# Please help with hijackthis log file



## Tidal531 (Jul 9, 2004)

Hi,I know this post was really old, like over 6 months i thinkhttp://tsgstatus.com/images/icon/icon8.gif
Angry....but i found it on google, and since i have no idea where else to post....i hope you guys will see my reply and help me if u can....
i have several problems, like internet explorer and windows media not working, and im getting this msgsrv32.dll error when i start my computer, but still my comp runs good. i have also 3 programs which i dont want and i dont know what they are either:
-Home Search Assistent
-Search Extender
-Shopping Wizard
i never installed them and they wont let me unistall them...but still....yes still.....my computer works good and i can play games as usual.....
so....i hand you my log file...and hope it helps you understand my problems....
thanks in advance!http://tsgstatus.com/images/icon/icon7.gif
Smile

Logfile of HijackThis v1.98.0
Scan saved at 21:06:00, on 2004-07-08
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\IEAM32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MFCCJ.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Class - {ECC0D04B-CF16-41F3-41E7-A47DD78CD1C6} - C:\WINDOWS\SYSTEM\WINDI32.DLL (file missing)
O2 - BHO: Class - {779FA16D-4B4C-6B34-1993-61C2FD1EBB35} - C:\WINDOWS\SYSTEM\APIEG32.DLL (file missing)
O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL
O2 - BHO: (no name) - {A4066A11-8723-4C45-B64F-088D0A314D67} - C:\WINDOWS\SYSTEM\MBLOAAA.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MFCCJ.EXE] C:\WINDOWS\SYSTEM\MFCCJ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [ATLOP.EXE] C:\WINDOWS\SYSTEM\ATLOP.EXE
O4 - HKLM\..\RunServices: [NTGX32.EXE] C:\WINDOWS\NTGX32.EXE
O4 - HKLM\..\RunServices: [WINBY32.EXE] C:\WINDOWS\WINBY32.EXE
O4 - HKLM\..\RunServices: [IEAM32.EXE] C:\WINDOWS\IEAM32.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL


----------



## Tidal531 (Jul 9, 2004)

Tidal531 said:


> Hi,I know this post was really old, like over 6 months i think
> 
> ....but i found it on google, and since i have no idea where else to post....i hope you guys will see my reply and help me if u can....
> i have several problems, like internet explorer and windows media not working, and im getting this msgsrv32.dll error when i start my computer, but still my comp runs good. i have also 3 programs which i dont want and i dont know what they are either:
> ...


----------



## Tidal531 (Jul 9, 2004)

windows uptade is up to date...but i dont know how to post a new one.....how do i post a new topic?!


----------



## Flrman1 (Jul 26, 2002)

Hi Tidal531 

Welcome to TSG! 

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.


----------



## Flrman1 (Jul 26, 2002)

Download StartDreck from: http://www.niksoft.at/_data/startdreck.zip

UnZip the startdreck.zip file first. DoubleClick: 'StartDreck.exe' 
First click on the *config* button. 
Now click the *Unmark all* button 
Put a check by these boxes only: 
*Registry->run keys 
*Registry->Browser helper objects 
*System/drivers> Running processes 
hit >ok.

Now click the *Save* button to save that log.

Copy and Paste the contents of that log back here and await further instructions.


----------



## Tidal531 (Jul 9, 2004)

anoter prob i have also that i didnt mention is that i cant create new folders....i can copy another one and delete everything in it.....but it's just annoying....

here is what the save file looks like:

StartDreck (build 2.1.5 public BETA) - 2004-07-09 @ 07:18:10
Platform: Windows ME (Win 4.90.3000 )

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Default User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Local Machine
»Run
*SystemTray=SysTray.Exe
*POINTER=point32.exe
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*LoadQM=loadqm.exe
*LXSUPMON=C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
*Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*MFCCJ.EXE=C:\WINDOWS\SYSTEM\MFCCJ.EXE
*devldr16.exe=C:\WINDOWS\SYSTEM\devldr16.exe
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
»RunOnce
»RunServices
*WMLAN54G.exe=C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*SchedulingAgent=mstask.exe
*ScriptBlocking="C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
*NVSvc=C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
*ATLOP.EXE=C:\WINDOWS\SYSTEM\ATLOP.EXE
*NTGX32.EXE=C:\WINDOWS\NTGX32.EXE
*WINBY32.EXE=C:\WINDOWS\WINBY32.EXE
*IEAM32.EXE=C:\WINDOWS\IEAM32.EXE
»RunServicesOnce
**g=rundll32 C:\WINDOWS\SYSTEM\RES.DLL,StreamingDeviceSetup
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*{00000010-6F7D-442C-93E3-4A4827C2E4C8}
`InprocServer32=
*Class/{ECC0D04B-CF16-41F3-41E7-A47DD78CD1C6}
`InprocServer32=C:\WINDOWS\SYSTEM\WINDI32.DLL
*Class/{779FA16D-4B4C-6B34-1993-61C2FD1EBB35}
`InprocServer32=C:\WINDOWS\SYSTEM\APIEG32.DLL
*Class/{6BEDB588-8705-AA0B-BFA3-5AF1BD56824B}
`InprocServer32=C:\WINDOWS\SYSTEM\JAVALB32.DLL
*{1BC8F8C8-0056-4B40-A860-1C002E4814A3}
`InprocServer32=C:\WINDOWS\SYSTEM\GEKM.DLL
»Files
»System/Drivers
»Running Processes
*FFCF1A7D=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF5CE1=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFFF131=C:\WINDOWS\SYSTEM\DEVLDR16.EXE
*FFFE2D59=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFE271D=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE17ED=C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
*FFFEAD25=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFE8091=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFEDE9D=C:\WINDOWS\SYSTEM\NVSVC.EXE
*FFFDB315=C:\WINDOWS\EXPLORER.EXE
*FFFDEAAD=C:\WINDOWS\RUNDLL32.EXE
*FFFC2D69=C:\WINDOWS\IEAM32.EXE
*FFFC4381=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFBDCF1=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
*FFFDCBB1=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFFB7E11=C:\WINDOWS\LOADQM.EXE
*FFFAF7F9=C:\WINDOWS\SYSTEM\LXSUPMON.EXE
*FFF96E55=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*FFF95BF5=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFFBB709=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFF88125=C:\WINDOWS\RUNDLL32.EXE
*FFF891AD=C:\WINDOWS\SYSTEM\MFCCJ.EXE
*FFF95199=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFF78049=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
*FFF552A9=C:\WINDOWS\BUREAU\NOUVEAU DOSSIER\STARTDRECK.EXE
»Application specific


----------



## Flrman1 (Jul 26, 2002)

First Click here to download CWShredder. *Do Not* run it yet. Download it to the desktop and have it ready to run later.

Now download the Win98Fix.zip from here:

http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

You *must* UnZip it first. Open the Win98Fix folder that you just extracted and doubleclick on the *RunFix.reg* file inside. Answer "Yes" when asked if you want to add it's contents to the registry.

*Restart your computer*

Now restart again into safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\WINDOWS\SYSTEM\*RES.DLL* file

Finally, run CWShredder. Just click on the cwshredder.exe then click *"Fix" (Not "Scan only")* and let it do it's thing.

Boot back to normal and run StartDreck again as you did before and post another log from it and another Hijack This log.


----------



## Tidal531 (Jul 9, 2004)

CW shredder is downloaded as asked, but win98fix.zip is missing it says when i try to download it, do you know any other links ?


----------



## Flrman1 (Jul 26, 2002)

Here you go:

http://www10.brinkster.com/expl0iter/freeatlast/Win98Fix.zip


----------



## Tidal531 (Jul 9, 2004)

theres one good new! msgsrv32.dll error didnt show when i rebooted with the regisrty....and theres one little problem....humm...my computer is in french....and i dont know the terms in english....i tried to get it...but i dont know where this is suppose to lead me in...

click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

if you know the french terms they use, that would be awesome!

thx already!


----------



## Flrman1 (Jul 26, 2002)

I really can't help you there. I don't know French, but you may not need to concern yourself with that part. The file might be visible without that setting.


----------



## Tidal531 (Jul 9, 2004)

startdreck, do i let it as it is basically or do i have to uncheck stuff like earlier, well i ran it default and here is the log, followed by hijackthis log , then i pasted what CWShredder gave me as result.

startdreck:

StartDreck (build 2.1.5 public BETA) - 2004-07-09 @ 22:50:15
Platform: Windows ME (Win 4.90.3000 )

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Default User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Local Machine
»Run
*SystemTray=SysTray.Exe
*POINTER=point32.exe
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*LoadQM=loadqm.exe
*LXSUPMON=C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
*Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*MFCCJ.EXE=C:\WINDOWS\SYSTEM\MFCCJ.EXE
*devldr16.exe=C:\WINDOWS\SYSTEM\devldr16.exe
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
»RunOnce
»RunServices
*WMLAN54G.exe=C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*SchedulingAgent=mstask.exe
*ScriptBlocking="C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
*NVSvc=C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
*ATLOP.EXE=C:\WINDOWS\SYSTEM\ATLOP.EXE
*NTGX32.EXE=C:\WINDOWS\NTGX32.EXE
*WINBY32.EXE=C:\WINDOWS\WINBY32.EXE
*IEAM32.EXE=C:\WINDOWS\IEAM32.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
*.bat
*batfile="%1" %*
*.com
*comfile="%1" %*
*.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" %1
*.exe
*exefile="%1" %*
*.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
*.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
*.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
*.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
*.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
*.pif
*piffile="%1" %*
*.scr
*scrfile="%1" /S
*.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
*.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
*.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
*.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
*.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
*.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*{00000010-6F7D-442C-93E3-4A4827C2E4C8}
`InprocServer32=
*Class/{ECC0D04B-CF16-41F3-41E7-A47DD78CD1C6}
`InprocServer32=C:\WINDOWS\SYSTEM\WINDI32.DLL
*Class/{779FA16D-4B4C-6B34-1993-61C2FD1EBB35}
`InprocServer32=C:\WINDOWS\SYSTEM\APIEG32.DLL
*Class/{6BEDB588-8705-AA0B-BFA3-5AF1BD56824B}
`InprocServer32=C:\WINDOWS\SYSTEM\JAVALB32.DLL
*{1BC8F8C8-0056-4B40-A860-1C002E4814A3}
`InprocServer32=C:\WINDOWS\SYSTEM\GEKM.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\WINDOWS\msdos.sys
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\winstart.bat
*C:\WINDOWS\dosstart.bat
*C:\WINDOWS\command\cmdinit.bat
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
*FFCF735B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF35C7=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF9817=C:\WINDOWS\SYSTEM\DEVLDR16.EXE
*FFFE447F=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFE4E3B=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE01DB=C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
*FFFE343B=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFEC343=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFE9AB3=C:\WINDOWS\SYSTEM\NVSVC.EXE
*FFFDCDA3=C:\WINDOWS\EXPLORER.EXE
*FFFDA593=C:\WINDOWS\IEAM32.EXE
*FFFCF743=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFC966B=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
*FFFB4727=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFFB5B9F=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFFB0A33=C:\WINDOWS\LOADQM.EXE
*FFFB3C63=C:\WINDOWS\SYSTEM\LXSUPMON.EXE
*FFFB97DB=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFFB99A3=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*FFFAE5CF=C:\WINDOWS\RUNDLL32.EXE
*FFF92C57=C:\WINDOWS\SYSTEM\MFCCJ.EXE
*FFFA2E2F=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFF8470F=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
*FFF89E5F=C:\WINDOWS\BUREAU\NOUVEAU DOSSIER\STARTDRECK.EXE
»NT Services
»Application specific

Hijackthis:

Logfile of HijackThis v1.98.0
Scan saved at 22:51:52, on 2004-07-09
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\IEAM32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MFCCJ.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Class - {ECC0D04B-CF16-41F3-41E7-A47DD78CD1C6} - C:\WINDOWS\SYSTEM\WINDI32.DLL (file missing)
O2 - BHO: Class - {779FA16D-4B4C-6B34-1993-61C2FD1EBB35} - C:\WINDOWS\SYSTEM\APIEG32.DLL (file missing)
O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL
O2 - BHO: (no name) - {1BC8F8C8-0056-4B40-A860-1C002E4814A3} - C:\WINDOWS\SYSTEM\GEKM.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MFCCJ.EXE] C:\WINDOWS\SYSTEM\MFCCJ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [ATLOP.EXE] C:\WINDOWS\SYSTEM\ATLOP.EXE
O4 - HKLM\..\RunServices: [NTGX32.EXE] C:\WINDOWS\NTGX32.EXE
O4 - HKLM\..\RunServices: [WINBY32.EXE] C:\WINDOWS\WINBY32.EXE
O4 - HKLM\..\RunServices: [IEAM32.EXE] C:\WINDOWS\IEAM32.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

CW Shredder:

Done!
Removed from your system:
- CWS.Smartsearch
- 6 infected IE registry values

Windows ME (4.90.3000 )
CWShredder v1.59.1

res.dll file was there even without the setting as you said


----------



## Flrman1 (Jul 26, 2002)

Run Hijack This again and put a check by these. Close *ALL* windows except HijackThis and click "Fix checked"

*R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: Class - {ECC0D04B-CF16-41F3-41E7-A47DD78CD1C6} - C:\WINDOWS\SYSTEM\WINDI32.DLL (file missing)

O2 - BHO: Class - {779FA16D-4B4C-6B34-1993-61C2FD1EBB35} - C:\WINDOWS\SYSTEM\APIEG32.DLL (file missing)

O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL

O2 - BHO: (no name) - {1BC8F8C8-0056-4B40-A860-1C002E4814A3} - C:\WINDOWS\SYSTEM\GEKM.DLL (file missing)

O4 - HKLM\..\Run: [MFCCJ.EXE] C:\WINDOWS\SYSTEM\MFCCJ.EXE

O4 - HKLM\..\RunServices: [ATLOP.EXE] C:\WINDOWS\SYSTEM\ATLOP.EXE

O4 - HKLM\..\RunServices: [NTGX32.EXE] C:\WINDOWS\NTGX32.EXE

O4 - HKLM\..\RunServices: [WINBY32.EXE] C:\WINDOWS\WINBY32.EXE

O4 - HKLM\..\RunServices: [IEAM32.EXE] C:\WINDOWS\IEAM32.EXE*

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer. 
Select the Tools menu and click Folder Options. 
Select the View Tab. 
Under the Hidden files and folders heading select Show hidden files and folders. 
Uncheck the Hide protected operating system files (recommended) option. 
Click Apply then OK. Click Yes to confirm.

Now find and delete these files:

C:\WINDOWS\SYSTEM\*MFCCJ.EXE*
C:\WINDOWS\SYSTEM\*ATLOP.EXE*
C:\WINDOWS\*NTGX32.EXE*
C:\WINDOWS\*WINBY32.EXE*
C:\WINDOWS\*IEAM32.EXE*

Empty the Recycle Bin.

Turn off System Restore:

Click Start, Settings, and then click Control Panel.
Double-click the System icon. The System Properties dialog box appears.

NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

Click the Performance tab, and then click File System.
Click the Troubleshooting tab, and then check Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.

Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.


----------



## Tidal531 (Jul 9, 2004)

I did all you said, but these were missing...

C:\WINDOWS\SYSTEM\ATLOP.EXE
C:\WINDOWS\NTGX32.EXE
C:\WINDOWS\WINBY32.EXE


----------



## Flrman1 (Jul 26, 2002)

Did you do the online virus scan? If so, did it find anything?

Post another log please.


----------



## Tidal531 (Jul 9, 2004)

yes it found 18 viruses which were not cleanable, and i deleted them all
I'm sorry i have to leave for 2 days, monday i'll come back to continu this computer cleanup process, i hope you can wait for me 2 days. 
monday i''m back here forever.

here are startdreck and hijackthis logs:

Logfile of HijackThis v1.98.0
Scan saved at 10:40:42, on 2004-07-10
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

StartDreck (build 2.1.5 public BETA) - 2004-07-10 @ 10:41:11
Platform: Windows ME (Win 4.90.3000 )

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Default User
»Run
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Local Machine
»Run
*SystemTray=SysTray.Exe
*POINTER=point32.exe
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*LoadQM=loadqm.exe
*LXSUPMON=C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
*Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*devldr16.exe=C:\WINDOWS\SYSTEM\devldr16.exe
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
»RunOnce
»RunServices
*WMLAN54G.exe=C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*SchedulingAgent=mstask.exe
*ScriptBlocking="C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
*NVSvc=C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
*.bat
*batfile="%1" %*
*.com
*comfile="%1" %*
*.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" %1
*.exe
*exefile="%1" %*
*.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
*.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
*.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
*.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
*.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
*.pif
*piffile="%1" %*
*.scr
*scrfile="%1" /S
*.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
*.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
*.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
*.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
*.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
*.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\WINDOWS\msdos.sys
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\winstart.bat
*C:\WINDOWS\dosstart.bat
*C:\WINDOWS\command\cmdinit.bat
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
*FFCF172B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF51B7=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF59AF=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFFFCE2F=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE440F=C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
*FFFEB50B=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFE8283=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFE986F=C:\WINDOWS\SYSTEM\NVSVC.EXE
*FFFD8EAB=C:\WINDOWS\SYSTEM\DEVLDR16.EXE
*FFFDC99F=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFFB0AF=C:\WINDOWS\EXPLORER.EXE
*FFFB4C33=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFBB097=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
*FFFBB37F=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFFBFA4B=C:\WINDOWS\LOADQM.EXE
*FFFBD137=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFFA12DF=C:\WINDOWS\SYSTEM\LXSUPMON.EXE
*FFFAB2FF=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*FFF947DB=C:\WINDOWS\RUNDLL32.EXE
*FFF8172B=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFF8FD2F=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
*FFF6F3CF=C:\WINDOWS\BUREAU\COMPREPAIR\STARTDRECK\STARTDRECK.EXE
»NT Services
»Application specific


----------



## Flrman1 (Jul 26, 2002)

The log is clean. Are you still having problems?


----------



## Tidal531 (Jul 9, 2004)

yeah some, the 3 programs i listed earlier are still in the install/remove list. i can still not create new folders in windows and i can still not enable the thumbnail view for pictures in folders...
mgsrv32 or something like that doesnt show anymore good news.
though this is new: my comp doesnt shut down correctly sometimes now...it just wont shut down.

Thats about it. thx in advance


----------



## Flrman1 (Jul 26, 2002)

Do you have your XP installation disk?


----------



## Tidal531 (Jul 9, 2004)

I have windows ME, and i only have recovery cds
not windows cds


----------



## Flrman1 (Jul 26, 2002)

Please tell me again exactly what the problem is. If you are getting error messages I need the exact error message.


----------



## Tidal531 (Jul 9, 2004)

i dont get any error messages, just all the bugs i told you about in my last post...
but my comp do close correctly now.

the 3 programs i listed earlier are still in the install/remove list. 
-Home Search Assistent
-Search Extender
-Shopping Wizard

i cannot create new folders 

i cannot enable the thumbnail view for pictures


----------



## Flrman1 (Jul 26, 2002)

I know very little about ME. I suggest that you start a new thread in the 95/98/ME forum and see if one of the ME gurus can help with that.


----------

