# DLL Error Messages - Internet Will Not Work



## Shintan (Feb 7, 2005)

First off, I am posting from another (this) computer because the problem with my computer does not let me get onto the internet. I can go into the other room to access my computer though, to look at error message names, etc. If I have to post things from the errored computer, I would have no problem typing them on this computer. I am patient to get this problem fixed, so that my internet will work. I have a Microsoft, it's a Pionex. (designed for Windows 98/NT, but I have 98). My adapter is a D-Link "DSB-650TX" USB Fast Ethernet Adapter. I have always-on internet (Cox Cable). I use Internet Explorer.

Upon starting my computer up I have for a long time gotten an error message about my Ethernet Adapter. It states that it has problems working or something and it suggests that I re-set it up or something similar. Note: this message appears when I exactly before I am to enter my password to log into Windows 98.

This adapter "problem" hasn't really done anything that I have noticed, but I wanted to note it just in case it is related to the other problems.

A LONG time after the adapter problem, not seeming to related to it, my computer displayed a bunch of error messages relating to "DLL". It cannot find "msnasn1.dll", "DoCEoC16B1", "stlb2.dll", and "E6F1873B.dll". Since these messages have displayed, I have not been able to get onto the internet. The internet loads completely but then when it is about to load the main visual part it displays a standard internet 'cannot load page' or something. It reads "Invalid Syntax Error" at the top of the Internet window and the main visual window suggests something like: Make sure modem is plugged in properly to phone line, or something.

I think this whole thing may have been caused by something I did a while ago (in between the time the adapter error message first appeared and the first time the DLL error messages started appearing). I had tons of programs running when I would bring up the END TASK screen along with the ones I have now. I always endtasked them so my computer would stop going so slow. I have downloaded spyware stoppers and programs of the like but they did nothing to rid of these programs or the slowness. One day I got extremely frustrated and decided to delete everything that had the word "RUNDLL" in it. After a couple days or weeks my internet would not load due to RUNDLL not working. So I took out of the trash and put it back in. The internet continued to work, then another couple of weeks or a month and the internet didn't work again, with new errors, the ones I have now.

Since I have had the Adapter Error Message, or maybe before (but anyway, for a LONG time), I have had ALL sorts of programs running, slowing down my computer (such as RUNDLL, realtime, Explorer, Lexpps, Imgicon, Systray, Winampa, Scanregw, Taskmon, Lexbces, Realsched, Rundll32, Tvm, Realevent, Rpcss, RUNDLL, Bpcpost, Iomupdateicons, Wzsepe32). These are the ones I have now, maybe others too when I "End Task" certain ones of these. I used to have much more than this when the internet was working. The RUNDLL ones (usually 3 on at a time in the END TASK list), seem to have appeared when the DLL error messages first started displaying. Wzsepe32 always appears to ask me if I want to END TASK it because it doesn't respond.

The DLL messages read: "Error Starting Program A required .DLL file, MSASN1.DLL, was not found."(I have to click this MSASN1 error message out 11-13 times before it goes away) "RUNDLL Error loading stlb2.dll One of the library files needed to run this application cannot be found." "RUNDLL Error loading DoCEoC16B1 The system cannot find the file specified." "RUNDLL Error loading E6F1873B.DLL One of the library files needed to run this application cannot be found."

I use the internet a lot and I cannot do much on my computer without it. I would greatly appreciate some help.


----------



## 911 (Mar 26, 2003)

It sounds like you have a corrupted file or deleted file. Try looking here for a replacement :
http://www.google.com/search?as_q=M...s_occt=any&as_dt=i&as_sitesearch=&safe=images


----------



## Shintan (Feb 7, 2005)

Thanx, that MSASN1.DLL file is on my computer now and my internet works again!

The only thing is that it's extremely slow (takes like 5 minutes to load each page).

Now I probably just need to get rid of ?spyware. I don't know how to do that though. I've tried MANY things, like different types of AdAware-type things, but they sped up my computer just a tiny bit. They always stated that I had like 100 or 120 problems on my computer or I would have to pay a load of money to remove the corruption. One time I did a scan from the internet (like 1 or 2 hours long), the best one which detected like everything, but then it said at the last second that I had to pay $50 to remove it! Could someone maybe help me get this stuff off my computer / get my internet the Cox speed it originally was?


----------



## 911 (Mar 26, 2003)

Your problems "System slowdown, pages don't load / can't be found, etc." could be caused by a virus infection. If you don't have antivirus programs, download and run the free program AVG-7 from http://free.grisoft.com/doc/1/lng/us/tpl/v5.

If it is not a virus, it could be spyware. These things watch where you browse, and report your activities to their home-sites, and they do not mind changing your browser and email settings if it helps them in their schemes. Go to 
http://www.lavasoftusa.com/ 
and download the free program Ad-Aware. You might also try SPYBOT S&D which you can download from 
http://www.lurkhere.com/~nicefiles/index.html
Each will scan your system for spyware, and allow you to delete any that it finds. Run the removal program in Safe mode. Windows won't let "open" files get changed except by the program that opened them. If the infection is in a file that some program has opened, removing it is a problem. Safe mode bypasses all those start menu programs that open when you boot up, so the infected files probably won't be open, and the infection can be removed. After removal, clear any existing System Restore points, so the infection can't come back. ---911


----------



## Shintan (Feb 7, 2005)

Okay, I'll try that now, but it will probably take a little while (scan time, slow web page load).


----------



## Shintan (Feb 7, 2005)

By the way I have frequently had my browser settings and internet appearance change 'mysteriously'. I knew it was someone else. And... didn't they illegalize spyware just not too long ago?


----------



## Shintan (Feb 7, 2005)

How do you clear existing restore points?


----------



## telecom69 (Oct 12, 2001)

If you have windows 98 there is NO system restore facilty .....


----------



## telecom69 (Oct 12, 2001)

Once you have done all the scanning and clearing up with adaware etc.,go here http://www.majorgeeks.com/download3155.html and download this to its own folder somewhere away from the desktop then post a log back here for analysis ....


----------



## Shintan (Feb 7, 2005)

I've just completed the AVG-7 Antivirus scan, which found a virus (40 infected items, trojan stuff). Once in the quarantine, I deleted all the virus things. Was I supposed to delete them though? Or leave them in the quarantine.

I am starting Ad-Aware (?6) now.


----------



## Shintan (Feb 7, 2005)

How do you get the computer into SafeMode?


----------



## telecom69 (Oct 12, 2001)

Most used way is to keep tapping the F8 key while the computer is booting up ....

It was OK to delete them .....

The adaware program you should be using is this one available here http://www.majorgeeks.com/download506.html

Do not forget to post the hijackthis log I asked you too in post 9 above .......


----------



## kenleasu (Feb 8, 2005)

When my computer boots up, the error message - A required dll file - wkwbl.dll- was not found. I usually have shut down, sometimes manually, then boot up again and it works. Help!


----------



## 911 (Mar 26, 2003)

kenleasu said:


> When my computer boots up, the error message - A required dll file - wkwbl.dll- was not found. I usually have shut down, sometimes manually, then boot up again and it works. Help!


Read and try the advice given to Shintan above. If it does not help, I suggest that you should post this as a new thread. Be sure to give details like the make and model of your computer, the op-system, etc.


----------



## telecom69 (Oct 12, 2001)

*kenleasu* you need to start a thread of your own,by clicking on NEW THREAD top left .....we cannot answer questions on two problems in the same thread.......


----------



## Shintan (Feb 7, 2005)

I am running last scan of Spybot S&D now. Then I will post HijackThis log thing when done. (I might already have that, but I might not, so I might need to download it (if my internet still works)). I've already run AVG-7, Ad-Aware 6, and am finishing up with Spybot Search and Destroy.


----------



## Shintan (Feb 7, 2005)

My internet works, but is very slow (an ad appears every page loaded whether I'm going forward or backward in pages; most of the time an ad loads, but anyway it takes 1 to 2 minutes for any page to load).

I AM COMPLETED WITH SCANS AND THEY SEEM TO HAVE DONE VERY LITTLE, BUT SOME, HERE IS MY LOG:

Logfile of HijackThis v1.98.2
Scan saved at 12:53:10 AM, on 2/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\SYSTEM\STLB2.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF.DLL
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\SYSTEM\STLB2.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE /RUNONCE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...7f666fa9a3d4:92470785e6a5acc9d29a160a837f04a1
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

THAT WAS MY LOG. I POSTED IT AT ABOUT 1:19 A.M. CENTRAL TIME, UNITED STATES.


----------



## telecom69 (Oct 12, 2001)

Not surprised your Internet works slow ...Put a tick by EACH of these below and have hijack FIX them after closing all open windows

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF.DLL
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\SYSTEM\STLB2.DLL (file missing)
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...29a160a837f04a1

*Post back a modified log but go here to get the latest hijack first as yours is out of date http://www.majorgeeks.com/download3155.html*


----------



## Shintan (Feb 7, 2005)

I, first got the upgraded HJ, then fixed those problems (a couple I couldn't find) because I have the new version and no saved log, and I forgot to close windows before I fixed them, so I'll probably have to do it again right?

Anyway here is the new log (updated and everything for right now). (9:45 Central Standard Time USA).


----------



## Shintan (Feb 7, 2005)

Logfile of HijackThis v1.99.0
Scan saved at 9:34:53 PM, on 2/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\SYSTEM\STLB2.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE /RUNONCE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

Sorry if I might have screwed up.


----------



## telecom69 (Oct 12, 2001)

Put a tick by EACH of the following and have hijack FIX them after closing any open windows

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\SYSTEM\STLB2.DLL (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe

*I dont see a firewall on your system,can you confirm if you have one?*


----------



## Shintan (Feb 7, 2005)

I don't have any FW. I have "fix"ed ALL the ones you said.

Here is my newest log (10:17 CST, USA).:

Logfile of HijackThis v1.99.0
Scan saved at 10:13:22 PM, on 2/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE /RUNONCE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

Note: I keep getting this "Do you want to install Macromedia Flash Player 7" download box. That's a trick or something right?-Or just an ad, because I'm pretty sure is shows up in a lot of different sites I go into.


----------



## Shintan (Feb 7, 2005)

Note: I also occassionally cannot type in this message Quick Reply box. What do I do if I cannot type? (refresh works only sometimes, do I HAVE to reopen IE everytime that happens or something)?


----------



## telecom69 (Oct 12, 2001)

Run hijack again and fix these below

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html

*Now its very important that you get a firewall so go here http://www.pcworld.com/downloads/file_description/0,fid,8132,RSS,RSS,00.asp and download this very well known and respected free one ........

The flash player thing is showing because you dont have it and lots of sites need it to function properly ........

If you are having problems with the quick reply box justclick on Go Advanced instead and use that one,its probably a site problem which we can look at later .....*


----------



## Shintan (Feb 7, 2005)

Sorry it's taking so long. My computer is extremely slow right now. I'll get on the internet to this thread asap. Note: This Reply is on another computer.


----------



## telecom69 (Oct 12, 2001)

Thats OK there is no hurry just do it at your leisure  :up:


----------



## Shintan (Feb 7, 2005)

A Sygate Personal Firewall message just popped up. It reads (What do I do? Note xxx, etc. are numbers, I typed xxx.xx.xxx.xx to be safe, if neccessary):

Run a DLL as an App (RUNDLL32.EXE) is trying to connect to (xxx.xx.xxx.xx) using remote port 80 (HTTP - World Wide Web). Do you want to allow this program to access this network?"


----------



## Shintan (Feb 7, 2005)

Note: I'm on the internet from on another computer.


----------



## Shintan (Feb 7, 2005)

What do I do about the Sygate Firewall message (Thread 29)?


----------



## Shintan (Feb 7, 2005)

I mean Reply 29.


----------



## Shintan (Feb 7, 2005)

To update you:

I downloaded the SPF Firewall, regardless that it said "Windows XP, 2000, Me, NT, & 9.x" over to the left of the download screen. Does that mean the Firewall won't work properly or as fast as it should since I have 98 Gold?

After I downloaded the firewall, things got EXTREMELY SLOW upon Windows start up, and also the Internet went back to, actually got MUCH slower. I got installed the firewall, restarted like prompted, and when it came time for Windows to load, everything was VERY slow(opening folders, etc.). I did not END TASK anything. The Anti Virus strangely wanted me to install it (I installed it a day or two ago already), and either the Anti Virus or the Firewall prompted that I had some new viruses:
"C:\WINDOWS\SYSTEM BHOW.EXE
Trojan horse Agent.l (or Agent.1)"

At that time I END TASKed to see what weird programs were on:

realtime
AVG Free Edition - Test Center [Not responding]
Explorer
Avgemc
Iexplore
Wbcm_installer
Install
Avgcc
Rundll32
Yxfs2xhgh
Imgicon
Systray
Cimom
Winampa
Winoldap
lic0 (or 1ic0)
Avgcc
Smc [Not responding]

Note: All of these except the last 4 were running when I: (restarted after the firewall download then opened IE and closed it and END TASKed to see what was running)
(ALL of it was running just after I healed the Trojan horse Agent.l (or Agent.1)

Also: There was another virus later that was prompted:
"C:\WINDOWS\TEMP\TVM_B5_BUNDLE_17.EXE
Trojan horse Dropper.Small.BP"

(Just now when typing this virus, my floppy drive was trying to read strangely, and during the whole typing my computer had been making slight loading sounds, does that mean someone is reading this or something?)


----------



## Shintan (Feb 7, 2005)

A couple times the firewall prompted me:
"Run a DLL as an App (RUNDLL32.EXE) is trying to Connect to (xxx.xx.xxx.xx) using remote port 80 (HTTP - World Wide Web).
Do you want to allow this program to access this network?"

I said "no" to RUNDLL32.EXE and "yes" when I was prompted about IEXPLORE.EXE. I was also prompted about NETSCP.EXE too I think. I might have said "no" that but I'm not sure if it even came up.

I thought I deleted this program a long time ago, but it came up a couple times, once when I was off the internet, once when on: PC MightyMax.
The first time it asked me if I want to fix like 117 errors on my computer. The second time it popped up in a small rise-up window in IE and said PC MightyMax and had a Health Meter on it.

I also said "no" to:
"AVG Update downloader (avginet.exe)"

Several times in IE a (?firewall) message rose up to prompt that RUNDLL32.EXE was blocked, just at random times, not even when loading.

I don't even have Netscape, but alot of programs, every once and a while, I remember, prompted that Windows could not find NETSCP.EXE and wanted me to locate it. What's that all about? Sometimes also when I want to use a new program it asks to chose something (a program) to "open (it) with". I never understood why that happens. Anyway sorry if all this is bunched up and unorganized, but I'm just trying to see if it will help you, if it is relevant to the problems.

Also: this rose up when I opened HijackThis (after everything was done, just before I got onto the internet to type all this):

"Program Not found
Windows cannot find NETSCP.EXE.
This program is needed for opening files of type 'URL:HyperText Transfer Protocol.'
Location of NETSCP.EXE:"

It appeared upon opening HJT like I need Netscp.exe to run it or something. I Xed it out and still used it though, it was as if that prompt appeared for no reason.


----------



## Shintan (Feb 7, 2005)

Earlier, a little before I got on the internet now, I got on the internet then immediately got off (to activate other running programs, probably), and then I saved an HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 12:45:50 AM, on 2/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TEMP\YXFS2XHGH.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IIC0.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Iic0] C:\WINDOWS\SYSTEM\IIC0.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

This was, I think, at about 12:45am Central ST, USA.


----------



## Shintan (Feb 7, 2005)

RIGHT when I clicked POST QUICK REPLY, a message came up (firewall) that said that RUNDLL32 was blocked. My computer is slow since I disabled it (my internet takes about two minutes to load a page). So maybe it was a mistake disabling it? Should I turn it back on?

Here is an HJT log right now (with IE, HJT, HJT Folder, and HJT Log NotePad all running while scan to place). Just in case, so you can see if anything's different.

Logfile of HijackThis v1.99.0
Scan saved at 1:54:57 AM, on 2/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TEMP\YXFS2XHGH.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IIC0.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Iic0] C:\WINDOWS\SYSTEM\IIC0.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

RIGHT when I clicked POST QUICK REPLY, a message came up (firewall) that said that RUNDLL32 was blocked. My computer is slow since I disabled it (my internet takes about two minutes to load a page). So maybe it was a mistake disabling it? Should I turn it back on?

Here is an HJT log right now (with IE, HJT, HJT Folder, and HJT Log NotePad all running while scan to place). Just in case, so you can see if anything's different.

Logfile of HijackThis v1.99.0
Scan saved at 1:54:57 AM, on 2/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TEMP\YXFS2XHGH.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IIC0.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Iic0] C:\WINDOWS\SYSTEM\IIC0.EXE
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

2:01am


----------



## Shintan (Feb 7, 2005)

You can scratch Post #36, that was by accident (just read #37 instead), also Sygate firewall just told me (when the page was done loading from the last post):
"Win32 Kernel Core component (kernel32.dll) has received a Broadcast packet from the remote machine (192.168.0.1)
Do you want to allow this program to access the network?"

I said "no".

I'm logging off now (2:11am CST, USA).


----------



## telecom69 (Oct 12, 2001)

You will get quite a few messages from the firewall for a few days till you get it configured correctly,every time you go to a new site or download something it will always ask you first if you want to allow it,sometimes its difficult to know what to say,but if you are working on your computer its mostly OK,its when they pop up out of the blue that it becomes suspicious, you will soon get used to it .....


----------



## Flrman1 (Jul 26, 2002)

Run Hijack This again and put a check by these. Close *ALL* windows except HijackThis and click "Fix checked"

*R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O4 - HKLM\..\Run: [YXFS2XHGH] C:\WINDOWS\TEMP\YXFS2XHGH.EXE

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [bcxkbhnzm] C:\WINDOWS\SYSTEM\vbvtua.exe

O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

O4 - HKLM\..\Run: [tel] C:\WINDOWS\tel.exe

O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R

O4 - HKLM\..\Run: [Iic0] C:\WINDOWS\SYSTEM\IIC0.EXE

O4 - HKLM\..\RunServices: [VidSvr]*

Restart to safe mode.

*How to start your computer in safe mode*

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete these files:

C:\WINDOWS\*tel.exe*
C:\WINDOWS\SYSTEM\*vbvtua.exe*
C:\WINDOWS\SYSTEM\*IIC0.EXE*

Delete these folders:

C:\PROGRAM FILES\*TV MEDIA*
C:\PROGRAM FILES\*SEP*
C:\PROGRAM FILES\*WINDOWS SYNCROAD*
C:\PROGRAM FILES\*WEB_REBATES*
C:\Program Files\*Ebates_MoeMoneyMaker*
C:\Program Files\*Web Offer*
c:\windows\*180solutions*
C:\WINDOWS\system32\*pcs*

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.


----------



## Shintan (Feb 7, 2005)

A MESSAGE BOX JUST CAME UP (WHAT DO I SELECT):

"180search Assistant Alert
 WARNING
The system has detected that a third-party application has removed 180search Assistant, possibly without your consent. This may cause some programs not to run as expected. Please choose an option below.

Reinstall so that programs will run as expected. Requires internet connectivity.

Leave uninstalled, and clean up any 180search Assistant files or settings that remain

Remind me later"


----------



## Flrman1 (Jul 26, 2002)

Choose "Leave uninstalled, and clean up any 180search Assistant files or settings that remain"


----------



## Flrman1 (Jul 26, 2002)

Also go *here* and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on *Check for updates now* then click *Connect* and download the latest reference files.

From main window :Click *Start* then under *Select a scan Mode* tick *Perform full system scan*.

Next deselect *Search for negligible risk entries*.

Now to scan just click the *Next* button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose *select all* from the drop down menu and click *Next*)

*Restart your computer*.

Go *here* and download Microsoft Antispyware Beta. First press file and check for updates and then run it.

Let it fix anything that it finds (have it quarantine them rather than delete just in case. It is a beta program and there may be false positives)


----------



## Shintan (Feb 7, 2005)

I already have Spybot S&D, what if Ad-Aware detects what has been quaranteed or whatever in S&D? Am I still supposed to delete that?


----------



## Flrman1 (Jul 26, 2002)

That shouldn't be a problem.


----------



## Shintan (Feb 7, 2005)

Okay, I'm just about to get started on everything from Post #40 (My computer is VERY slow right now, it might be because of what I blocked with Sygate firewall)

I blocked:
Win32 Kernel core component
Microsoft Announcement Listener
Distributed COM Services

Am I supposed to block these?

I once received a message about the first one:
"Win32 Kernel core component (Kernel32.dll) has received a Broadcast packet from the remote machine (192.168.0.1) Do you want to allow this program to access the network?"

I selected "no", these are all things I blocked in Sygate Personal Firewall.


----------



## Shintan (Feb 7, 2005)

"fixed" all files in HJT, but couldn't find the "tel" one.

I also looked for C:\windows\tel.exe and could not find that. Closest thing found is c:\windows\telnet.exe.

What do I do?(Also read Post 46)


----------



## Flrman1 (Jul 26, 2002)

Telnet.exe is a legit windows file. don't delete it.

Microsoft Announcement Listener is related to this in your HJT log:

O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe

It is MS WebTV for Windows. Used to display TV on your PC.

Was the Distributed COM Services outbound or inbound? What file was using it?


----------



## tracer357#1 (Jul 19, 2004)

Shintan said:


> "fixed" all files in HJT, but couldn't find the "tel" one.
> 
> I also looked for C:\windows\tel.exe and could not find that. Closest thing found is c:\windows\telnet.exe.
> 
> What do I do?(Also read Post 46)


shintan 
has anyone had you look in your "msconfig" to see just what you have loading at startup?
this could help you with your pc being so slow starting and operating.
go to start, run, (type in ) "msconfig" (hit enter).
a window will come up go to the right tab "startup" open it.
in there is a list of programs that start and are running on your system
some in the background.

here is what you have running:

realtime
AVG Free Edition - Test Center [Not responding]
Explorer
Avgemc
Iexplore
Wbcm_installer
Install
Avgcc
Rundll32
Yxfs2xhgh
Imgicon
Systray
Cimom
Winampa
Winoldap
lic0 (or 1ic0)
Avgcc
Smc [Not responding]

disable these:

realtime
AVG Free Edition - Test Center [Not responding]
Iexplore
Wbcm_installer
Install
Rundll32
Yxfs2xhgh
Imgicon
Cimom
Winampa
Winoldap
lic0 (or 1ic0)
Smc [Not responding]

also remove your temporary internet files and cookies in your control panel 
under (icon) "internet options"
after that's done reboot your system it should run a little bit better.
see if this helps you.

also TELNET:
A Telnet program runs on your computer and connects your PC to a server on the network or internet. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. This enables you to control the server and communicate with other servers on the network.


----------



## Shintan (Feb 7, 2005)

I did all that from page 3. (Note: MS Antispyware Beta would not download because I don't have compatible Windows; it requires 2000, NT, and some others but not 98).

First I got off the internet to do that AdAware SE scan. While it was scanning, these showed up in the END TASK box:
realtime
Ad-Aware SE [Not responding]
Explorer
Avgemc
Realevent
Realevent
Cimom
Imgicon
Systray
Avgcc
Winampa
Realevent
Realevent
Realevent
Realevent
Realevent
(Note: only 1 Realevent was running through the majority of the scan, then toward the end, all the rest showed up after I took my screen saver off, and at that time my AASE was frozen a for a couple minutes. In order to make it resume the rest of the scan, I had to END TASK all of these, except AASE and Explorer. The computer will never work if working at all if Explorer is not on. Explorer is always on even if my internet is not hooked up at all. I never knew what Explorer is.)

The AASE scan took 4 hours and found about 480 problems, and when I restart the computer via START>SHUT DOWN>RESTART it gets to the Windows is Shutting Down screen like it is shutting down instead of restarting. Once it gets to that screen it never gets to the It is Now Safe to Turn Off Your Computer Screen / it never restarts or anything, so I always have to push the Restart button on the computer to restart at all.

The computer, is completely regular speed (as long as I END TASK those programs at start up). The internet is ALMOST the speed it is supposed to be, but it can still get faster (back to my COX speed that is).

After I was finished with everything I saved a log (with the END TASK programs on), then END TASKED them and saved another log right after. STRANGELY at that time that I was just about to save the first log, my firewall asked me whether or not I wanted to allow some program to access the network:
it said something like the internet (or some program) is trying to send a packet to the network (or somewhere). I thought I wrote that down, but I can't find it. Right after that a little rise-up note came up and said something like: Files are being hijacked OR Hijacking is occuring on files OR something. I immediately scanned with HJT and strangely I couldn't type in the title of the HJT save name when I wanted to save the first log. So I immediately scanned again and saved a log (so maybe I caught a strange program running or something?). Then I END TASKED everything but Explorer, probably, and scanned and saved another log.

I'll post these logs from my computer asap. And I'll get the stuff you guys posted on this page done too, then after everything is done from there, I'll post a third log if I'm supposed to.

Here are is the END TASK box at the time the "Hijack" occured:
Hijack This
realtime
Explorer
Avgemc
Smc [Not responding]
Lexpps
Avgcc
Imgicon
Systray
Cimom
Winampa

Here are a couple other END TASK box things running (I don't know when they were running though):
realtime
AVG Free Edition - Test Center [Not responding]
Explorer
Avgemc
Iexplore
Wbcm_installer
Install
Avgcc
Rundll32
Yxfs2xhgh
Imgicon
Systray
Cimom
Winampa

Another:
Winoldap

NOTE: this Post was posted from another computer.
SPECULATION: Maybe, just maybe, since a note came up saying that I've been hijacked or something, maybe there's a hacker reading this stuff or something?


----------



## Flrman1 (Jul 26, 2002)

Post another Hijack This log please.


----------



## Shintan (Feb 7, 2005)

Here is the first HJT Log I said I'd post (from when I said that SPF told me Application Hijacking was detected, with END TASK things active)

Logfile of HijackThis v1.99.0
Scan saved at 5:00:09 AM, on 2/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

Here is the 2nd log I said I'd post (right after the 1st log, all I did that was different was just END TASK all the programs except the needed ones HJT and Explorer)

Logfile of HijackThis v1.99.0
Scan saved at 5:02:20 AM, on 2/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O4 - User Startup: America Online Tray Icon.lnk = C:\Program Files\Outlook Express\wab.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

Here is a log of about 15 minutes ago (7:54 Central Time USA now) (SPF detected Application Hijacking almost immediately upon opening HJT)

Logfile of HijackThis v1.99.0
Scan saved at 7:31:57 PM, on 2/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Our Town USA, Inc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00800B81-1792-11D0-8464-00A02418ABA6} - http://home.snap.com/main/homepage/code/home_my.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL


----------



## Shintan (Feb 7, 2005)

That last log is the completely updated one. I completely did everything you guys said up to before I posted that log, and RIGHT after I opened HJT just last, about 15 or 20 minutes ago SPF detected application hijacking. Right before the app hijack pop-up popped up it said that Internet Explorer was trying to connect to tomcoyote.org.

So, upon opening HJT, IE tried to connect to tomcoyote.org, and I blocked it, and Application Hijacking was detected by SPF.

Right before loading HJT just now, when the computer loaded up, these END TASK programs were running:
Explorer
Avgemc
Cimom
Systray

I opened IE and these programs were in the ET box:
Explorer
Avgemc
Cimom
Systray
Iexplore
Smc
Realevent

I END TASKed Realevent and these changed:
Explorer [Not responding]
Iexplore [Not responding]
<unknown>

I disabled Realevent (I think before the last HJT Log). Just for reference, if I haven't said, and if it matters, HJT is version 1.99.0.

Does Application Hijacking Detected (by SPF) mean that a hacker is doing something, or opening HJT triggered some spyware program to do/search something? Or what?

Also: I don't know what the program Cimom is that just appeared a day or two (or three) ago.

Tracer357 #1, are you sure you want me to disable the END TASK AVG programs? I'm pretty sure those are my AntiVirus programs running.


----------



## Flrman1 (Jul 26, 2002)

I don't know exacttly what the application hijacking message is. Tell me word for word exactly what it says.

You need to go back into msconfig and re-enable these:

*ScanRegistry
LoadPowerProfilecheme
AVG7_EMC
AVG7_AMSVR*


----------



## Shintan (Feb 7, 2005)

My computer and internet works at a regular speed, but it can still get faster. The internet, actually takes about a minute or thirty seconds to load each page. It's almost back to how it first was when I first got Cox Cable. But it's still slow compared to how fast it should go. Windows is I think at a pretty regular speed now though.

Also: What is Win32 Kernel core component. It is in my SPF Firewall box, and I always have it blocked.


----------



## Shintan (Feb 7, 2005)

I am PRETTY sure the message says: "Application hijacking has been detected", but "has been" might not be in the message but I'm PRETTY sure it is. There are 3 AVG things in MSConfig, ALL 3 should be enabled, correct?


----------



## Shintan (Feb 7, 2005)

Just to correct you on the IE speed: It took about 50-60 seconds to load the page when I pressed Post Quick Reply.


----------



## Shintan (Feb 7, 2005)

ScanRegistry, LoadPowerProfilecheme (Rundll32), AVG7_EMC, AVG7_AMSVR, re-enabled. Isn't rundll32 a bad file?

The only other programs enabled on startup (MSConfig) are:
AVG7_CC
SMC
SystemTray (SysTray)
TaskMoniter (TaskMon)

What now? Restart and HJT Log?


----------



## Flrman1 (Jul 26, 2002)

Yes all three AVG entries should be enabled.

you can't judge your internet speed by how these pages are loading here becuase we need a new server. One recently went down and the pages are slow to load here sometimes depenidng on the load.

Win32 Kernel core component could be good or bad. You never did tell me what file it was related to. If it is Kernel32.dll, it is legit and should not be blocked.


----------



## Shintan (Feb 7, 2005)

It took 55 seconds to refresh the page, but Windows is pretty regular speed. When I first started having Cox Cable, the biggest, most-graphiced, most-complicated webpage would take 10 seconds at the absolute tops to load. An average webpage load would take maybe 3-5 seconds to load. So what the freak is making the internet 5 to 10 times slower?


----------



## Shintan (Feb 7, 2005)

I don't know how to check what file kernel is related to.


----------



## Flrman1 (Jul 26, 2002)

Based on what I have read here in your thread you have blocked a lot of legitimate apps with your firewall. 

The Win32 Kernel core component was related to Kernel32.dll and should be allowed.

You also blocked these:

Microsoft Announcement Listener
Distributed COM Services
AVG Update downloader (avginet.exe)"

these should be allowed.


----------



## Shintan (Feb 7, 2005)

Do you know how I can disable ads? I've noticed that when a page is loading, it pretty much halts loading until the ad is done flashing. Once the ad is done flashing, the page IMMEDIATELY resumes loading at normal speed. So is there a way I can just get rid of these ads?

(Another thing: this is a bit off topic, and you don't have to answer it, but also, is there a way I can set a default media player, so that all music anywhere on the internet will automatically play in the one player that I specify? There is a site where I can listen to virtually any song and it sometimes brings up some random music player that I don't like, like RealPlayer, I like it to play in Windows Media Player, because it loads fast and plays well. RealPlayer takes FOREVER to load and QuickTime does too, and it hardly ever works right.) I completely am fine if you don't answer that since it's off topic.


----------



## Shintan (Feb 7, 2005)

SPF:
Ad-Aware SE Core application (ad-aware.exe) ALLOWED
AVG Alert Manager (avgamsvr.exe) ALLOWED
AVG E-Mail Scanner (avgwb.dat) ALLOWED
AVG Update downloader (avgemc.exe) ALLOWED
Distributed COM Services (rpcss.exe) ALLOWED
Hijack This (hijack this.exe) ALLOWED
Internet Explorer (iexplore.exe) ALLOWED
LEXPPS.EXE (lexpps.exe) BLOCKED
Microsoft Announcement Listener (annclist.exe) ALLOWED
Run a DLL as an App (rundll32.exe) ALLOWED
Spooler Sub System Process (spool32.exe) ASK (UNKNOWN)
Win32 Kernel core component (kernel32.dll) ALLOWED
WIN32 Network Interface Service (mprexe.exe) ASK (UNKNOWN)
Windows Explorer (explorer.exe) ASK (UNKNOWN)

Are these at the correct settings? I would like to cut down on that which I don't absolutely need running so that my computer goes fast.


----------



## Shintan (Feb 7, 2005)

Most of the time since I've been on this page and maybe page 4 Smc in the END TASK box (SPF Firewall) shows up as [Not responding] and I think it's been slowing down the internet.

MSConfig Enabled Startup Programs:
ScanRegistry (scanregw) /autorun
TaskMonitor (taskmon)
SystemTray (systray)
LoadPowerProfile (rundll32) powrprof.dll, LoadCurrentPwrScheme
AVG7_CC (avgcc) /STARTUP
AVG7_EMC (avgemc)
AVG7_AMSVR (avgamsvr)
SmcService (smc) -stargui
LoadPowerProfile (rundll32) powprof.dll, LoadCurrentPwrScheme
SmcService (smc)

Correct?

MSConfig Disabled Startup Programs:
Yahoo! Pager (ypager) -quiet
Mozilla Quick Launch (netscp) -turbo
LexStart (lexstart)
LexmarkPrinTray (printray)
TkBellExe (realsched) -osboot
QuickTime Task (qttask) -atboottime
PCBG (pcbodyguard) /start
HP Component Manager (hpcmpmgr)
HP Software Update (hpwuschd)
Iomega Startup Options (imgstart)
Iomega Drive Icons (imgicon)
PCD RealTime (realtime)
WinampAgent (winampa)
bpcpost.exe (bpcpost)
TVWakeup (tvwakeup)
SchedulingAgent (mtask)
Announcements (annclist)
America Online Tray Icon (wab)
WinZip Quick Pick (wzsepe32)


----------



## Flrman1 (Jul 26, 2002)

Your settings look good, but with Sygate not responding there is a problem somewhere. First try uninstalling/reinstalling Sygate. If that doesn't help, we may need you to try another firewall.

What ads are you talking aabout blocking? Popups?


----------



## Flrman1 (Jul 26, 2002)

Shintan said:


> (Another thing: this is a bit off topic, and you don't have to answer it, but also, is there a way I can set a default media player, so that all music anywhere on the internet will automatically play in the one player that I specify? There is a site where I can listen to virtually any song and it sometimes brings up some random music player that I don't like, like RealPlayer, I like it to play in Windows Media Player, because it loads fast and plays well. RealPlayer takes FOREVER to load and QuickTime does too, and it hardly ever works right.) I completely am fine if you don't answer that since it's off topic.


Open Windows Media Player and click on Tools > Options. Click on the "File Types" tab and click "Select All". This will make WMP your default player for most media files.


----------



## Shintan (Feb 7, 2005)

1)blocking ads in webpages, such as: say, a little box in the top of a window of a new page you load that flashes and slows down the progress/loading time of that page. The only thing that I found that slightly slows them down is right clicking then selecting, Low Quality, which makes the text on that ad box crappier.

2)I'll try that SPF reinstallation 3)and the WMP thing.


----------



## Shintan (Feb 7, 2005)

1)I did the WMP thing. I clicked on the play button icon to play the song on the site and, as always, a message comes up and says:
"Microsoft Internet Explorer
Error: The data is invalid."
To let you know, the site is www.mp3search.ru and all you have to do is have an email address and make a password to play any music (in other words, to log in). This site has always worked for me and it works on other computers, but it won't work on mine. One day that error message came up and it's still that way.

2)SPF doesn't say "[Not responding]" anymore, and I didn't have to reinstall it or anything. But, do you still want me to reinstall it?.


----------



## Shintan (Feb 7, 2005)

I tried to play a movie in WMP and an error message appeared saying:
"Windows Media Player Error
Cannot connect to server"
Because of that I'm guessing I need a new music player or something. Real Player takes way too long to load each song so I never use it. I also have WinAmp but it takes a long time too. Any suggestions?


----------



## Flrman1 (Jul 26, 2002)

What version of WMP do you have?


----------



## Shintan (Feb 7, 2005)

I have WMP 7.1.


----------



## Flrman1 (Jul 26, 2002)

Upgrade to WMP 10:

http://www.microsoft.com/windows/windowsmedia/mp10/default.aspx


----------



## Shintan (Feb 7, 2005)

I've downloaded from that link. Movies and music now play, but I still cannot play music from that website, www.mp3search.ru. I played music from another computer and that site only allows you to hear samples of songs now not the whole song. I guess I'll just have to find another site.

I don't know what these are, and they do not appear anywhere when I do that Start>Run>MSConfig thing:
Cimom
Msgsrv32

I have often seen Cimom in the END TASK box. It'll sometimes return after I END TASK it too. Msgsrv32 hardly appears, but when it does it shows: Msgsrv32 [Not responding]. It appears sometimes when my computer is slow, and it is possibly linked to AVG upgrading from the internet.

Also, SPF half of the time says [Not responding] again. Otherwise, everything else is normal speed I think (Windows, and Internet).


----------



## Shintan (Feb 7, 2005)

Correction: it doesn't say "SPF [Not responding]", it says "Smc [Not responding]". Smc appears when I open the Sygate Personal Firewall. Cimom mostly appears at this time also, but also appears upon Windows startup along with Smc. Should I get Sygate Firewall Pro, it says it is one tenth of a version under Sygat Personal Firewall though. I did a scan and it says SPF is not completely protected, because it was able to connect to my ports. I'm pretty sure that in the Start>Run>Msconfig thing that it says that SPF is smc.exe, I think, but I might be wrong.

By the way, I might have been slow to react because of the flu, sorry.


----------



## Flrman1 (Jul 26, 2002)

Did you ever try uninstalling/reinstalling Sygate?


----------



## Shintan (Feb 7, 2005)

I just uninstalled SPF and got Zone Labs ZoneAlarm 5.5.062.004. It works fine, but after a while using my computer, my computer fails to load past the first Windows 98 screen (the main one, before the desktop). It says something like 'Windows has experienced a protection error' or 'Windows Protection Error' then 'You need to restart you computer' or something. Then I have to go into Safe Mode to "fix the problem".

By the way, I have NO idea if it matters at all, but here is some of my computer info:
Pionex / CyrixInstead / Cyrix MediaGXtm MMXtm Enhanced (266Mhz) CPU
and my Cox Cable connection speed is 768kbps both ways (I was told)
and I have a D-Link DSB-650TX USB 10/100 Fast Ethernet Adapter (Broadband Cable Connection)
PROGRAMS:
Windows 98SE 4.10.1998
Internet Explorer 4.0
Direct X 4.05.01.1998
Grisoft AVG (Anti-Virus) 7.1.0.298
Lavasoft Ad-Aware SE Personal (Anti-Adware) 1.05 Version 6.2.0.206
SpyBlocs 3.00.0001
Spybot - Search & Destroy (Anti-Spyware) 1.3.0.12
TweakNow RegCleaner (Registry Cleaner) 2.07.0
Windows Media Player 7.01.00.3055
Zone Labs ZoneAlarm (Firewall) 5.5.062.004


----------



## Flrman1 (Jul 26, 2002)

http://support.microsoft.com/?kbid=149962


----------



## Shintan (Feb 7, 2005)

When I start up the computer, right before it is supposed to load the desktop, at the Windows 98 screen, the screen turns to the black DOS screen and says, "Windows protection error. You need to restart your computer." I have changed two things not too far from the first time this happened.

I have changed something in one of the items in the Control Panel, I think either in Users or General or Network or something. There is a box that says something about the name of the computer and your organization/company. I changed the name of the computer and made up a workgroup. Was that a foolish thing to do? I also just now tried something and my computer still does not start up Windows. Windows starts up in Safe Mode just fine, but not in Normal Mode. The only thing off about shut down is that when I select Restart Computer, it most of the time displays the Shut Down screen then never restarts, but it sometimes works.

Right before this just started happening I attempted to try to modify AUTOEXEC.BAT in order to play a song upon Windows startup. But it never worked. I knew it probably wasn't going to work, but I tried. All I did was type the exact location of the song (i.e.: C:\, etc.). I deleted that line now, which had something like TShoot in front of it, obviously meaning troubleshoot. I also deleted the line before it that read the same TShoot thing in front of it and said @ECHO OFF. My stepfather maybe 2 weeks ago told me to turn ECHO ON to ECHO OFF so that I would have a quicker startup, and I wouldn't have to read what the computer is telling me is loading or something. I also deleted a line that manifested itself at the bottom of AUTOEXEC.BAT (4th line) The only one that remains is a line that was originally there that loads the AntiVirus bootup scan. Originally that AVG line was there and ECHO ON was. But now just the AVG line is there. Should I type ECHO ON or OFF on the second line and save?

Right now I'm reading the link you posted.


----------



## Shintan (Feb 7, 2005)

I read the link. When it says to run MSConfig and click Select Startup, which I did, there is no Boot A, Boot B, Boot C options, etc. I looked for them and there is no such thing.


----------



## Shintan (Feb 7, 2005)

I read this after I went to Windows 98 startup error or whatever, and at the part where it says Safe Mode starts up Windows fine or something like that.


----------



## ~Candy~ (Jan 27, 2001)

Can you or can you not boot into Windows now?


----------



## Shintan (Feb 7, 2005)

I can get into Windows only in Safe Mode.


----------



## Shintan (Feb 7, 2005)

Hence, the reason why I'm on the internet is because I'm on a different computer.


----------



## Shintan (Feb 7, 2005)

Not to change subject or anything AcaCandy, but your Acapulco profile is, aye caramba, Eye-ca-Candy.


----------



## ~Candy~ (Jan 27, 2001)

Thanks 


Can you do this, reboot to a command prompt only and type scanreg/restore and hit enter.

Is there a date prior to not being able to get into windows in normal mode, but NOT TOO FAR back? And DEFINITELY, not the oldest one.


----------



## Shintan (Feb 7, 2005)

These are the entries (but obviously, as you can see, my computer clock is off):

03/10/06 Started rb003.cab
03/09/06 Started rb002.cab
03/08/06 Started rb001.cab
03/07/06 Started rb000.cab
02/11/05 Started rb005.cab

I probably need to set the clock right and then reshow you the entries right?


----------



## Shintan (Feb 7, 2005)

Actually, my clock is up to date, the times on those entries are just messed up for some reason, which you probably know why right?


----------



## Shintan (Feb 7, 2005)

The date that Windows has been screwy is probably the most current one of those dates, because that was the most current error that has occured on my computer, if I'm making sense at all. The only thing is that those dates are wrong for some reason.


----------



## ~Candy~ (Jan 27, 2001)

Are you in the US? Could those dates be from 2003, and 2002? If you go to start, run, msconfig, startup tab, is scanregistry checked there?


----------



## Flrman1 (Jul 26, 2002)

Candy, I had him enable scanreg in msconfig back on page 2 or 3 in this thread. Whether he did or not, I'm not sure. He makes about 5 or 6 posts before we ever have a chance to respond to the first one so it's been hard to keep up with what's going on.


----------



## ~Candy~ (Jan 27, 2001)

Ok, thanks Mark. Since it's not March 10 yet, it's hard for me to believe that could be a 2006 date, but, who knows.


----------



## Shintan (Feb 7, 2005)

I am in the US, and I just turned on ScanRegistry. A while ago, maybe two weeks ago, I went into the MSConfig thing and it showed everything checked. -??? So I checked everything that was supposed to be on there, but obviously I forgot ScanRegistry. Sorry. Do you want me to re-do that DOS Registry thing again?


----------



## ~Candy~ (Jan 27, 2001)

Just for fun, can you check to see the newest date, now that you've turned it back on?


----------



## Shintan (Feb 7, 2005)

It says exactly the same thing it said before. The latest date is 03/10/06. So what am I supposed to restore to the latest or second latest date or something?


----------



## ~Candy~ (Jan 27, 2001)

I would opt for the 7, 8, or 9 one myself. But something is still wrong here.

If you go to the start button, run, type scanreg and hit enter, does it say the registry has been backed up already for today?


----------



## Shintan (Feb 7, 2005)

It said that it wasn't backed up today. I chose to back it up and restarted. - still doesn't startup up in Normal Mode.


----------



## ~Candy~ (Jan 27, 2001)

Does scanreg/restore show the new date? And since the thread is getting long, does it say safe mode in all 4 corners?


----------



## Shintan (Feb 7, 2005)

The dates and everything were exactly how they were before, and I'm pretty sure there wasn't any SAFEMODE stuff.

Anyway, I just restored a certain previous registry and did a couple things to get my system back to normal. My Windows speed and Internet speed are both completely back to normal, back to fast speed and everything. Now my only problem is that my Windows Media Player won't load. That is the ONLY problem. Should I just reinstall it? "An internal application error has occured." appears when I click the icon to load WMP, and also when I try to open from its folder.


----------



## ~Candy~ (Jan 27, 2001)

WHAT?  I thought you said earlier the only way you could access Windows was in safe mode? 

If it doesn't say safe mode in all 4 corners, you AREN'T in safe mode. More than likely you needed to reinstall your video drivers.

Yes, try reinstalling Media Player...or you may have to remove it first via add/remove windows components.

And I'd keep checking the scanreg restore dates. Something is very wrong there.


----------



## Flrman1 (Jul 26, 2002)

Uninstall/reinstall WMP.


----------



## Shintan (Feb 7, 2005)

Yes, of course it said SAFE MODE on the Desktop when I was in Safe Mode. I thought you meant it said SAFE MODE on the ScanReg/Restore DOS screen. I was only able to get into Windows in SAFE MODE, but now everythings good that I know of, since I restored a previous registry.

How do I reinstall video drivers, and why?

I'm going to reinstall WMP now.


----------



## ~Candy~ (Jan 27, 2001)

Never mind my video driver suggestion. That was for when Windows "LOOKS" like it's in safe mode, but DOESN'T say SAFE MODE in all 4 corners.


----------



## Shintan (Feb 7, 2005)

I uninstalled WMP. When I installed that WMP, the site says "Windows Media Player 10 Download Now". I clicked on the link, and, for some reason it saved as WMP 7.1.

Just now, when I uninstalled WMP and attempted to install WMP 10 from another site, it did not have Windows 98 under supported OS's, but I tried anyway just in case. The earliest thing it said it supported was Windows 9x. It downloaded but at the very end it said that the download only works for Windows XP or some two letters (instead of XP). Also a window popped up that said:
"The following system files have been replaced with older versions by a program you recently ran. These files are currently in use and cannot be automatically repaired.

Windows may not run correctly until you exit and restart Windows so that these files can be automatically repaired.

C:\WINDOWS\SYSTEM\COMMCTRL.DLL"

Should I try WMP 7.1, and what should I do about this commctrl.dll, which is maybe disallowing my WMP from working?


----------



## ~Candy~ (Jan 27, 2001)

I don't think 10 will work with 98.

I do think that 9 should, but I could be wrong.


----------



## ~Candy~ (Jan 27, 2001)

Just double checked a 98 system and it is running version 9.


----------



## Shintan (Feb 7, 2005)

But WMP 9 is 98SE, I don't know whether or not I have 98 or 98SecondEdition. Does this matter?


----------



## ~Candy~ (Jan 27, 2001)

Right click on my computer, properties.


----------



## Shintan (Feb 7, 2005)

Says "Microsoft Windows 98 4.10.1998", didn't see any SE mention though. So I can't use WMP9?


----------



## Flrman1 (Jul 26, 2002)

Your HJT log shows that you have 98 first edition:

Platform: Windows 98 Gold (Win9x 4.10.1998)


----------



## Shintan (Feb 7, 2005)

So I can't use WMP9, what's the next best? Is there a WMP8? And what about the COMMCTRL.DLL? P.S.-Happy Irish Day.


----------



## Shintan (Feb 7, 2005)

WMP 7.1 is the highest I can use on this. I installed it and am restarting the CPU.


----------



## Flrman1 (Jul 26, 2002)

:up:


----------



## Shintan (Feb 7, 2005)

WMP works now, just fine.

Tiny couple of things left: 1)do you know what COMMCTRL.DLL is because it states sometimes when I do certain things that it is not working or something (Post 106 quote), but it doesn't seem to make anything messed up that I'm aware of. 2)could you tell me how to add program shortcuts to the Start Menu and the main desktop title bar thing that is attached to the START part?


----------



## Shintan (Feb 7, 2005)

Hello? Anybody there?


----------



## ~Candy~ (Jan 27, 2001)

Drag the .exe file to the taskbar.


----------

