Author Topic: Please help me... (Read 836 times)

ababyspice · « **on:** May 16, 2005, 01:03:58 PM »

We were infected with the funner.exe worm. I have managed to log back in and download Hijackthis. Here follows the hijackthis log;

Logfile of HijackThis v1.99.1
Scan saved at 19:06:02, on 16/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\MK9805.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MMTTGLZZ.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.net/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=PTSNOOP.EXE
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: (no name) - {64AF335C-C21D-5DB0-8753-60550DA82D49} - C:\WINDOWS\SYSTEM\WCFCW.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c7 -w1
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {546D6D80-1E9E-11D3-B65B-88215C0F8173} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\0XM3W1EZ\epl7[1].cab
O18 - Protocol: wavetop - (no CLSID) - (no file)

How do I replace the deleted files?

guestolo · « **Reply #1 on:** May 16, 2005, 08:26:09 PM »

How do you replace what deleted files???
Can you let me know what steps you have taken already

Could you also
Navigate to this file on your hard drive

C:\Windows\System.ini

Right click on it and select OPEN

Copy and paste back the contents to this thread

ababyspice · « **Reply #2 on:** May 26, 2005, 04:51:36 AM »

So far I have followed the instruction you gave to Dominik on Jan 28th (topic - psapi.dll and funny.exe Problem, Funner Worm?)

So I have booted to Command prompt only
Typed in

edit c:\windows\system.ini

Notice the space between edit and c
and hit Enter

in System.ini under the boot tab, navigated to Shell under the boot section

Changed it to read 'Shell=Explorer.exe'

I still couldn't log in so then I;

Got to the command prompt again and typed in the below-

del c:\windows\system\explorer.exe

del c:\windows\system\iexplore.exe

del c:\windows\system\userinit32.exe

del c:\windows\rundll32.exe

del c:\windows\hosts

del c:\funny.exe

del c:\windows\temp\*.*
At the prompt to delete contents of directory I pressed Y then hit Enter

Finally I entered this again at the prompt
edit c:\windows\system.ini

It still read
Shell=Explorer.exe

Restarted the computer succesfully and downloaded Hijackthis 1.99

Did a scan and posted the log file on my previous post.

I then downloaded and saved to Desktop Rundll32_98.zip

That's as far as I have got. I can still use the computer but it is unstable and keeps coming up with security errors. Also, when I turn it on it comes up with a few errors about missing files.

guestolo · « **Reply #3 on:** May 26, 2005, 08:22:19 PM »

Open Hijackthis>>Open Misc tools section>>Open Hosts file Manager
If prompted to create a new Hosts file
ALLOW IT

Next, ensure you unzip Rundll32.zip to your C:Windows folder

I would also run System File checker to see if you have any corrupt or missing files

START>>RUN>>Type in sfc

You still didn't do this

Quote

Navigate to this file on your hard drive

C:\Windows\System.ini

Right click on it and select OPEN

Copy and paste back the contents to this thread

Could I also see a fresh Hijackthis log, it's been some time since you posted back and you still have some cleaning to do in your log

ababyspice · « **Reply #4 on:** May 28, 2005, 05:29:15 AM »

Thank you – I have created a new hosts file and made sure that the rundll32.zip is in the c:windows folder. I have run a system file checker and it appears that the Setupx.dll file is corrupt, I don’t know what to do to correct this.

Here follows the contents of the system.ini file

[boot]
oemfonts.fon=vga850.fon
system.drv=system.drv
drivers=mmsystem.dll power.drv
shell=Explorer.exe
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fixedfon.fon=vgafix.fon
fonts.fon=vgasys.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\WINDOW~2.SCR

[keyboard]
keyboard.dll=
oemansi.bin=xlat850.bin
subtype=
type=4

[boot.description]
system.drv=Standard PC
mouse.drv=Microsoft Mouse
keyboard.typ=Standard 101/102-Key or Microsoft Natural Keyboard
aspect=100,96,96
display.drv=NVidia RIVA TNT

[386Enh]
ebios=*ebios
woafont=app850.fon
mouse=*vmouse, msmouse.vxd
device=*dynapage
device=*vcd
device=*vpd
device=*int13
PagingDrive=C:
device=*enable
keyboard=*vkd

[NonWindowsApp]
TTInitialSizes=4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22

[power.drv]

[drivers]
voice=C:\BITWARE\rockwell.drv
MSVideo.VfWWDM=vfwwdm.drv
wavemapper=*.drv
MSACM.imaadpcm=*.acm
MSACM.msadpcm=*.acm
wave=mmsystem.dll
midi=mmsystem.dll

[iccvid.drv]

[mciseq.drv]

[mci]
cdaudio=mcicda.drv
sequencer=mciseq.drv
waveaudio=mciwave.drv
avivideo=mciavi.drv
videodisc=mcipionr.drv
vcr=mcivisca.drv
DvdVidEx=MciCinem.drv DVD
MpegVideo=MciCinem.drv DVD
DvdVideo=MciCinem.drv DVD
QTWVideo=C:\WINDOWS\SYSTEM\MCIQTW.DRV
MPEGVideo2=mciqtz.drv

[vcache]

[DISPLAY]
BusThrottle=1

[Password Lists]
PAUL STURGES=C:\WINDOWS\PAULSTUR.PWL

[MSNP32]

[drivers32]
vidc.CVID=iccvid.dll
VIDC.IV31=ir32_32.dll
VIDC.IV32=ir32_32.dll
vidc.MSVC=msvidc32.dll
VIDC.MRLE=msrle32.dll
msacm.lhacm=lhacm.acm
msacm.msg723=msg723.acm
vidc.M263=msh263.drv
vidc.M261=msh261.drv
msacm.l3acm=C:\WINDOWS\SYSTEM\L3CODECA.ACM
VIDC.VDOM=vdowave.drv
VIDC.MPG4=msscmc32.dll
vidc.vivo=ivvideo.dll
msacm.vivog723=vivog723.acm
VIDC.TR20=tr2032.dll
VIDC.UCOD=clrviddd.dll
VIDC.IV50=ir50_32.dll
msacm.iac2=C:\WINDOWS\SYSTEM\IAC25_32.AX
VIDC.YVU9=iyvu9_32.dll
VIDC.IV41=ir41_32.ax
VIDC.IR32=C:\WINDOWS\SYSTEM\IR32_32.DLL
VIDC.IR31=C:\WINDOWS\SYSTEM\IR32_32.DLL
VIDC.IR41=C:\WINDOWS\SYSTEM\IR41_32.AX
msacm.msg711=msg711.acm
MSACM.imaadpcm=imaadp32.acm
MSACM.msadpcm=msadp32.acm
MSACM.msgsm610=msgsm32.acm
MSACM.trspch=tssoft32.acm
msacm.msaudio1=msaud32.acm
msacm.sl_anet=sl_anet.acm
msacm.voxacm160=vct3216.acm
VIDC.YUY2=msyuv.dll
VIDC.UYVY=msyuv.dll
VIDC.YVYU=msyuv.dll

[TTFontDimenCache]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22

Also here is a fresh hijack this log;

Logfile of HijackThis v1.99.1
Scan saved at 11:26:24, on 28/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\MK9805.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\MMTTGLZZ.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.net/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=PTSNOOP.EXE
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: (no name) - {64AF335C-C21D-5DB0-8753-60550DA82D49} - C:\WINDOWS\SYSTEM\WCFCW.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c7 -w1
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {546D6D80-1E9E-11D3-B65B-88215C0F8173} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\0XM3W1EZ\epl7[1].cab
O18 - Protocol: wavetop - (no CLSID) - (no file)

Hope this is all right?

guestolo · « **Reply #5 on:** May 29, 2005, 12:53:14 AM »

Let's run some tools on your computer to ensure you are clean

Can you do the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup
Give the link time to load or try it twice, it may be busy
Alternate Download link
We'll need this later

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation

In safe mode, find and delete these files if they exist
C:\WINDOWS\SYSTEM\MMTTGLZZ.EXE <-file
C:\WINDOWS\SYSTEM\WCFCW.DLL <-file
C:\WINDOWS\system32\usbn.exe <-file

Stay in safe mode

Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {64AF335C-C21D-5DB0-8753-60550DA82D49} - C:\WINDOWS\SYSTEM\WCFCW.DLL

O4 - HKLM\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c7 -w1

O4 - HKCU\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32

O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab

O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\0XM3W1EZ\epl7[1].cab
O18 - Protocol: wavetop - (no CLSID) - (no file)

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done

Restart back to Normal mode

We have to run some tools on your computer

Download and Install the free version of Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
We have to get your operating system and browser more secure
Visit Windows updates and Install ALL Latest Critical Updates and Service Packs
Don't install the Recommended updates unless something preferred

After you download and Install the latest updates and service packs
Keep revisiting Windows Updates until you have all the latest critical updates installed

After that is complete
I don't see any Anti-Virus software on your computer
If you need a free solution
Please download and Install the Free version of AVG 7
from this link
http://free.grisoft.com/doc/2/lng/us/tpl/v5

Scroll down and click on
AVG Free Edition installation files
File Version
avg70free_322a531.exe <-this link or similiar

Save the installer to desktop and then double click to install
Restart the computer if prompted
Ensure that AVG is updated and run a Full system Scan

After the above is done
Post back a fresh Hijackthis log

ababyspice · « **Reply #6 on:** June 02, 2005, 01:38:32 PM »

Thank you - have done all the above. Here is fresh hijeckthis log;

Logfile of HijackThis v1.99.1
Scan saved at 19:35:19, on 02/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\MK9805.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=PTSNOOP.EXE
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {546D6D80-1E9E-11D3-B65B-88215C0F8173} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: wavetop - (no CLSID) - (no file)

Also - I don't know if it is part of the same thing but when I try to access the cd drive i get the following error;

D:\ is not accessible. The device is not ready

I don't know if you can help with that but I thought I'd ask as you have been so helpful with this funny.exe problem.. Can't say enough thanks!

TheTechGuide Forum

News:

Author Topic: Please help me... (Read 836 times)

ababyspice

Please help me...

guestolo

Please help me...

ababyspice

Please help me...

guestolo

Please help me...

ababyspice

Please help me...

guestolo

Please help me...

ababyspice

Please help me...