Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91808 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer


  • Please log in to reply
50 replies to this topic

#16 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 21 June 2004 - 10:11 AM

Here is the start-up log
Terry

tartupList report, 6/21/2004, 11:06:11 AM
StartupList version: 1.52
Started from : C:\MY DOCUMENTS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\D3BO.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\CRBP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\JAVA\J2RE1.4.2_02\BIN\JAVAW.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
MotiveMonitor = C:\Program Files\Motive\motmon.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
a-winpoet-service = "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
LoadQM = loadqm.exe
CRBP.EXE = C:\WINDOWS\CRBP.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
LicCtrl = runservice.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
D3BO.EXE = C:\WINDOWS\D3BO.EXE
ATLLX32.EXE = C:\WINDOWS\SYSTEM\ATLLX32.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
AIM = C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 20/6/2004, 10:10:58)

[rename]
NUL=c:\windows\favorites\dads\worldstopssites.com - password site leaderboard.url
NUL=c:\windows\cookies\terry cooley@questionmarket[1].txt
NUL=c:\windows\cookies\terry cooley@2o7[1].txt
NUL=c:\windows\cookies\terry cooley@edge.ru4[1].txt
NUL=c:\windows\system\mfcjl.dll
NUL=c:\windows\system\ipxy.exe
NUL=c:\windows\system\d3hk32.exe
NUL=c:\windows\appkc.exe
NUL=c:\windows\system\d3hk32.exe
NUL=c:\windows\system\sysij.exe
NUL=c:\windows\system\mfcyo.exe
NUL=c:\windows\system\d3ov32.exe
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\CRBP.DLL - {58C94033-D071-41C6-1E7C-1D1E8C934FA8}

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...7922.5772685185

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop...p/PCPitStop.CAB

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
CODEBASE = http://download.yaho...mail/ymmapi.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL
CODEBASE = http://download.game...aploader_v5.cab

[MediaTicketsInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX
CODEBASE = http://www.mt-downlo...tsInstaller.cab

[McAfee.com Updater]
InProcServer32 = C:\WINDOWS\MCBIN\MGAVEXP.DLL
CODEBASE = http://download.mcaf...can/mcasupd.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 7,239 bytes
Report generated in 0.296 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

    Advertisements

Register to Remove


#17 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 21 June 2004 - 10:47 AM

Great!!!

Now, could you post the contents of this file:

C:\WINDOWS\WININIT.

Into this thread.

Were you able to run either of the online virus scans, and what did they find?

Edited by Micah_6:8, 21 June 2004 - 10:57 AM.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#18 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 21 June 2004 - 11:39 AM

here's the startup list

StartupList report, 6/21/2004, 12:34:21 PM
StartupList version: 1.52
Started from : C:\MY DOCUMENTS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\D3BO.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\CRBP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\IEQR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
MotiveMonitor = C:\Program Files\Motive\motmon.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
a-winpoet-service = "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
LoadQM = loadqm.exe
CRBP.EXE = C:\WINDOWS\CRBP.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
LicCtrl = runservice.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
D3BO.EXE = C:\WINDOWS\D3BO.EXE
ATLLX32.EXE = C:\WINDOWS\SYSTEM\ATLLX32.EXE
IEQR.EXE = C:\WINDOWS\IEQR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
AIM = C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 21/6/2004, 11:54:56)

[Rename]
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~2\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~3\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\CRBP.DLL - {58C94033-D071-41C6-1E7C-1D1E8C934FA8}

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...7922.5772685185

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop...p/PCPitStop.CAB

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
CODEBASE = http://download.yaho...mail/ymmapi.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL
CODEBASE = http://download.game...aploader_v5.cab

[MediaTicketsInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX
CODEBASE = http://www.mt-downlo...tsInstaller.cab

[McAfee.com Updater]
InProcServer32 = C:\WINDOWS\MCBIN\MGAVEXP.DLL
CODEBASE = http://download.mcaf...can/mcasupd.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 6,888 bytes
Report generated in 0.170 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#19 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 21 June 2004 - 12:28 PM

It says C:\WINDOWS\WININIT. cannot be run from within windows

#20 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 21 June 2004 - 12:58 PM

Right click on the file, then "Open with", Choose "notepad". Copy the contents from notepad into this thread. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#21 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 21 June 2004 - 03:08 PM

here is the file it had four sections [Rename] NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~2\INDEX.DAT NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~3\INDEX.DAT NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT [Rename] C:\WINDOWS\SYSTEM\DDRAW.DLL=C:\WINDOWS\SYSTEM\SET50E3.TMP C:\WINDOWS\SYSTEM\DPMODEMX.DLL=C:\WINDOWS\SYSTEM\SET50F4.TMP C:\WINDOWS\SYSTEM\DPWSOCKX.DLL=C:\WINDOWS\SYSTEM\SET50F5.TMP C:\WINDOWS\SYSTEM\DMUSIC.DLL=C:\WINDOWS\SYSTEM\SET5102.TMP C:\WINDOWS\SYSTEM\DSOUND.DLL=C:\WINDOWS\SYSTEM\SET5110.TMP C:\WINDOWS\SYSTEM\DINPUT.DLL=C:\WINDOWS\SYSTEM\SET5111.TMP NUL=C:\WINDOWS\SYSTEM\D3D8.DLL C:\WINDOWS\SYSTEM\D3D8.DLL=C:\WINDOWS\SYSTEM\SET5122.TMP NUL=C:\WINDOWS\SYSTEM\D3D9.DLL C:\WINDOWS\SYSTEM\D3D9.DLL=C:\WINDOWS\SYSTEM\SET5124.TMP NUL=C:\WINDOWS\SYSTEM\DPNET.DLL C:\WINDOWS\SYSTEM\DPNET.DLL=C:\WINDOWS\SYSTEM\SET5131.TMP C:\WINDOWS\SYSTEM\DPVOICE.DLL=C:\WINDOWS\SYSTEM\SET5133.TMP NUL=C:\WINDOWS\SYSTEM\DIACTFRM.DLL C:\WINDOWS\SYSTEM\DIACTFRM.DLL=C:\WINDOWS\SYSTEM\SET5134.TMP NUL=C:\WINDOWS\SYSTEM\DINPUT8.DLL C:\WINDOWS\SYSTEM\DINPUT8.DLL=C:\WINDOWS\SYSTEM\SET5140.TMP NUL=C:\WINDOWS\SYSTEM\DSDMOPRP.DLL C:\WINDOWS\SYSTEM\DSDMOPRP.DLL=C:\WINDOWS\SYSTEM\SET5142.TMP C:\WINDOWS\SYSTEM\DEVENUM.DLL=C:\WINDOWS\SYSTEM\SET5144.TMP C:\WINDOWS\SYSTEM\MSWEBDVD.DLL=C:\WINDOWS\SYSTEM\SET5150.TMP C:\WINDOWS\SYSTEM\QCAP.DLL=C:\WINDOWS\SYSTEM\SET5151.TMP C:\WINDOWS\SYSTEM\QDV.DLL=C:\WINDOWS\SYSTEM\SET5152.TMP C:\WINDOWS\SYSTEM\QDVD.DLL=C:\WINDOWS\SYSTEM\SET5154.TMP C:\WINDOWS\SYSTEM\QEDIT.DLL=C:\WINDOWS\SYSTEM\SET5155.TMP C:\WINDOWS\SYSTEM\QUARTZ.DLL=C:\WINDOWS\SYSTEM\SET5162.TMP NUL=C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\MIGRATE.DLL C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\MIGRATE.DLL=C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SET5164.TMP ERROR: DELETE_FILE C:\WINDOWS\TEMP\OLDB361.TMP C:\_RESTORE\TEMP\OLDB361.0 0x3 ERROR: DELETE_FILE C:\WINDOWS\TEMP\OLDB355.TMP C:\_RESTORE\TEMP\OLDB355.0 0x3 ERROR: DELETE_FILE C:\WINDOWS\COOKIES\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\COOKIES\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~2\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\ADWARE\FSG_4104.EXE C:\_RESTORE\TEMP\FSG_4104.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\MYSETP.EXE C:\_RESTORE\TEMP\MYSETP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PSETUP.EXE C:\_RESTORE\TEMP\P2PSETUP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\GUUB041.TMP C:\_RESTORE\TEMP\GUUB041.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PNET~6.EXE C:\_RESTORE\TEMP\P2PNET~6.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\ADWARE\FSG_41~1.EXE C:\_RESTORE\TEMP\FSG_41~1.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\MYSETP.EXE C:\_RESTORE\TEMP\MYSETP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PSETUP.EXE C:\_RESTORE\TEMP\P2PSETUP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP4.HTM C:\_RESTORE\TEMP\DRMTEMP4.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP3.HTM C:\_RESTORE\TEMP\DRMTEMP3.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP2.HTM C:\_RESTORE\TEMP\DRMTEMP2.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP1.HTM C:\_RESTORE\TEMP\DRMTEMP1.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP6.HTM C:\_RESTORE\TEMP\DRMTEMP6.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\GUU4075.TMP C:\_RESTORE\TEMP\GUU4075.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\ADWARE\FSG_4104.EXE C:\_RESTORE\TEMP\FSG_4104.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\MYSETP.EXE C:\_RESTORE\TEMP\MYSETP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\ADWARE\FSG_4104A.EXE C:\_RESTORE\TEMP\FSG_4104A.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PNET~7.EXE C:\_RESTORE\TEMP\P2PNET~7.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL.DLL C:\_RESTORE\TEMP\MARSHAL.1 0x22 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL.DLL C:\_RESTORE\TEMP\MARSHAL.1 0x22 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PNET~8.EXE C:\_RESTORE\TEMP\P2PNET~8.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL2.DLL C:\_RESTORE\TEMP\MARSHAL2.0 0x22 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP8.HTM C:\_RESTORE\TEMP\DRMTEMP8.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP7.HTM C:\_RESTORE\TEMP\DRMTEMP7.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~15.HTM C:\_RESTORE\TEMP\DRMTE~15.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~14.HTM C:\_RESTORE\TEMP\DRMTE~14.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~13.HTM C:\_RESTORE\TEMP\DRMTE~13.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~12.HTM C:\_RESTORE\TEMP\DRMTE~12.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~11.HTM C:\_RESTORE\TEMP\DRMTE~11.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~10.HTM C:\_RESTORE\TEMP\DRMTE~10.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~9.HTM C:\_RESTORE\TEMP\DRMTEM~9.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~8.HTM C:\_RESTORE\TEMP\DRMTEM~8.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~7.HTM C:\_RESTORE\TEMP\DRMTEM~7.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~6.HTM C:\_RESTORE\TEMP\DRMTEM~6.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~5.HTM C:\_RESTORE\TEMP\DRMTEM~5.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~4.HTM C:\_RESTORE\TEMP\DRMTEM~4.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~3.HTM C:\_RESTORE\TEMP\DRMTEM~3.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~2.HTM C:\_RESTORE\TEMP\DRMTEM~2.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~15.HTM C:\_RESTORE\TEMP\DRMTE~15.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~14.HTM C:\_RESTORE\TEMP\DRMTE~14.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~13.HTM C:\_RESTORE\TEMP\DRMTE~13.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~12.HTM C:\_RESTORE\TEMP\DRMTE~12.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~11.HTM C:\_RESTORE\TEMP\DRMTE~11.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~10.HTM C:\_RESTORE\TEMP\DRMTE~10.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~9.HTM C:\_RESTORE\TEMP\DRMTEM~9.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~8.HTM C:\_RESTORE\TEMP\DRMTEM~8.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~7.HTM C:\_RESTORE\TEMP\DRMTEM~7.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~6.HTM C:\_RESTORE\TEMP\DRMTEM~6.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~5.HTM C:\_RESTORE\TEMP\DRMTEM~5.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~4.HTM C:\_RESTORE\TEMP\DRMTEM~4.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~3.HTM C:\_RESTORE\TEMP\DRMTEM~3.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~2.HTM C:\_RESTORE\TEMP\DRMTEM~2.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEM~1.HTM C:\_RESTORE\TEMP\DRMTEM~1.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTEMP9.HTM C:\_RESTORE\TEMP\DRMTEMP9.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\DRMTE~16.HTM C:\_RESTORE\TEMP\DRMTE~16.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\ADWARE\FSG_4104.EXE C:\_RESTORE\TEMP\FSG_4104.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMP\MYSETP.EXE C:\_RESTORE\TEMP\MYSETP.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL.DLL C:\_RESTORE\TEMP\MARSHAL.1 0x22 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL2.DLL C:\_RESTORE\TEMP\MARSHAL2.0 0x22 ERROR: DELETE_FILE C:\WINDOWS\TEMP\GUU7211.TMP C:\_RESTORE\TEMP\GUU7211.0 0x20 ERROR: DELETE_FILE C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL C:\_RESTORE\TEMP\PERFEC~1.0 0x20 ERROR: RENAME_FILE C:\PROGRA~1\PERFEC~1 C:\WINDOWS\TEMP\PERFEC~1 0x0 ERROR: DELETE_FILE C:\WINDOWS\TEMP\P2PNET~9.EXE C:\_RESTORE\TEMP\P2PNET~9.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\SYSTEM\P2PNET~1\MARSHAL3.DLL C:\_RESTORE\TEMP\MARSHAL3.0 0x22 ERROR: DELETE_FILE C:\PROGRA~1\GRISOFT\AVG6\VERSION.AVG C:\_RESTORE\TEMP\VERSION.0 0x20 ERROR: DELETE_FILE C:\PROGRA~1\GRISOFT\AVG6\AVGCORE.VXD C:\_RESTORE\TEMP\AVGCORE.0 0x0 ERROR: DELETE_FILE C:\PROGRA~1\GRISOFT\AVG6\AVG.OVL C:\_RESTORE\TEMP\AVG.0 0x0 ERROR: DELETE_FILE C:\PROGRA~1\GRISOFT\AVG6\MINIAVI.AVG C:\_RESTORE\TEMP\MINIAVI.0 0x0 ERROR: DELETE_FILE C:\PROGRA~1\GRISOFT\AVG6\MICROAVI.AVG C:\_RESTORE\TEMP\MICROAVI.0 0x0 ERROR: DELETE_FILE C:\WINDOWS\COOKIES\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\COOKIES\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: DELETE_FILE C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20 ERROR: RENAME_FILE C:\PROGRA~1\PERFEC~1 C:\WINDOWS\TEMP\PERFEC~1 0x DELETE_FILE C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT C:\_RESTORE\TEMP\INDEX.0 0x20

#22 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 21 June 2004 - 03:20 PM

Oh and also was not able to run either of the virus scans. they said unable to display page Thanks for all your doing

#23 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 21 June 2004 - 08:43 PM

Pull up the task manager, and end these tasks if they are running:

D3BO.EXE
ATLLX32.EXE
IEQR.EXE
CRBP.EXE

Click Start Menu
Select Run menu
Type "command<enter>"

A DOS window appears on the screen.

In that DOS window, type these commands:

regsvr32 /u CRBP.DLL
del C:\WINDOWS\CRBP.DLL
del C:\WINDOWS\D3BO.EXE
del C:\WINDOWS\SYSTEM\ATLLX32.EXE
del C:\WINDOWS\IEQR.EXE
del C:\WINDOWS\CRBP.EXE
exit

Then navigate to your "C:\WINDOWS\TEMP\" folder.

Delete all the ".exe" files created on or after 06/20/2004 in the C:\WINDOWS\TEMP folder.

Reboot.

Try IE.

If IE still get's an error, please do this:

1. Write the error down, and post it next time.
2. Boot in "safe" mode and try IE.

Reboot and post a new log file.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#24 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 June 2004 - 07:30 AM

Each time i type in the commands in the dos window i get the message bad command or file name.

#25 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 22 June 2004 - 08:33 AM

My bad!!!

The folder where the exe is isn't in your path.

The commands should be this:

c:\windows\system\regsvr32 /u CRBP.DLL
del C:\WINDOWS\CRBP.DLL
del C:\WINDOWS\D3BO.EXE
del C:\WINDOWS\SYSTEM\ATLLX32.EXE
del C:\WINDOWS\IEQR.EXE
del C:\WINDOWS\CRBP.EXE
exit

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

    Advertisements

Register to Remove


#26 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 June 2004 - 08:38 PM

Did as you said still does not work. Also will not open in safe mode. Here is the exact error message as it now reads.

Explorer has caused an error in <unknown> Explorer will now close.
If you continue to expierence problems try restarting your computer.

Here is the latest log file.

Logfile of HijackThis v1.97.7
Scan saved at 9:28:58 PM, on 6/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\WINDOWS\IEQR.EXE
C:\WINDOWS\D3BO.EXE
C:\WINDOWS\APPKN.EXE
C:\WINDOWS\SYSTEM\WINJK.EXE
C:\WINDOWS\MSFZ.EXE
C:\WINDOWS\SYSTEM\IPIC.EXE
C:\WINDOWS\SYSTEM\WINUP32.EXE
C:\WINDOWS\SYSTEM\ADDEA32.EXE
C:\WINDOWS\SYSTEM\APIGM32.EXE
C:\WINDOWS\SDKMT32.EXE
C:\WINDOWS\JAVALD.EXE
C:\WINDOWS\SYSTEM\D3PB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\CRBP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\APIGM32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\D3ZF32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {58C94033-D071-41C6-1E7C-1D1E8C934FA8} - C:\WINDOWS\CRBP.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CRBP.EXE] C:\WINDOWS\CRBP.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3BO.EXE] C:\WINDOWS\D3BO.EXE
O4 - HKLM\..\RunServices: [ATLLX32.EXE] C:\WINDOWS\SYSTEM\ATLLX32.EXE
O4 - HKLM\..\RunServices: [IEQR.EXE] C:\WINDOWS\IEQR.EXE
O4 - HKLM\..\RunServices: [IPIC.EXE] C:\WINDOWS\SYSTEM\IPIC.EXE
O4 - HKLM\..\RunServices: [MSFZ.EXE] C:\WINDOWS\MSFZ.EXE
O4 - HKLM\..\RunServices: [WINJK.EXE] C:\WINDOWS\SYSTEM\WINJK.EXE
O4 - HKLM\..\RunServices: [APPKN.EXE] C:\WINDOWS\APPKN.EXE
O4 - HKLM\..\RunServices: [ADDEA32.EXE] C:\WINDOWS\SYSTEM\ADDEA32.EXE
O4 - HKLM\..\RunServices: [WINUP32.EXE] C:\WINDOWS\SYSTEM\WINUP32.EXE
O4 - HKLM\..\RunServices: [JAVALD.EXE] C:\WINDOWS\JAVALD.EXE
O4 - HKLM\..\RunServices: [SDKMT32.EXE] C:\WINDOWS\SDKMT32.EXE
O4 - HKLM\..\RunServices: [APIGM32.EXE] C:\WINDOWS\SYSTEM\APIGM32.EXE
O4 - HKLM\..\RunServices: [D3PB.EXE] C:\WINDOWS\SYSTEM\D3PB.EXE
O4 - HKLM\..\RunServices: [D3ZF32.EXE] C:\WINDOWS\D3ZF32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#27 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 24 June 2004 - 08:54 AM

Could you try something for me. Click here to download TheKillbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. In the 'Paste Full Path of File to Delete' box, copy and paste this entry:

C:\WINDOWS\CRBP.EXE

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". In the window that opens up, click on the File menu and choose "Add File". The C:\WINDOWS\CRBP.EXE listing should show up in the window. Then repeat the process, this time adding:

C:\WINDOWS\CRBP.DLL

If that's successful you should have the two files listed. Then repeat so that all these files appear in the list as well:

C:\WINDOWS\D3BO.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\WINDOWS\IEQR.EXE
C:\WINDOWS\SYSTEM\IPIC.EXE
C:\WINDOWS\MSFZ.EXE
C:\WINDOWS\SYSTEM\WINJK.EXE
C:\WINDOWS\APPKN.EXE
C:\WINDOWS\SYSTEM\ADDEA32.EXE
C:\WINDOWS\SYSTEM\WINUP32.EXE
C:\WINDOWS\JAVALD.EXE
C:\WINDOWS\SDKMT32.EXE
C:\WINDOWS\SYSTEM\APIGM32.EXE
C:\WINDOWS\SYSTEM\D3PB.EXE
C:\WINDOWS\D3ZF32.EXE

When they are all there, in the same window choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: (no name) - {58C94033-D071-41C6-1E7C-1D1E8C934FA8} - C:\WINDOWS\CRBP.DLL
O4 - HKLM\..\Run: [CRBP.EXE] C:\WINDOWS\CRBP.EXE
O4 - HKLM\..\RunServices: [D3BO.EXE] C:\WINDOWS\D3BO.EXE
O4 - HKLM\..\RunServices: [ATLLX32.EXE] C:\WINDOWS\SYSTEM\ATLLX32.EXE
O4 - HKLM\..\RunServices: [IEQR.EXE] C:\WINDOWS\IEQR.EXE
O4 - HKLM\..\RunServices: [IPIC.EXE] C:\WINDOWS\SYSTEM\IPIC.EXE
O4 - HKLM\..\RunServices: [MSFZ.EXE] C:\WINDOWS\MSFZ.EXE
O4 - HKLM\..\RunServices: [WINJK.EXE] C:\WINDOWS\SYSTEM\WINJK.EXE
O4 - HKLM\..\RunServices: [APPKN.EXE] C:\WINDOWS\APPKN.EXE
O4 - HKLM\..\RunServices: [ADDEA32.EXE] C:\WINDOWS\SYSTEM\ADDEA32.EXE
O4 - HKLM\..\RunServices: [WINUP32.EXE] C:\WINDOWS\SYSTEM\WINUP32.EXE
O4 - HKLM\..\RunServices: [JAVALD.EXE] C:\WINDOWS\JAVALD.EXE
O4 - HKLM\..\RunServices: [SDKMT32.EXE] C:\WINDOWS\SDKMT32.EXE
O4 - HKLM\..\RunServices: [APIGM32.EXE] C:\WINDOWS\SYSTEM\APIGM32.EXE
O4 - HKLM\..\RunServices: [D3PB.EXE] C:\WINDOWS\SYSTEM\D3PB.EXE
O4 - HKLM\..\RunServices: [D3ZF32.EXE] C:\WINDOWS\D3ZF32.EXE
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab

Reboot when done. Rescan with HJT and post a new log.

#28 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 24 June 2004 - 02:41 PM

Did all that everthing worrked here is a new log. IE did not work after the reboot yet same error



Logfile of HijackThis v1.97.7
Scan saved at 3:34:02 PM, on 6/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SDKMA32.EXE
C:\WINDOWS\NTVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MSRP.EXE
C:\WINDOWS\NETCF.EXE
C:\WINDOWS\SYSTEM\ADDGM.EXE
C:\WINDOWS\SYSTEM\D3RL.EXE
C:\WINDOWS\WINRI32.EXE
C:\WINDOWS\NTDQ.EXE
C:\WINDOWS\SYSTEM\ADDGM.EXE
C:\WINDOWS\NTQH32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {563D1E57-F852-8021-0147-EAEEA18FAA75} - C:\WINDOWS\SDKEN32.DLL (file missing)
O2 - BHO: (no name) - {2DA6D450-7429-D453-988F-4B369CF47DF8} - C:\WINDOWS\SYSTEM\CRKG.DLL (file missing)
O2 - BHO: (no name) - {14604D6E-DE07-853B-F23F-7DD24D7B5394} - C:\WINDOWS\SYSTEM\NETHT32.DLL (file missing)
O2 - BHO: (no name) - {C411A256-DC8B-9D84-0C38-5F2589813988} - C:\WINDOWS\ATLQG.DLL (file missing)
O2 - BHO: (no name) - {7C16C7E5-9CFA-188C-1391-6B30852F9DA6} - C:\WINDOWS\NTDQ.DLL
O2 - BHO: (no name) - {7F4FF738-FD6F-935B-5E8A-DD28208D60F2} - C:\WINDOWS\SYSTEM\D3AA.DLL (file missing)
O2 - BHO: (no name) - {C053397E-2B2B-97AE-4BB0-73BA741D1256} - C:\WINDOWS\SYSTEM\ATLOX32.DLL (file missing)
O2 - BHO: (no name) - {C5941043-CC68-477E-C366-7A933B91F258} - C:\WINDOWS\SYSTEM\SDKQF.DLL (file missing)
O2 - BHO: (no name) - {8DC5878E-3DA6-341C-8C67-6C673433DEE2} - C:\WINDOWS\SYSTEM\CRZM.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CRKG.EXE] C:\WINDOWS\SYSTEM\CRKG.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3RL.EXE] C:\WINDOWS\SYSTEM\D3RL.EXE
O4 - HKLM\..\RunServices: [NETCF.EXE] C:\WINDOWS\NETCF.EXE
O4 - HKLM\..\RunServices: [SDKMA32.EXE] C:\WINDOWS\SDKMA32.EXE
O4 - HKLM\..\RunServices: [ADDGM.EXE] C:\WINDOWS\SYSTEM\ADDGM.EXE
O4 - HKLM\..\RunServices: [WINRI32.EXE] C:\WINDOWS\WINRI32.EXE
O4 - HKLM\..\RunServices: [NTVC.EXE] C:\WINDOWS\NTVC.EXE
O4 - HKLM\..\RunServices: [MSRP.EXE] C:\WINDOWS\MSRP.EXE
O4 - HKLM\..\RunServices: [NTQH32.EXE] C:\WINDOWS\NTQH32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#29 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 24 June 2004 - 03:40 PM

IE not working is not the main problem here. You have an aggressive viral infection that morphs when we try to remove it.

Could you go here and run an online scan, allow it to delete whatever it finds:

TrendMicro HouseCall

Reboot when done. Rescan with HJT and post a new log here.

#30 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 25 June 2004 - 06:11 AM

tcooley, What version of Netscape are you using? I have versions 4.5, 6.2, and 7.1 on my machine. If I have the same version of Netscape you do, and I can get one of the online virus scans to work on my machine, then maybe I can help you get it to run. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users