# Any blue screen experts??? HELP!!!!!!!!!



## Mikumber (Aug 21, 2002)

My computer keeps restarting when I try to boot up. Sometimes it restarts sometimes I just get my windows wallpaper with green vertical lines at the top

I have got a couple blue screens of death.

A fatal exception 0E has occured at 0028:CO25ICA0 in VxD
VXDLDR(08) + 00000EF4 The current application will be terminated.

Then:

An exception 0E has occured at 0028:C000220E in VxD VMM(01) + 0000120E. This was called from 0028:C11638D3 in VxD DRVWQ1177(01) + 0000E483.

I also keep getting msnmsgnr errors.

Here is my start up list:

StartupList version: 1.50
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETZIP CLASSIC\NZFPROP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\MSN\MSNIA\DSLMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
DLHelperEXE.exe
PowerReg Scheduler.exe
Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CountrySelection = pctptt.exe
PTSNOOP = ptsnoop.exe
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
LexStart = Lexstart.exe
LexmarkPrinTray = PrinTray.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
NetZIPFolders = C:\Program Files\Netzip Classic\nzfprop.exe /startup
BookmarkCentral = C:\PROGRA~1\BMCENT~1\BMLauncher.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
C-Media Mixer = Mixer.exe /startup
Evidence Eliminator = C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
DSL Connection Tool = C:\Program Files\MSN\MSNIA\dslmon.exe
LoadQM = loadqm.exe
ClrSchLoader = \Program Files\ClearSearch\Loader.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
IST Service = C:\Program Files\ISTsvc\istsvc.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
Pop-Up Stopper = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Washer = C:\Program Files\Washer\washer.exe /0
winlogon = c:\windows\winlogon.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ContentService = C:\WINDOWS\SYSTEM\winservn.exe
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

washindex = C:\Program Files\Washer\washidx.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 23/7/2003, 17:40:22)

[Rename]
C:\PROGRA~1\NORTON~1\NAVPROD.DLL=C:\PROGRA~1\NORTON~1\NAV5D0F.TMP
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EX^
C:\WINDOWS\SYSTEM\CCPASSWD.DLL=C:\WINDOWS\SYSTEM\CCPASSWD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EX^
C:\WINDOWS\SYSTEM\CCTRUST.DLL=C:\WINDOWS\SYSTEM\CCTRUST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DL^

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\TEMP\BPJM.DLL (file missing) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA5}
OsbornTech Popup Blocker - C:\WINDOWS\SYSTEM\BHO\BHO.DLL - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
Clear Search - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Windows Critical Update Notification.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Skilljam Game Player Object]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SSP.OCX
CODEBASE = http://cashgames.skilljam.com/ssp/SSP.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLO~1\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
CODEBASE = http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[SecureLogin.SecureControl]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVESECURITY.OCX
CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VIDEOX.DLL
CODEBASE = http://streamp.babenet.com/cabs/videox.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/126e5c8787bf5e09f221/netzip/RdxIE2.cab

[{94742E3F-D9A1-4780-9A87-2FFA43655DA2}]
InProcServer32 = C:\WINDOWS\SYSTEM\EGDIAL.DLL
CODEBASE = http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab

[PdpPi Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PDPPLUGIN5094.DLL
CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37822.7260648148

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------
End of report, 12,326 bytes
Report generated in 1.412 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I have been out of town for two months. I come back and nothing works.

Any help??


----------



## Rollin' Rog (Dec 9, 2000)

You have two, probably, unrelated problems showing there. One is the startup vxd errors, possibly the result of a conflict. We might be able to resolve that if you follow these directions:

find each of the following files and rename them with .bak or .old extensions.

drvwq117.vxd
drvwppqt.vxd
drvwcdb.vxd

These files are in the c:\windows\system\iosubsys directory

For example, rename drvwq117.vxd to drvwq117.bak

etc...

These vxd's relate to the Microsoft TapeBackup utility and are not required for loading.

The other one (VXDLDR) may be required, and we can't rename it anyway because it loads from the vmm32 file, which is a compressed set of vxds that must be created duing a Windows install.

The second set of problems is more clearly addressable: spy and advertising ware.

You will need to post a HijackThis Scanlog though:

http://www.tomcoyote.org/hjt/

You will also be asked to install, Update, and run Spybot:

http://tomcoyote.org/SPYBOT/


----------



## Mikumber (Aug 21, 2002)

Thank you 

How do I get to C:\windows\system\iosubsys....????


----------



## Rollin' Rog (Dec 9, 2000)

You could just navigate there through Windows Explorer or My Computer.

Another way to approach it is to open a Windows DOS prompt:

Start>Run *command*

At the commmand prompt type and ENTER each bold line:

*cd c:\windows\system\iosubsys*

You should now see c:\windows\system\iosubsys>

*ren drvwq117.vxd drvwq117.bak
ren drvwppqt.vxd drvwppqt.bak
ren drvwcdb.vxd drvwcdb.bak*

If you don't get any error messages the rename commands found and renamed the files successfully.


----------



## Mikumber (Aug 21, 2002)

Thanks Rollin Roq

Please be patient with me. I am a computer moron.

You will have to take me through it step by step.

I tried to get into DOS, it didnt work, probally because I was doing it wrong, and it took me 10 min to boot back up.

Small steps please.

Mike


----------



## Rollin' Rog (Dec 9, 2000)

How did you try to get into DOS? This can be done from a "Windows" DOS prompt.

If you click Start, then Run and enter *command* you should get the DOS window. Is that where you went astray, or was it in entering the commands from the DOS window? You can also open the MS-DOS prompt from the shortcut in the Programs menu.

Anyway, in the meantime, please post that HijackThis Scanlog, we need to get some of those bad applications out of there.


----------



## Mikumber (Aug 21, 2002)

I went in a renamed those files in DOS

Here it the list:

Scan saved at 1:46:12 PM, on 7/24/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\NETZIP CLASSIC\NZFPROP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\MSN\MSNIA\DSLMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\WINLOGON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
C:\PROGRAM FILES\KAZAA LITE\KAZAA.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=129218
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=129218
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=129218
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=129218
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: Adult Search - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - C:\WINDOWS\SYSTEM32\QABAR.DLL
O1 - Hosts: 1123694712 auto.search.msn.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA5} - C:\WINDOWS\TEMP\BPJM.DLL (file missing)
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\SYSTEM\BHO\BHO.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\SYSTEM32\QABAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NetZIPFolders] C:\Program Files\Netzip Classic\nzfprop.exe /startup
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: DLHelperEXE.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Real.com (HKLM)
O15 - Trusted Zone: *.msn.com
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://cashgames.skilljam.com/ssp/SSP.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Checkers (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/126e5c8787bf5e09f221/netzip/RdxIE2.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37822.7260648148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: DigiChat Applet (Shockwave Flash Object) - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab


----------



## Rollin' Rog (Dec 9, 2000)

You do have a lot of "hijack" stuff in the log.

Check these entries in HijackThis, close IE and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=129218
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=129218
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=129218
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html

R3 - URLSearchHook: Adult Search - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - C:\WINDOWS\SYSTEM32\QABAR.DLL
O1 - Hosts: 1123694712 auto.search.msn.com

O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA5} - C:\WINDOWS\TEMP\BPJM.DLL (file missing)

O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL

O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\SYSTEM32\QABAR.DLL

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL

O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe

O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe

O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download...ptdmgainads.cab

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

Reboot afterwards.

Finally and VERY important: install, UPDATE, and run Spybot following directions here:

http://tomcoyote.org/SPYBOT/

You should post another Scanlog after completing the above steps.


----------



## Guest (Jul 24, 2003)

HOW TO TROUBLESHOOT WINDOWS INTERNAL STACK OVERFLOW ERROR MESSAGES
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q145799

ERROR_MESSAGE:_THERE_ARE_NO_SPARE_STACK_PAGES
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q149083

http://aumha.org/a/kernel32.htm KERNEL32.DLL/KERNL386.EXE_ERRORS

WINDOWS ARTICLE http://forums.techguy.org/t147287/s.html WIN ME/98. Scroll down page.
REFERENCE PAGE http://forums.techguy.org/showthread.php?s=&postid=973946#post973946
REMOVING BLOAT FILES http://forums.techguy.org/t147727/s.html


----------



## Mikumber (Aug 21, 2002)

removed what you said and ran spybot

New List:

Scan saved at 4:15:50 PM, on 7/24/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETZIP CLASSIC\NZFPROP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\MSN\MSNIA\DSLMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NetZIPFolders] C:\Program Files\Netzip Classic\nzfprop.exe /startup
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: DLHelperEXE.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Real.com (HKLM)
O15 - Trusted Zone: *.msn.com
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://cashgames.skilljam.com/ssp/SSP.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Checkers (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/126e5c8787bf5e09f221/netzip/RdxIE2.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37822.7260648148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: DigiChat Applet (Shockwave Flash Object) - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab


----------



## Mikumber (Aug 21, 2002)

One more question?

What about all the backup files from hijack? Should I delete them?


----------



## Rollin' Rog (Dec 9, 2000)

We missed this, check and delete with HijackThis:

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

After that you look good to go; are you encountering errors still?

I would save the HijackThis backups at least for a while, there is no reason to delete them. That way if we inadvertantly remove something you need (I'm 99.99 % certain we haven't), it could restored.

I would also recommend you review the remaining 
'04' entries in the HijackThis Scanlog, NOT for deleting with HijackThis, but for UNchecking in msconfig to optimize your startup profile.

You can use these two links to guide you through the process.

http://www2.whidbey.com/djdenham/index.htm

http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM


----------

