Hi, i've been browsing the forums trying to find a fix for my comp. i've checked others posts about regedit, norton, etc. closing after a few seconds, but havent been able to narrow down exactly what is causing my problem. I've ran the HijackThis program and this is my log: Logfile of HijackThis v1.97.7 Scan saved at 12:36:22 AM, on 1/13/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\DELLMMKB.exe C:\WINDOWS\System32\qttask.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\WINDOWS\System32\msdv32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost32.exe C:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ O1 - Hosts: 216.177.73.139 auto.search.msn.com O1 - Hosts: 216.177.73.139 search.netscape.com O1 - Hosts: 216.177.73.139 ieautosearch O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINDOWS\System32\netpal.dll (file missing) O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL O2 - BHO: (no name) - {730F2451-A3FE-4A72-938C-FC8A74F15978} - C:\WINDOWS\System\BHO.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.exe -b O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Device Configuration Loader] msdv32.exe O4 - HKLM\..\Run: [Index Service] dllhost32.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O4 - HKLM\..\RunServices: [Device Configuration Loader] msdv32.exe O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Pop-Up Stopper.lnk = C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1144209ec7476cb59906/netzip/RdxIE.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - If anyone could help, i would greatly appreciate it.

DELLMMKB.EXE I came to the conclusion is somekind of program for controlling buttons on a Dell computer. I'm not sure though because I couldn't find much info on it. You might want to check that if you don't know what it is. BHO001.DLL is adware. netpal.dll is adware. BHO.DLL is adware. NvCplDaemon is adware/spy I believe. RdxIE.cab might be adware, I don't know because I couldn't find info for it, but it was installed from the internet. iesnoopy.cab just sounds suspicious. vxpspeeddelivery.dll might be adware as well. What you need is a spy/adware scanner. Adaware is what most people use. I use Spy Sweeper because I find it works better. If you do that, it will probably clear a bunch of that crap out. Other than that I didn't see any problems. <><><>Tope<><><>

T, First put HijackThis.exe in it's own folder, it makes backups of the things it removes in case there is a problem. Close all browser windows\windows and have HijackThis fix the following by checking the box beside each and clicking on Fix. O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINDOWS\System32\netpal.dll (file missing) O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL O2 - BHO: (no name) - {730F2451-A3FE-4A72-938C-FC8A74F15978} - C:\WINDOWS\System\BHO.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.exe -b O4 - HKLM\..\Run: [Device Configuration Loader] msdv32.exe O4 - HKLM\..\Run: [Index Service] dllhost32.exe O4 - HKLM\..\RunServices: [Device Configuration Loader] msdv32.exe O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1144209ec7476cb59906/netzip/RdxIE.cab O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll Make sure Hidden file and folders are showing, here is a link on how. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Now reboot (Not just log off and back on) and delete the following. C:\WINDOWS\System\WinStart001.exe <<This file C:\WINDOWS\System32\msdv32.exe <<This file C:\WINDOWS\System32\dllhost32.exe <<This file Now rescan with HJT and post a fresh log to make sure nothing was missed. Have a nice day. :) Trpm