 = Aticwd32.exe
Atitask = Atiptaaa.exe
Primax 3-D Mouse = 3dmoused.exe
SystemTray = SysTray.Exe
AVG7_EMC = C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
AVG7_AMSVR = C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
AVG7_CC = C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
SmcService = C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
Pop-Up Stopper =
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
TweakIco = c:\hp\support\tweakico.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SmcService = C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Shockwave Updater = "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE6.0
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = Notepad.exe %1
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 4/9/2008, 6:3:46)
[Rename]
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 30/8/2008, 13:21:58)
[Rename]
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\GRISOFT\AVG7\BOOTUP.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
set mouse=c:\imouse
c:\imouse\imouse
path C:\WINDOWS;C:\WINDOWS\COMMAND
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\windows
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YT.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
--------------------------------------------------
Enumerating Download Program Files:
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1108/V...en/actsetup.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9E.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab
[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[BuzMeSetup Class]
InProcServer32 = C:\WINDOWS\SYSTEM\NPBMAS.DLL
CODEBASE = http://www.buzme.com/ActiveX/BMAXSetup.cab
[SoundCtl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\NPBMCTRL.DLL
CODEBASE = http://www.buzme.com/ActiveX/NPBMCtrl.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7889.7619907407
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
[FVLiteLoad Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FVLITEX.DLL
CODEBASE = http://flipping.net/fvlite/fvliteY.cab
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab
[GDIChk Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GDICHK.DLL
CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
[ActiveCGM Control]
InProcServer32 = C:\WINDOWS\SYSTEM\ACGM.DLL
CODEBASE = http://www4.ci.detroit.mi.us/CityofDetroit...s/acgm/acgm.cab
[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZINTRO.OCX
CODEBASE = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
[McUpdatePortalFactory Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MCUPDATEPORTAL.DLL
CODEBASE = http://www.amiuptodate.com/vsc/bin/1,0,0,7...pdatePortal.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\MCAFEE.COM\FREESCAN\MCFSCAN.DLL
CODEBASE = http://download.mcafee.com/molbin/iss-loc/...138/mcfscan.cab
[YahooYMailTo Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI20040613.DLL
CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
[PhotosCtrl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YPHOTOS.DLL
CODEBASE = http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
[YAddBook Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\COMMON\YADDBOOK.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yab_af.cab
[RegConfig Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YREGCFG.DLL
CODEBASE = http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
[yucsetreg Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YUCCONFIG.DLL
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll
[TikGames Online Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GPCONTROL.DLL
CODEBASE = http://zone.msn.com/bingame/shpo/default/shapo.cab
[{41564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
[CBrowser Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MINIBR~1.DLL
CODEBASE = http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB
[ZoneBuddy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZBUDDY.OCX
CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
[StadiumProxy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STPROXY.DLL
CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZPACHAT.OCX
CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
[StagingUI Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STAGINGUI.OCX
CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
[ZPA_WheelOfFortune Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZPA_WOF.OCX
CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab
[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBAAS.DLL
CODEBASE = http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
[CRAVOnline Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL
CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab
[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab
[ICSScanner Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ICSSCAN.DLL
CODEBASE = http://download.zonelabs.com/bin/promotion...canner37390.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnviewer.cab
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\OSCAN8.OCX
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL
CODEBASE = http://download.games.yahoo.com/games/popc...aploader_v6.cab
[YbUploadFavsCtl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\BROWSER\YBCONVFAV.DLL
CODEBASE = http://us.bookmarks.yahoo.com/YbConvFav.CAB
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 12,739 bytes
Report generated in 3.713 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 9/4/08, 11:31:19 AM
StartupList version: 1.52.2
Started from : C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\MY DOCUMENTS\EAB\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SNDVOL32.EXE
C:\CHAMCHES\CHAMPION.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CallWave.lnk = C:\Program Files\CallWave\IAM.EXE
AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
Webshots.lnk = C:\My Music\Webshots\Launcher.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
AtiCwd32 = Aticwd32.exe
Atitask = Atiptaaa.exe
Primax 3-D Mouse = 3dmoused.exe
SystemTray = SysTray.Exe
AVG7_EMC = C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
AVG7_AMSVR = C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
AVG7_CC = C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
SmcService = C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
Pop-Up Stopper =
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
TweakIco = c:\hp\support\tweakico.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SmcService = C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Shockwave Updater = "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE6.0
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = Notepad.exe %1
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 4/9/2008, 6:3:46)
[Rename]
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 30/8/2008, 13:21:58)
[Rename]
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\GRISOFT\AVG7\BOOTUP.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
set mouse=c:\imouse
c:\imouse\imouse
path C:\WINDOWS;C:\WINDOWS\COMMAND
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\windows
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YT.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
--------------------------------------------------
Enumerating Download Program Files:
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1108/V...en/actsetup.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9E.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab
[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[BuzMeSetup Class]
InProcServer32 = C:\WINDOWS\SYSTEM\NPBMAS.DLL
CODEBASE = http://www.buzme.com/ActiveX/BMAXSetup.cab
[SoundCtl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\NPBMCTRL.DLL
CODEBASE = http://www.buzme.com/ActiveX/NPBMCtrl.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7889.7619907407
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
[FVLiteLoad Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FVLITEX.DLL
CODEBASE = http://flipping.net/fvlite/fvliteY.cab
[CWDL_DownLoadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\CWDL_DOWNLOAD.DLL
CODEBASE = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab
[GDIChk Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GDICHK.DLL
CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
[ActiveCGM Control]
InProcServer32 = C:\WINDOWS\SYSTEM\ACGM.DLL
CODEBASE = http://www4.ci.detroit.mi.us/CityofDetroit...s/acgm/acgm.cab
[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZINTRO.OCX
CODEBASE = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
[McUpdatePortalFactory Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MCUPDATEPORTAL.DLL
CODEBASE = http://www.amiuptodate.com/vsc/bin/1,0,0,7...pdatePortal.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\MCAFEE.COM\FREESCAN\MCFSCAN.DLL
CODEBASE = http://download.mcafee.com/molbin/iss-loc/...138/mcfscan.cab
[YahooYMailTo Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI20040613.DLL
CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
[PhotosCtrl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YPHOTOS.DLL
CODEBASE = http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
[YAddBook Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\COMMON\YADDBOOK.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yab_af.cab
[RegConfig Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YREGCFG.DLL
CODEBASE = http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
[yucsetreg Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YUCCONFIG.DLL
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll
[TikGames Online Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GPCONTROL.DLL
CODEBASE = http://zone.msn.com/bingame/shpo/default/shapo.cab
[{41564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
[CBrowser Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MINIBR~1.DLL
CODEBASE = http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB
[ZoneBuddy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZBUDDY.OCX
CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
[StadiumProxy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STPROXY.DLL
CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZPACHAT.OCX
CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
[StagingUI Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STAGINGUI.OCX
CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
[ZPA_WheelOfFortune Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZPA_WOF.OCX
CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab
[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBAAS.DLL
CODEBASE = http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
[CRAVOnline Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL
CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab
[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab
[ICSScanner Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ICSSCAN.DLL
CODEBASE = http://download.zonelabs.com/bin/promotion...canner37390.cab
[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnviewer.cab
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\OSCAN8.OCX
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL
CODEBASE = http://download.games.yahoo.com/games/popc...aploader_v6.cab
[YbUploadFavsCtl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\BROWSER\YBCONVFAV.DLL
CODEBASE = http://us.bookmarks.yahoo.com/YbConvFav.CAB
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 12,739 bytes
Report generated in 3.713 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
That log shows nothing as well.
Can you locate Win.ini and open it (it's a text file, so it will open in Notepad). Copy and paste the contents here.
Also, can you give us a little more of a description of the "you are here" message - exactly when it occurs and what it looks like.
Can you locate Win.ini and open it (it's a text file, so it will open in Notepad). Copy and paste the contents here.
Also, can you give us a little more of a description of the "you are here" message - exactly when it occurs and what it looks like.
when i boot the hp logo appears>then a single beep>then win98screen comes up>then dos comes up>then win09 again> then this weird message comes up "you are here">that stays on for about 30 secs>then windows music>then my desktop loads.
here's a foto of my monitor when that message is up:
win.ini log:
[Desktop]
Pattern=(None)
Wallpaper=C:\WINDOWS\APPLIC~1\MICROS~1\INTERN~1\INTERN~1.BMP
TileWallpaper=0
WallpaperStyle=2
[COMPATIBILITY]
INSTALL=0x00400000
NOTIFIER=0x400000
[Embedding]
Package=Package,Package,packager.exe,picture
midfile=MIDI Sequence,MIDI Sequence,c:\windows\mplayer.exe /mid,picture
SoundRec=Wave Sound,Wave Sound,c:\windows\sndrec32.exe,picture
avifile=Video Clip,Video Clip,c:\windows\mplayer.exe /avi,picture
PBrush=Paintbrush Picture,Paintbrush Picture,C:\PROGRA~1\ACCESS~1\MSPAINT.EXE,picture
Paint.Picture=Bitmap Image,Bitmap Image,C:\PROGRA~1\ACCESS~1\MSPAINT.EXE,picture
mplayer=Media Clip,Media Clip,c:\windows\mplayer.exe,picture
Wordpad.Document.1=WordPad Document,WordPad Document,C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,picture
ComicChat.Room.1=Comic Chat Room,Comic Chat Room,C:\PROGRA~1\Chat\CChat.exe,picture
Imaging.Document=Image Document,Image Document,c:\windows\KodakImg.Exe,picture
WangImage.Document=Image Document,Image Document,c:\windows\KodakImg.Exe,picture
[Sounds]
SystemDefault=,
[HPFECP13,LPT1]
DefaultInputMode=4
DefaultOutputMode=6
RelaxState32Timeout=1
DigitalFilterEnable=0
[HPFECP13,HP DeskJet 710C Series,LPT1]
DefaultInputMode=4
DefaultOutputMode=6
RelaxState32Timeout=1
DigitalFilterEnable=0
[Windows]
run=
device=HP DeskJet 710C,HPFDJC13,LPT1:
[devices]
HP DeskJet 710C=HPFDJC13,LPT1:
[PrinterPorts]
HP DeskJet 710C=HPFDJC13,LPT1:,15,45
[extensions]
ZIP=C:\PROGRA~1\WINZIP\winzip32.exe ^.ZIP
LZH=C:\PROGRA~1\WINZIP\winzip32.exe ^.LZH
ARJ=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARJ
ARC=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARC
TAR=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAR
TAZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAZ
TGZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TGZ
TZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TZ
GZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.GZ
Z=C:\PROGRA~1\WINZIP\winzip32.exe ^.Z
CAB=C:\PROGRA~1\WINZIP\winzip32.exe ^.CAB
UU=C:\PROGRA~1\WINZIP\winzip32.exe ^.UU
UUE=C:\PROGRA~1\WINZIP\winzip32.exe ^.UUE
XXE=C:\PROGRA~1\WINZIP\winzip32.exe ^.XXE
B64=C:\PROGRA~1\WINZIP\winzip32.exe ^.B64
HQX=C:\PROGRA~1\WINZIP\winzip32.exe ^.HQX
BHX=C:\PROGRA~1\WINZIP\winzip32.exe ^.BHX
MIM=C:\PROGRA~1\WINZIP\winzip32.exe ^.MIM
[QuickRes]
Options=3
[MCI Extensions]
asf=MPEGVideo2
asx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wmp=MPEGVideo2
wma=MPEGVideo2
wax=MPEGVideo2
wmv=MPEGVideo2
wvx=MPEGVideo2
avi=MPEGVideo
wav=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpe=MPEGVideo
m1v=MPEGVideo
mp2=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
mpa=MPEGVideo
mp3=MPEGVideo
m3u=MPEGVideo
ivf=MPEGVideo2
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
au=MPEGVideo
snd=MPEGVideo
[MCI Extensions.BAK]
asf=MPEGVideo2
asx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wmp=MPEGVideo2
wma=MPEGVideo2
wax=MPEGVideo2
wmv=MPEGVideo2
wvx=MPEGVideo2
avi=MPEGVideo
wav=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpe=MPEGVideo
m1v=MPEGVideo
mp2=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
mpa=MPEGVideo
mp3=MPEGVideo
m3u=MPEGVideo
ivf=MPEGVideo2
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
au=MPEGVideo
snd=MPEGVideo
[Compatibility95]
Juno=0x00000002
[Compatibility32]
Juno=0x00000002
[ActiveScan]
ID={19CCC3C6-77A9-11DC-973E-0011951D4568}
[DrawDib]
pnpdrvr.drv 800x600x16(0)=37,5,5,5
here's a foto of my monitor when that message is up:
win.ini log:
[Desktop]
Pattern=(None)
Wallpaper=C:\WINDOWS\APPLIC~1\MICROS~1\INTERN~1\INTERN~1.BMP
TileWallpaper=0
WallpaperStyle=2
[COMPATIBILITY]
INSTALL=0x00400000
NOTIFIER=0x400000
[Embedding]
Package=Package,Package,packager.exe,picture
midfile=MIDI Sequence,MIDI Sequence,c:\windows\mplayer.exe /mid,picture
SoundRec=Wave Sound,Wave Sound,c:\windows\sndrec32.exe,picture
avifile=Video Clip,Video Clip,c:\windows\mplayer.exe /avi,picture
PBrush=Paintbrush Picture,Paintbrush Picture,C:\PROGRA~1\ACCESS~1\MSPAINT.EXE,picture
Paint.Picture=Bitmap Image,Bitmap Image,C:\PROGRA~1\ACCESS~1\MSPAINT.EXE,picture
mplayer=Media Clip,Media Clip,c:\windows\mplayer.exe,picture
Wordpad.Document.1=WordPad Document,WordPad Document,C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,picture
ComicChat.Room.1=Comic Chat Room,Comic Chat Room,C:\PROGRA~1\Chat\CChat.exe,picture
Imaging.Document=Image Document,Image Document,c:\windows\KodakImg.Exe,picture
WangImage.Document=Image Document,Image Document,c:\windows\KodakImg.Exe,picture
[Sounds]
SystemDefault=,
[HPFECP13,LPT1]
DefaultInputMode=4
DefaultOutputMode=6
RelaxState32Timeout=1
DigitalFilterEnable=0
[HPFECP13,HP DeskJet 710C Series,LPT1]
DefaultInputMode=4
DefaultOutputMode=6
RelaxState32Timeout=1
DigitalFilterEnable=0
[Windows]
run=
device=HP DeskJet 710C,HPFDJC13,LPT1:
[devices]
HP DeskJet 710C=HPFDJC13,LPT1:
[PrinterPorts]
HP DeskJet 710C=HPFDJC13,LPT1:,15,45
[extensions]
ZIP=C:\PROGRA~1\WINZIP\winzip32.exe ^.ZIP
LZH=C:\PROGRA~1\WINZIP\winzip32.exe ^.LZH
ARJ=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARJ
ARC=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARC
TAR=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAR
TAZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAZ
TGZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TGZ
TZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TZ
GZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.GZ
Z=C:\PROGRA~1\WINZIP\winzip32.exe ^.Z
CAB=C:\PROGRA~1\WINZIP\winzip32.exe ^.CAB
UU=C:\PROGRA~1\WINZIP\winzip32.exe ^.UU
UUE=C:\PROGRA~1\WINZIP\winzip32.exe ^.UUE
XXE=C:\PROGRA~1\WINZIP\winzip32.exe ^.XXE
B64=C:\PROGRA~1\WINZIP\winzip32.exe ^.B64
HQX=C:\PROGRA~1\WINZIP\winzip32.exe ^.HQX
BHX=C:\PROGRA~1\WINZIP\winzip32.exe ^.BHX
MIM=C:\PROGRA~1\WINZIP\winzip32.exe ^.MIM
[QuickRes]
Options=3
[MCI Extensions]
asf=MPEGVideo2
asx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wmp=MPEGVideo2
wma=MPEGVideo2
wax=MPEGVideo2
wmv=MPEGVideo2
wvx=MPEGVideo2
avi=MPEGVideo
wav=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpe=MPEGVideo
m1v=MPEGVideo
mp2=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
mpa=MPEGVideo
mp3=MPEGVideo
m3u=MPEGVideo
ivf=MPEGVideo2
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
au=MPEGVideo
snd=MPEGVideo
[MCI Extensions.BAK]
asf=MPEGVideo2
asx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wmp=MPEGVideo2
wma=MPEGVideo2
wax=MPEGVideo2
wmv=MPEGVideo2
wvx=MPEGVideo2
avi=MPEGVideo
wav=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpe=MPEGVideo
m1v=MPEGVideo
mp2=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
mpa=MPEGVideo
mp3=MPEGVideo
m3u=MPEGVideo
ivf=MPEGVideo2
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
au=MPEGVideo
snd=MPEGVideo
[Compatibility95]
Juno=0x00000002
[Compatibility32]
Juno=0x00000002
[ActiveScan]
ID={19CCC3C6-77A9-11DC-973E-0011951D4568}
[DrawDib]
pnpdrvr.drv 800x600x16(0)=37,5,5,5
Thanks for posting that. It makes it very clear. Not that I have any clue as to what's going on as I still don't see what could be causing it. 
Can you locate config.sys and copy/paste its content here. An easy way to get to config.sys is to run Sysedit from the Start > Run line.
Can you locate config.sys and copy/paste its content here. An easy way to get to config.sys is to run Sysedit from the Start > Run line.
whoa, when i run sysedit about 6 different boxes pop up with it is that normal?
Yep...absolutely normal. Just highlight config.sys and copy/paste.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.