Can't use Run if OE and/or IE open

Discussion in 'adware, spyware & hijack cleaning' started by XenaWarrior, Apr 19, 2004.

Thread Status:
Not open for further replies.
  1. XenaWarrior

    XenaWarrior Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    5
    Hello,

    I have used Ad-Aware and Spybot using the setting suggested here, but am still having problems with my puter. I tried SpyHunter and it found numerous things in the Registry, but wouldn't remove them unless I paid for the program. Am also a bit leery of it since it might make things worse. Bottom line is that I have lots of problems with my DSL connection (which is set up properly) and I used to be able to go to Run and do the IP config /release and /renew. Now when I go to Run, it will only work after booting and NOT opening either IE or OE. Once I open either of those Run in inop. I can play games, use Word or Excel and I don't have that problem. Here is my HiJackThis log so you can see if there are any other problems.

    I also have SpyWAre Guard and Blaster, though only after these problems occured.

    StartupList report, 4/19/2004, 17:57:50
    StartupList version: 1.52
    Started from : C:\Program Files\HijackThis!\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickDesk.exe
    C:\Program Files\World Time\worldtime.exe
    C:\Palm\AlarmApp.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Program Files\HijackThis!\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    SysDate.exe
    QuickDesk.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    World Time.lnk = ?
    Alarm Manager.LNK = C:\Palm\AlarmApp.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Logitech Utility = Logi_MwX.Exe
    RoxioEngineUtility = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    RoxioDragToDisc = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    RoxioAudioCentral = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Ad-watch = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    DIGStream = C:\Program Files\DIGStream\digstream.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    EPSON Stylus CX3200 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    FullAudio = C:\PROGRA~1\MUSICNOW\WMPImporter.exe
    SpyHunter = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    MemScanner = C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    dumbos do format = C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll - {08442457-929D-4522-AE24-9D3E4664A0C1}
    SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
    (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job
    Norton AntiVirus - Scan my computer - Owner.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [YExplorer1_8US.CAB]
    CODEBASE = http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    OSD = C:\WINDOWS\Downloaded Program Files\YExplorer1_8US.CAB.osd

    [FASetupStart Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FASETU~1.OCX
    CODEBASE = http://a856.ff.fullaudio.com.edgesu...re.fullaudio.com/fullaudio/3.0.0.40/setup.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

    [YbUploadFavsCtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\YbConvFav030408.dll
    CODEBASE = http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.0846527778

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [ActiveDataInfo Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\swflash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: c:\documents and settings\Owner\cookies\ownercap@revenue[2].txt


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 10,184 bytes
    Report generated in 2.093 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    ________________________________________________________________


    Logfile of HijackThis v1.97.7
    Scan saved at 17:46:08, on 4/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickDesk.exe
    C:\Program Files\World Time\worldtime.exe
    C:\Palm\AlarmApp.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Program Files\HijackThis!\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [FullAudio] C:\PROGRA~1\MUSICNOW\WMPImporter.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [MemScanner] C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [dumbos do format] C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: SysDate.exe
    O4 - Global Startup: QuickDesk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: World Time.lnk = ?
    O4 - Global Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a856.ff.fullaudio.com.edgesu...re.fullaudio.com/fullaudio/3.0.0.40/setup.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.0846527778
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    Please help! Thank you . . .
     
    Last edited: Apr 19, 2004
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    these 2 look suspicious

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickDesk.exe

    please go to
    http://www.kaspersky.com/remoteviruschk.html

    click on browse and upload those files one at a time and have kav check them

    please post back with it's report

    the behaviour you are complaining about suggests a virus/trojan
     
  3. XenaWarrior

    XenaWarrior Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    5
    dvk01,

    kapersky seems to be down at the moment, but I've used those two utilities for years and never had a problem. I got a virus back in February and removed it, but wonder if my Registry got screwed up. A friend said that I might need to format /mbr. Does that seem necessary to you?

    Thank you.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi XenaWarrior,

    Could you try this:
    download BHODemon from http://www.definitivesolutions.com/bhodemon.htm and use it to temporarily disable:
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll
    C:\Program Files\SpywareGuard\dlprotect.dll
    c:\program files\google\googletoolbar1.dll
    C:\Program Files\Norton AntiVirus\NavShExt.dll

    If that helps release them one by one until the problem comes back.
    I suspect there may be a conflict between the BHO's or a corrupted one.
    If I am right this would be the way to find out.

    Do not buy SpyHunter, because it is wellknown for its false positives. It would be a shame to buy a program based on that.

    Regards,

    Pieter
     
  5. XenaWarrior

    XenaWarrior Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    5
    Pieter,

    Thanks for warning me about SpyHunter. I ran it and it picked up things that I didn't think were bad, so I deleted it. It's good to know I did the right thing!

    Anyway, I downloaded the BHODemon and blocked those items. It doesn't seem to have helped and maybe made it worse as I could not use Run after rebooting (and without ANY programs open). I remain mystified. Not sure if you need both, but here are my HijackThis! logs:

    StartupList report, 4/21/2004, 23:53:27
    StartupList version: 1.52
    Started from : C:\Program Files\HijackThis!\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickDesk.exe
    C:\Program Files\World Time\worldtime.exe
    C:\Palm\AlarmApp.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\BHODemon\BHODemon.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis!\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    SysDate.exe
    QuickDesk.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    World Time.lnk = ?
    Alarm Manager.LNK = C:\Palm\AlarmApp.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Logitech Utility = Logi_MwX.Exe
    RoxioEngineUtility = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    RoxioDragToDisc = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    RoxioAudioCentral = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Ad-watch = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    DIGStream = C:\Program Files\DIGStream\digstream.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    EPSON Stylus CX3200 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    FullAudio = C:\PROGRA~1\MUSICNOW\WMPImporter.exe
    DVDUpgrade = DVDUpgrd.exe /async
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    dumbos do format = C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll (disabled by BHODemon) - {08442457-929D-4522-AE24-9D3E4664A0C1}
    SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll (disabled by BHODemon) - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
    (no name) - c:\program files\google\googletoolbar1.dll (disabled by BHODemon) - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll (disabled by BHODemon) - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job
    Norton AntiVirus - Scan my computer - Owner.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [YExplorer1_8US.CAB]
    CODEBASE = http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    OSD = C:\WINDOWS\Downloaded Program Files\YExplorer1_8US.CAB.osd

    [FASetupStart Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FASETU~1.OCX
    CODEBASE = http://a856.ff.fullaudio.com.edgesu...re.fullaudio.com/fullaudio/3.0.0.40/setup.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

    [YbUploadFavsCtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\YbConvFav030408.dll
    CODEBASE = http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38097.825

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [ActiveDataInfo Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\swflash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: c:\documents and settings\Owner\cookies\Owner@realmedia[2].txt


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 10,447 bytes
    Report generated in 0.211 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    _______________________________________________________


    Logfile of HijackThis v1.97.7
    Scan saved at 23:53:18, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickDesk.exe
    C:\Program Files\World Time\worldtime.exe
    C:\Palm\AlarmApp.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\BHODemon\BHODemon.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis!\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
    O2 - BHO: (no name) - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\Program Files\IE URL Spoofing Patch\IEWorkaround3.dll (disabled by BHODemon)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [FullAudio] C:\PROGRA~1\MUSICNOW\WMPImporter.exe
    O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [dumbos do format] C:\Program Files\Dumbos Do Format\ddfbeta4-2-0.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: SysDate.exe
    O4 - Global Startup: QuickDesk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: World Time.lnk = ?
    O4 - Global Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a856.ff.fullaudio.com.edgesu...re.fullaudio.com/fullaudio/3.0.0.40/setup.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38097.825
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi XenaWarrior,

    Nothing much to be found in your logs. Can you tell me what exactly happens when you try to use the Run ?
    Is the option greyed out or not responsive?

    Regards,

    Pieter
     
  7. XenaWarrior

    XenaWarrior Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    5
    Hallo Pieter,

    Run is unresponsive if I have opened either IE or OE, but not other programs such as Hearts. It isn't grayed out, rather, the window will not pop up when I click Run. Then I have to reboot to make it usable again. And the main reason I have to use Run (or used to) is because my DSL connection drops. Once DSL starts dropping, it happens frequently;I used to be able to keep it going by using IP config /release and IP config /renew, but now I have to unplug the modem, then the router, and turn off the computer. Then I plug the modem back in, plug the router back in and then start the computer.

    I appreciate you looking into my problem and hope we can fix it without me having to format!
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    go to this site

    http://www.kellys-korner-xp.com/xp_qr.htm

    and start looking at the fixes around these areas..



    Run Command - Clear History

    Start/Run/Regedit
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU. Delete the value corresponding to the command you want to remove, or remove all the entries to clear the list completely.

    Run Command - Creating 'App Paths' in Windows XP

    To create an application path, so you can run an application in Windows XP from the Run dialog box you need to:

    1. Run regedit and go to HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths

    2. Create a new key with the what ever you want to use as your run command:
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nameofprogram.exe

    3. In the key folder that you created, create a new string, call it 'Path' and modify the value to point the specific folder of your
    executable your running: C:\ProgramFiles\nameofprogram.

    4. Use the default string and modify it's value to point to the executable you want to run.

    Run Command Missing

    Right click the Start button and select Properties, then Customize. Scroll down and put the check mark in the Show Run entry. If you're using the new Start panel, its on the Advanced tab.

    Or check your settings here: Start/Run/Regedit

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    Value Name: NoRun
    Data Type: REG_DWORD (DWORD Value)
    Value Data: (0 = disabled, 1 = enabled)

    Note: It seems that under "XP Theme", not more than eleven (11) items can be displayed together at the right-hand column (with blue background), which at times, disables/removes the Run Command even with it being checked.

    Run Command - Restore

    When you click Start, Run and enter a path and folder name (example: C:\Windows), you may receive and error message.

    The Registry branch for HKEY_CLASSES_ROOT\Folder is damaged or corrupted. Fix: http://www.dougknox.com/xp/fileassoc/folder_reg.zip To use: Download the ZIP file and open it. Extract the REG file and double click it. Answer yes to the import prompt. REG files can be viewed in Notepad by right clicking them and selecting Edit.

    **************


    if you find nothing there..then go to the S page at Kelly's K and look under start menu.
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    As a temporary workaround download te attached file, save it as ipconfig.vbs

    You can doubleclick that file to release and renew.

    Regards,

    Pieter
     

    Attached Files:

  10. XenaWarrior

    XenaWarrior Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    5
    Hmm. When I followed your instructions for this:

    Or check your settings here: Start/Run/Regedit

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    Value Name: NoRun
    Data Type: REG_DWORD (DWORD Value)
    Value Data: (0 = disabled, 1 = enabled)


    This is what shows up -

    Name Type Data

    (Default) REG_SZ (value not set)
    NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)
     
Thread Status:
Not open for further replies.