Whoa! Either you ran HijackThis in Safe Mode, or you're running the thinnest Win install I've ever seen. What's this one? C:\WINDOWS\DESKTOP\MISC\TROUBLESHOOTING\SPY

0

Snakedog, I have all my Startup programs disabled trying to troubleshoot this pain in the butt. The line, C:\WINDOWS\DESKTOP\MISC\TROUBLESHOOTING\SPY is just the location of the folder that I have HijackThis and Spybot etc. in right now. The "Spy Crap" is a name I put on the folder. Shows my love for spyware and viruses right now. You know, I remember that one of many scans I have done on my system did show a reference to the W97M/Class virus I believe. Perhaps that is what Panda disinfected, but I still do have major slowdown. Anyways, I think that virus was a low priority one, and I don't remember any of the payload symptoms relating to that particular one. I think it might be more frustrating that my system functions but hesitates and is slow. Also, that it did run fast in normal mode right after the Panda scan. I have run subsequent Panda scans, nothing found and system speed still slow. HijackThis and CWShredder sometimes will not load at all.

0

I don't see anything amiss. Sounds like it could be hardware. How old is that computer? I notice you're running the original version of Win98. If the hardware's as old as your version of Windows, I wouldn't be surprised if it's hardware. Hardware failures are seldom clean, usually come as gradual deterioration of performance. Might try one last AV scan here: http://www.ravantivirus.com/scan/indexie.php It's RAV online scan...the best. Good luck.

0

Thanks for trying Snakedog, I already gave the RAV scan a shot, and nothing came up. My system is an old dog and slow at 333Mhz, but it's funny that the other than a whole system slowdown, the programs that really hang are the shredder and HijackThis. I'll keep at it.

0

There was a glitch in earlier versions of CWShredder that said it was trying to be shut down when it wasn't. Do you have the latest version 1.53.4? It works for me D4

0

Yep, I have the latest update. Actually, I just ran it, and got the same flag. It takes forever for it to actually load and then finds nada. I even deleted it and downloaded a fresh/latest version thinking this might help, nope.

0

Post a HJT log taken from the computer while running in normal mode, there may be something funny going on. Also have you tried a repair of Internet Explorer, sometimes it can be that simple. It works for me D4

0

D4, Here is my log in normal mode: Logfile of HijackThis v1.97.7 Scan saved at 6:28:54 AM, on 3/28/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\DESKTOP\MISC\TROUBLESHOOTING\SPY CRAP\HIJACKTHIS\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.com/ O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4343/mcfscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38072.3950810185 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab As you can see I've been trying any scanner I could find. The frustrating thing is that I would almost accept that maybe I have a software conflict, or my system is just not fast enough to handle the little I have going. But after I run an online virus scan, the system loads and runs the virus/spyware programs fast and easy. The worst part is that those same scans say they have found nothing, but I will reboot and the hanging will begin. I have to reiterate that there is an overall slowdown on my system, but a definite extreme slowdown and sometimes hanging with CWShredder and HiJackThis especially. Even a reg cleaner had to fight to work. Maybe it is just a conflict somewhere but I'm just not sure.

0

Rune Go back to msconfig, re-check whatever you unchecked in there, reboot, post new hijack log...you said earlier you had unchecked everything in msconfig...that's why we see hardly anything in your log. Yes you might start some nasties if you have em but it's the only way we will see them. Also...do you have IE-Spyad installed?...if you do...that will slow down hijack alot because hijack also scans sections in internet security settings...trusted zones etc. (ie-spyad puts thousands of bad sites in restricted zone) If you think you have smartsearch...here is the download link to get smartsearch removal tool: (direct download) http://www.safer-networking.org/files/delcwssk.zip Unzip, go offline, d.click to run, then try shredder and hijack. ____________________________________ I never give up! Windows Update

0

Hi Blender, This is my normal running HijackThis log. There are only a few more things added. I try to keep thing streamlined to avoid conflicts and try to maximize my PC's speed. Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.exe C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.exe C:\WINDOWS\DESKTOP\MISC\TROUBLESHOOTING\SPY CRAP\HIJACKTHIS\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.com/ O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET O4 - HKLM\..\Run: [ESSOLO] ESSOLO.exe O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakLogon O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4343/mcfscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38072.3950810185 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab As a side note, I tried Defrag. my drive and kept getting the message that the contents keep changing. I have my screensaver disabled and did not move the mouse. Could this be Norton or is there something insidious running in the background. Maybe there is nothing wrong, but why do things run in Safe Mode without a glitch. Other than Windows drivers not being used, what is the difference bet. safe mode and normal mode? I don't see anything amiss when I use MSConfig to check the lines in Config.sys and Autoexec.bat, but I'm sure some malware will not list things as run=trojan.exe. I know on my friend's system which is slower than mine, CWShredder and HijackThis run smoothly and load quickly. I hope this little info. will be useful.. Rune.

0

I don't know if this is significant, or maybe I missed a setting. When I try to use Spybot S&D immunize feature that blocks downloads silently, the feature keeps getting diabled. I can check it and the green check appears but if I close and reopen the program, the feature is disabled again. Could Adaware being doing this or something else?

0

I can't see any problems at all in the HJT log.(I'm no true expert but I try BTW). Did the slowdown start after the installation of Nortons 2004? I've read quite a few items on this and the fact that it is extremely resource hungry. Also try disabling the TweakUI automatic logon. I noticed this tended to slow some things down (there are listed problems with it on Micro$ofts site) It works for me D4

0

Rune When doing a defrag you also need to disable norton antivirus because as windows is re-arranging files Norton is trying to scan them. The reason I asked you to check everything in msconfig is there may be some things in there not immediately recognizable by most people, and because you disabled its startup Hijack won't see it. You can always set things back to how you had them before later...I'm just looking for possible malware causing all these problems. That thing with spybot's immunize feature being disabled...that is weird, something is disabling it on you. Lets try another log... Start hijackthis again Click "config" Click "misc tools" Under generate startup list log check: list also minor sections list empty sections Click "generate startupList log" Ok the prompt Paste results here. __________________________ I never give up! Windows Update

0

Blender, Do you want me check off what I usually have checked and what was checked when this all happened, or do you want me to go in MSConfig and check everything in Startup off? I'm not sure if HijackThis will load if I check everything but I'll try. Not to run on, but I was trying to think of the events happening when I first noticed this kind of stuff. Seems I noticed getting disconnected from the net and my modem screeching and having to do a hard reboot. Online Housecall discovered W97M/Class virus in my Microsoft Office templates with Class.sys in system. Housecall did not remove it, so I ran a Panda scan. The scan did find one infected file and disinfected it. Unfortunately, the scan hung-up and I did not see what specific virus it was, perhaps it was the W97 one. Curiously, following that Panda scan my system did run just like it used to and HiJackThis and Shredder loaded fast. After a restart, the same slowdown. I just downloaded the Trojan scanner TDS-3 Shareware and tried to go online to update it. I happened to have MSOffice shortcut bar, systray.exe and essentially the stuff listed in the above log. I kept getting disconnected adn TDS-3 would not load. Funny enough, I heard that same screeching from my modem. It seems that I can run everything is Safe Mode but I don't know enough about what loads in Normal Mode to pinpoint where the bugga is hiding. I don't think that W97M virus, from what I have read, was sophisticated enough to resist only certain anti-virus/trojan programs. I just don't know.

0

Okay Blender, I never knew HijackThis had that function. Right now, my system is really "tweakin'" out on me. The only way I could get HijackThis to load was to disable all my startup programs, so I don't know if this log will be helpful. It might not matter since it shows everything that autoruns. Here it is, I'm sorry it's pretty lengthy. StartupList report, 3/29/04, 5:43:17 AM StartupList version: 1.52 Started from : C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS.exe Detected: Windows 98 Gold (Win9x 4.10.1998) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\SYSTEM\RNAAPP.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\JUNO\BIN\JUNO.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\All Users\Start Menu\Programs\StartUp] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S --------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\SYSTEM\MSHTA.exe "%1" %* --------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [SetupcPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf [AppletsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf [FontsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf [{5A8D6EE0-3E18-11D0-821E-444553540000}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36 [PerUser_ICW_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} [{89820200-ECBD-11cf-8B85-00AA005B4395}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] * StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [PerUser_Msinfo] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf [PerUser_Msinfo2] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf [MotownMmsysPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf [MotownAvivideoPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf [PerUser_Base] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf [ShellPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf [Shell2PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf [PerUser_winbase_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf [PerUser_winapps_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf [PerUser_LinkBar_URLs] * StubPath = c:\windows\COMMAND\sulfnbk.exe /L [TapiPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf [PerUserOldLinks] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf [MmoptRegisterPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf [OlsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf [PerUser_Paint_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf [PerUser_Calc_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf [PerUser_dxxspace_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf [PerUser_MSBackup_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf [PerUser_CVT_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf [PerUser_Enable_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf [MotownRecPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf [PerUser_Vol] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf [MotownMPlayPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\motown.inf [PerUser_MSWordPad_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf [PerUser_RNA_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf [PerUser_Wingames_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Sysmon_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Sysmeter_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf [PerUser_netwatch_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf [PerUser_CharMap_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Onlinelnks_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Dialer_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [PerUser_ClipBrd_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf [{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxprs16.inf,PerUserStub [MmoptMusicaPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf [MmoptJunglePerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf [MmoptRobotzPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf [MmoptUtopiaPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf [PerUser_CDPlayer_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 [OlsAolPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\windows\INF\ols.inf [OlsAttPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\windows\INF\ols.inf [OlsCompuservePerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\windows\INF\ols.inf [OlsProdigyPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\windows\INF\ols.inf [OlsMsnPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUserRemove 64 c:\windows\INF\ols.inf [Shell3PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf [Theme_Windows_PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf [Theme_MoreWindows_PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exeadvpack.dll [>IEPerUser] * StubPath = RUNDLL32.exe IEDKCS32.DLL,BrandIE4 SIGNUP [Chlen-us] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub [PerUser_DCC_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02} [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfldrs.inf,PerUserStub.Install,1 [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserRemove [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP --------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* --------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll --------------------- Checking for EXPLORER.exe instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present --------------------- C:\WINDOWS\WININIT.INI listing: *File not found* --------------------- C:\WINDOWS\WININIT.BAK listing: (Created 28/3/2004, 22:55:46) [rename] NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp --------------------- C:\AUTOEXEC.BAT listing: rem - By Windows 98 Network - c:\windows\net start rem - By Windows 98 Network - c:\windows\net start rem - By Windows 98 Network for Netware Upgrade - c:\windows\lsl.com rem - By Windows 98 Network - c:\windows\net start C:\PROGRA~1\NORTON~1\NAVDX.exe /Startup ECHO OFF PATH=c:\windows;c:\windows\command;c:\ibmtools;c:\; LH DOSKEY rem - By Windows 98 Network for Netware Upgrade - c:\windows\odihlp.exe C:\essolo.com --------------------- C:\CONFIG.SYS listing: DEVICE=C:\essolo.sys DEVICE=C:\WINDOWS\HIMEM.SYS DEVICE=C:\WINDOWS\EMM386.exe RAM DOS=HIGH,UMB --------------------- C:\WINDOWS\WINSTART.BAT listing: *File not found* --------------------- C:\WINDOWS\DOSSTART.BAT listing: echo off REM Notes: REM DOSSTART.BAT is run whenenver you choose "Restart the computer REM in MS-DOS mode" from the Shutdown menu in Windows. It allows REM you to load programs that you might not want loaded in Windows, REM (because they have functional equivalents) but that you do REM want loaded under MS-DOS. The two primary candidates for REM this are MSCDEX and a real mode driver for the mouse you ship REM with your system. Commands that you want present in both Windows REM and MS-DOS should be placed in the Autoexec.bat in the REM \Image directory of your reference server. Please note that for REM MSCDEX you will need to load the corresponding real-mode CD REM driver in Config.sys. This driver won't be used by Windows 98 REM but will be available prior to and after Windows 98 exits. REM REM This file is also helpful if you want to F8 boot into MS-DOS 7.0 REM before Windows loads and access the CD-ROM. All you have to do REM is press F8 and then run DOSSTART to load MSCDEX and your real REM mode mouse driver (no need to remember the command line parameters REM for these two files. REM REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX. REM - The string following the /D: statement must explicitly match REM the string in CONFIG.SYS following your CD-ROM device driver. rem MSCDEX.exe /D:IBMCD001 /l:g /m:8 mouse.exe ECHO Type "EXIT" to return to Windows C:\essolo.com --------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden --------------------- Verifying REGEDIT.exe integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed --------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F} --------------------- Enumerating Task Scheduler jobs: Windows Critical Update Notification.job --------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [DirectAnimation Java Classes] OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Internet Explorer Classes for Java] CODEBASE = file://c:\windows\SYSTEM\iejava.cab OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/R970/V31Controls/x86/w98/en/actsetup.cab [{32564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX CODEBASE = http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab [McFreeScan Class] InProcServer32 = C:\WINDOWS\MCAFEE.COM\FREESCAN\MCFSCAN.DLL CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4343/mcfscan.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab [CRAVOnline Object] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38072.3950810185 [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab [PPSDKActiveXScanner.MainScreen] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PPSDKACTIVEXSCANNER.OCX CODEBASE = http://www.pestscan.com/scanner/axscanner.cab --------------------- Enumerating Winsock LSP files: NameSpace #1: c:\windows\SYSTEM\rnr20.dll Protocol #1: c:\windows\SYSTEM\mswsosp.dll Protocol #2: c:\windows\SYSTEM\msafd.dll Protocol #3: c:\windows\SYSTEM\msafd.dll Protocol #4: c:\windows\SYSTEM\msafd.dll Protocol #5: c:\windows\SYSTEM\rsvpsp.dll Protocol #6: c:\windows\SYSTEM\rsvpsp.dll --------------------- Enumerating Win9x VxD services: VNETSUP: vnetsup.vxd NDIS: ndis.vxd,ndis2sup.vxd JAVASUP: JAVASUP.VXD CONFIGMG: *CONFIGMG VWIN32: *VWIN32 VFBACKUP: *VFBACKUP VCOMM: *VCOMM IFSMGR: *IFSMGR IOS: *IOS MTRR: *mtrr SPOOLER: *SPOOLER UDF: *UDF VFAT: *VFAT VCACHE: *VCACHE VCOND: *VCOND VCDFSD: *VCDFSD VXDLDR: *VXDLDR VDEF: *VDEF VPICD: *VPICD VTD: *VTD REBOOT: *REBOOT VDMAD: *VDMAD VSD: *VSD V86MMGR: *V86MMGR PAGESWAP: *PAGESWAP DOSMGR: *DOSMGR VMPOLL: *VMPOLL SHELL: *SHELL PARITY: *PARITY BIOSXLAT: *BIOSXLAT VMCPD: *VMCPD VTDAPI: *VTDAPI PERF: *PERF VRTWD: c:\windows\SYSTEM\vrtwd.386 VFIXD: c:\windows\SYSTEM\vfixd.vxd VNETBIOS: vnetbios.vxd VREDIR: (no file) DFS: dfs.vxd NWREDIR: (no file) NWLink: (no file) NSCL: (no file) NDISWAN: ndiswan.vxd MSODISUP: (no file) TURBOVBF: TURBOVBF.VXD --------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL --------------------- End of report, 24,855 bytes Report generated in 1.433 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

0

Rune The startup won't show what I need...since you cant get hijack to run in regular mode... Go back to msconfig, check everything in there, restart in safe mode...run hijack again, save the log in same folder as hijackthis, and post hijack log (once in regular mode). All the startups will list but they won't load in safe mode. Safe mode only loads whatever is absolutely necessary to start windows. Office apps, antivirus, firewall, won't load as well as any advanced drivers...just the basics are loaded. You can uncheck whatever you need to run in regular mode after...I just need to see what is loading and what was disabled...Then I will have better a better idea what needs to be done. Something else while we are at it I want to rule out... When online start a fresh instance of IE and paste the bold text in the IE address bar and post results that get displayed: Then hit enter. javascript:navigator.userAgent Thanks. _________________________________________ I never give up! Windows Update

0

Blender, I got HijackThis to run in Normal/Regular mode with everything checked. It took a while for it to finally load but here is the list: StartupList version: 1.52 Started from : C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS.exe Detected: Windows 98 Gold (Win9x 4.10.1998) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\CSAFE\AUTOCHK.exe C:\WINDOWS\SYSTEM\LEXBCES.exe C:\WINDOWS\SYSTEM\RPCSS.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.exe C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.exe C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\All Users\Start Menu\Programs\StartUp] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme TaskMonitor = c:\windows\taskmon.exe ConfigSafe = C:\CSAFE\AUTOCHK.exe AtiKey = Atitask.exe CriticalUpdate = c:\windows\SYSTEM\wucrtupd.exe -startup LexStart = lexstart.exe AtiCwd32 = Aticwd32.exe AtiPTA = Atiptaxx.exe Tweak UI = RUNDLL32.exe TWEAKUI.CPL,TweakMeUp Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET ESSOLO = ESSOLO.exe ScanRegistry = c:\windows\scanregw.exe /autorun SystemTray = SysTray.exe Lexmark X1100 Series = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices SchedulingAgent = mstask.exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Tweak UI = RUNDLL32.exe TWEAKUI.CPL,TweakLogon --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S --------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\SYSTEM\MSHTA.exe "%1" %* --------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [SetupcPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf [AppletsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf [FontsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf [{5A8D6EE0-3E18-11D0-821E-444553540000}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36 [PerUser_ICW_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} [{89820200-ECBD-11cf-8B85-00AA005B4395}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] * StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [PerUser_Msinfo] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf [PerUser_Msinfo2] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf [MotownMmsysPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf [MotownAvivideoPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf [PerUser_Base] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf [ShellPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf [Shell2PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf [PerUser_winbase_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf [PerUser_winapps_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf [PerUser_LinkBar_URLs] * StubPath = c:\windows\COMMAND\sulfnbk.exe /L [TapiPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf [PerUserOldLinks] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf [MmoptRegisterPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf [OlsPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf [PerUser_Paint_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf [PerUser_Calc_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf [PerUser_dxxspace_Links] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf [PerUser_MSBackup_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf [PerUser_CVT_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf [PerUser_Enable_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf [MotownRecPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf [PerUser_Vol] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf [MotownMPlayPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\motown.inf [PerUser_MSWordPad_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf [PerUser_RNA_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf [PerUser_Wingames_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Sysmon_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Sysmeter_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf [PerUser_netwatch_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf [PerUser_CharMap_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Onlinelnks_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf [PerUser_Dialer_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [PerUser_ClipBrd_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf [{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxprs16.inf,PerUserStub [MmoptMusicaPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf [MmoptJunglePerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf [MmoptRobotzPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf [MmoptUtopiaPerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf [PerUser_CDPlayer_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 [OlsAolPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\windows\INF\ols.inf [OlsAttPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\windows\INF\ols.inf [OlsCompuservePerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\windows\INF\ols.inf [OlsProdigyPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\windows\INF\ols.inf [OlsMsnPerUser] StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUserRemove 64 c:\windows\INF\ols.inf [Shell3PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf [Theme_Windows_PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf [Theme_MoreWindows_PerUser] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exeadvpack.dll [>IEPerUser] * StubPath = RUNDLL32.exe IEDKCS32.DLL,BrandIE4 SIGNUP [Chlen-us] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub [PerUser_DCC_Inis] * StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02} [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfldrs.inf,PerUserStub.Install,1 [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserRemove [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP --------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* --------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll --------------------- Checking for EXPLORER.exe instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present --------------------- C:\WINDOWS\WININIT.INI listing: *File not found* --------------------- C:\WINDOWS\WININIT.BAK listing: (Created 28/3/2004, 22:55:46) [rename] NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp --------------------- C:\AUTOEXEC.BAT listing: rem - By Windows 98 Network - c:\windows\net start rem - By Windows 98 Network - c:\windows\net start rem - By Windows 98 Network for Netware Upgrade - c:\windows\lsl.com rem - By Windows 98 Network - c:\windows\net start C:\PROGRA~1\NORTON~1\NAVDX.exe /Startup ECHO OFF PATH=c:\windows;c:\windows\command;c:\ibmtools;c:\; LH DOSKEY rem - By Windows 98 Network for Netware Upgrade - c:\windows\odihlp.exe C:\essolo.com --------------------- C:\CONFIG.SYS listing: DEVICE=C:\essolo.sys DEVICE=C:\WINDOWS\HIMEM.SYS DEVICE=C:\WINDOWS\EMM386.exe RAM DOS=HIGH,UMB --------------------- C:\WINDOWS\WINSTART.BAT listing: *File not found* --------------------- C:\WINDOWS\DOSSTART.BAT listing: echo off REM Notes: REM DOSSTART.BAT is run whenenver you choose "Restart the computer REM in MS-DOS mode" from the Shutdown menu in Windows. It allows REM you to load programs that you might not want loaded in Windows, REM (because they have functional equivalents) but that you do REM want loaded under MS-DOS. The two primary candidates for REM this are MSCDEX and a real mode driver for the mouse you ship REM with your system. Commands that you want present in both Windows REM and MS-DOS should be placed in the Autoexec.bat in the REM \Image directory of your reference server. Please note that for REM MSCDEX you will need to load the corresponding real-mode CD REM driver in Config.sys. This driver won't be used by Windows 98 REM but will be available prior to and after Windows 98 exits. REM REM This file is also helpful if you want to F8 boot into MS-DOS 7.0 REM before Windows loads and access the CD-ROM. All you have to do REM is press F8 and then run DOSSTART to load MSCDEX and your real REM mode mouse driver (no need to remember the command line parameters REM for these two files. REM REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX. REM - The string following the /D: statement must explicitly match REM the string in CONFIG.SYS following your CD-ROM device driver. rem MSCDEX.exe /D:IBMCD001 /l:g /m:8 mouse.exe ECHO Type "EXIT" to return to Windows C:\essolo.com --------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden --------------------- Verifying REGEDIT.exe integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed --------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F} --------------------- Enumerating Task Scheduler jobs: Windows Critical Update Notification.job --------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [DirectAnimation Java Classes] OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Internet Explorer Classes for Java] CODEBASE = file://c:\windows\SYSTEM\iejava.cab OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/R970/V31Controls/x86/w98/en/actsetup.cab [{32564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX CODEBASE = http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab [McFreeScan Class] InProcServer32 = C:\WINDOWS\MCAFEE.COM\FREESCAN\MCFSCAN.DLL CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4343/mcfscan.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab [CRAVOnline Object] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38072.3950810185 [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab [PPSDKActiveXScanner.MainScreen] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PPSDKACTIVEXSCANNER.OCX CODEBASE = http://www.pestscan.com/scanner/axscanner.cab --------------------- Enumerating Winsock LSP files: NameSpace #1: c:\windows\SYSTEM\rnr20.dll Protocol #1: c:\windows\SYSTEM\mswsosp.dll Protocol #2: c:\windows\SYSTEM\msafd.dll Protocol #3: c:\windows\SYSTEM\msafd.dll Protocol #4: c:\windows\SYSTEM\msafd.dll Protocol #5: c:\windows\SYSTEM\rsvpsp.dll Protocol #6: c:\windows\SYSTEM\rsvpsp.dll --------------------- Enumerating Win9x VxD services: VNETSUP: vnetsup.vxd NDIS: ndis.vxd,ndis2sup.vxd JAVASUP: JAVASUP.VXD CONFIGMG: *CONFIGMG VWIN32: *VWIN32 VFBACKUP: *VFBACKUP VCOMM: *VCOMM IFSMGR: *IFSMGR IOS: *IOS MTRR: *mtrr SPOOLER: *SPOOLER UDF: *UDF VFAT: *VFAT VCACHE: *VCACHE VCOND: *VCOND VCDFSD: *VCDFSD VXDLDR: *VXDLDR VDEF: *VDEF VPICD: *VPICD VTD: *VTD REBOOT: *REBOOT VDMAD: *VDMAD VSD: *VSD V86MMGR: *V86MMGR PAGESWAP: *PAGESWAP DOSMGR: *DOSMGR VMPOLL: *VMPOLL SHELL: *SHELL PARITY: *PARITY BIOSXLAT: *BIOSXLAT VMCPD: *VMCPD VTDAPI: *VTDAPI PERF: *PERF VRTWD: c:\windows\SYSTEM\vrtwd.386 VFIXD: c:\windows\SYSTEM\vfixd.vxd VNETBIOS: vnetbios.vxd VREDIR: (no file) DFS: dfs.vxd NWREDIR: (no file) NWLink: (no file) NSCL: (no file) NDISWAN: ndiswan.vxd MSODISUP: (no file) TURBOVBF: TURBOVBF.VXD --------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL --------------------- End of report, 26,148 bytes Report generated in 2.414 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only I pasted that address into IE and this is the result: Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98). Not sure what all this means? But I appreciate any expert insight.

0

Sidenote; I opened IExplorer and my homepage has been changed to the Windows Update site. I believe it is the real one. This is the second time it has happened. Someone above trying to tell me something. I've dowloaded all the critical updates, except the ones for Media Player 7.1, I have 6.4 installed and don't want to upgrade right now. No apparent ill effect, I just set it back to what it was...

0

Thank you all for helping me. I believe I found the problem, or lack thereof. Although there were funny coincidences with my Homepage changing, and Spybot not immunizing, the problem was that my Norton Anti-virus was autoscanning the CWShredder and HijackThis, thus slowing them down or causing them to hang. When I would run an Online scan, I would disable my Norton but it would turn back on after a restart. Duh.... Thank you all again.

0