i think i may have a virus. a trojan horse possibly. i m starting to get random programms that im pretty sure are being dl from the net at boot up i ran norton ad aware and spybot but did not fix the strange thing is that xplorer is trying to access the net on start up which hasnt happned before here is a highjack this file log Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe C:\WINDOWS\SYSTEM\MSDTCW.exe C:\WINDOWS\SYSTEM\RPCSS.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\MIXER.exe C:\WINDOWS\SYSTEM\PWSTRAY.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\SYSTEM\MDM.exe C:\WINDOWS\SYSTEM\SXGTKBAR.exe C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe C:\WINDOWS\SYSTEM\QTTASK.exe C:\PROGRAM FILES\AIM95\AIM.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe C:\PROGRAM FILES\ROAD RUNNER\MEDIC\RRMEDIC.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe C:\WINDOWS\SYSTEM\E_S10IC2.exe C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.exe C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.exe C:\WINDOWS\SYSTEM\INTERNAT.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\WINDOWS\TEMP\TB_SETUP.exe C:\SCOTT\MY SHARED FOLDER\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O1 - Hosts: 216.93.168.167 sitefinder.verisign.com O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\CCHELPER.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {A5D90A40-F512-11D7-99F1-0030DB00061B} - C:\WINDOWS\SYSTEM\MSSHIP32.DLL O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\POPUPPRO.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [PWSTray] PwsTray.exe O4 - HKLM\..\Run: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.exe O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\BS3.DLL,DllRun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\Run: [TB_setup] C:\WINDOWS\TEMP\TB_SETUP.exe /dcheck O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.exe O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Download with &DAP - C:\SIERRA\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\SIERRA\DAP\dapextie2.htm O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: AdsGone (HKLM) O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .nwc: C:\Program Files\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\VSTUDIO6.CAB O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\WFCFORMS.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: Yahoo! Chat (ScorchPlugin Class) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs7.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.6602430556 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.norton.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web660.cab O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab O16 - DPF: {9D3676C7-5297-45BB-8124-5A76D95DBB1F} (shizmoo2 Class) - http://www.kungfuchess.com/activex/web2_39.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09509ce90ff08afbeb01/netzip/RdxIE601.cab O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB

Hi chaos_mage, Can you email me zipped copies of these files to analyze? Click my name for the email addy. C:\WINDOWS\SYSTEM\MSSHIP32.DLL C:\WINDOWS\TEMP\TB_SETUP.exe Run HT again and check the following items. Next, close all browser Windows, and have HT fix all checked. You NEED to restart your computer when you're done. O1 - Hosts: 216.93.168.167 sitefinder.verisign.com O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {A5D90A40-F512-11D7-99F1-0030DB00061B} - C:\WINDOWS\SYSTEM\MSSHIP32.DLL O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\BS3.DLL,DllRun O4 - HKLM\..\Run: [TB_setup] C:\WINDOWS\TEMP\TB_SETUP.exe /dcheck O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

Wow u guys reply fast thx for the advice and the files should be on their way

Thanks for the files! TB_SETUP.EXE is the parasite Huntbar MSSHIP32.DLL is the parasite AdGoblin. Empty the contents of C:\Windows\Temp.

hey thx for the help those things were startin to scare me a bit thought i might of had a major problem

Hi chaos_mage, Tom41, hi everyone, Tom41... congratulations! Wow! Have a good day, Gérard from Paris, France

I think i have a virus. When i boot up i get 2 pop ups 1. says MISSING PSAPI.DLL the other says CAN NOT IMPORT SYS.REG plus i can not down load anything it says something about FDAAGENT or tells me FDA caused an invalid page fault in module FDA.exe at 0177:004ac848. Registers: EAX=fffeb7f4 CS=0177 EIP=004ac848 EFLGS=00010293 EBX=5ffcf200 SS=017f ESP=006dfe18 EBP=fffeb7f4 ECX=00000005 DS=017f ESI=0047103c FS=5df7 EDX=003ec84c ES=017f EDI=00401058 GS=0000 Bytes at CS:EIP: 8b 02 83 c2 04 89 07 83 c7 04 83 e9 04 77 f1 01 Stack dump: 00401000 00000000 004002f3 006dff78 006dfe3c 00000000 819c8840 c1508674 004002e1 bff8b560 00000000 819c87e0 005d0000 00616446 00455845 00000000 SOMEONE PLEASE HELP!!!!!!!!!