 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows 98 / General Topics / April 2004nearly every executable creates illegal op
I'd be appreciative if anyone could give me some advise with this. My computer went from nearly perfectly operational to this, the only programs which work are IE (after a couple "Send Error Report" dialogs) and notepad. Trying to run ANY other prog results in a illegal op relating to a .dll file. It started after I restarted the computer and the IE homepage was changed to C:\windows\secure.html, a page telling me I had a security problem and offered me a link to buy the solution. The website was privacyoutpost dot com and they had a disclaimer at the bottom of their page saying their "affiliates" were responsible for the forced adverts and they give you a procedure to remove the offending prog. I went thru their steps to delete it and remove it from the registry and the problem continues. I downloaded adaware and spybot:search and destroy (and had to install them in safe mode) and ran them, removing quite a bit of stuff...no luck. I went to housecall.trendmicro.com and scaned for viruses and removed three which I can't recall the names of right now. PLEASE someone help me out. I've got auctions I need to deal with and I can't open Outlook, besides not being able to run ANYthing. thanks nathan Download/run Cool Web Shredder from: http://www.spywareinfo.com/~merijn/downloads.html For Info on Cool Web Search Variants: http://www.spywareinfo.com/~merijn/cwschronicles.html Then download/install/run Ad-Aware to detect/rid of any other parasites/spyware that may be installed. It can be obtained free from: http://www.lavasoftusa.com/ After installing Ad-Aware, open it and click on the ref update to get the latest up-to-date ref file, then run Ad-Aware and delete everything it finds. And/or download/install/run: Spybot - Search & Destroy: http://security.kolla.de/index.php?lang=en&page=download If you still have problems, download/run HijackThis from: http://www.merijn.org/ Do not remove anything with it until you get advice on what to remove, HJThis will list many apps that are needed along with the bad ones. Read the quick start here on how to create a log file that can be copied/pasted into a forum that can provide assistance on removal of unwanted pests. http://mjc1.com/mirror/hjt/#quick Then post the logs to an appropriate NG here where they specialize in spyware/hijacker removal: http://forums.spywareinfo.com/ It's also a good idea to have a HOSTS file to block bad sites, scroll to HOSTS File Manager here: http://www.mvps.org/PracticallyNerded/Software.htm Another good app is SpywareBlaster which stops the badboys before they even get a chance to install: http://www.javacoolsoftware.com/spywareblaster.html  SignatureBrian A. Jack of all trades, Master of none. One can never truly be a master as there is always more to learn. > I'd be appreciative if anyone could give me some advise > with this. My computer went from nearly perfectly [quoted text clipped - 22 lines] > thanks > nathan Ok, here's what I've done so far and since making the post. Same problems persist...all attempts to run an exe file result in a Ill. Operation... besides Internet Explorer of course... Also, I didn't mention it before, but Explorer will crash randomly, leaving me with a blank desktop and no choice but to ctrl+alt+del and shut down... First, I'm not able to post my problem at the forums you posted about spyware/hijacking, since I can't open anything other than IExplorer (if I'm lucky) I'm not able to use Outlook to register a username. I've run Adaware and Spybot:SD several times and they can find nothing else to remove. I ran CWShredder and the first time it found nothing. The second time it stopped on CW SmartSearch and advised me to close all Notepad windows because it was going to remove the problem, but then it continued through the list and said there were no problems found... (on another note...Adaware and Spybot ARE now able to run in regular mode) Hijackthis I could only run under safe mode, so I'm not sure how useful the information would be but I will post the log file anyway...if anyone is reading this StartupList will run in Normal mode, I will post that as well... Hijack log: _________________________________________________ Logfile of HijackThis v1.97.7 Scan saved at 11:44:11 PM, on 4/19/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\PROFILES\NATHAN\DESKTOP\HIJACKTHIS.EXE O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644- 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021- 6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18- 009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [RegShave] C:\Progra~1 \REGSHAVE\REGSHAVE.EXE /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA B?37998.308275463 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31868fb5ee9efd21fb23/netzip/RdxIE601.c ab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/s wflash.cab O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5 .2AxWin.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1- 4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/ sw.cab O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://www.reallusion.com/Stuff/CrazyTalk.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacs com.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev- www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3- 0.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant ivirus.com/housecall/xscan53.cab _______________________________________________________ Startuplist.txt _______________________________________________________ StartupList report, 4/19/04, 11:19:42 PM StartupList version: 1.52 Started from : C:\WINDOWS\PROFILES\NATHAN\DESKTOP\STARTUPLIST.EXE Detected: Windows 98 SE (Win9x 4.10.2222A) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\SR64\ADBHMOID.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\PROFILES\NATHAN\DESKTOP\STARTUPLIST.EXE -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = C:\WINDOWS\scanregw.exe /autorun TaskMonitor = C:\WINDOWS\taskmon.exe SystemTray = SysTray.Exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme RegShave = C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme McAfeeVirusScanService = C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 19/4/2004, 2:57:56) [Rename] NUL=c:\windows\profiles\nathan\cookies\nathan@ad-logics [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ad-logics [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ads.specificp op[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ads.specificp op[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ads.specificp op[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserv.intern etfuel[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserv.intern etfuel[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserver.file front[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserver.news .com[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserver.poll star[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserver.trb [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserver.ukpl us.co[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@adserv[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@advertising [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ajrotator [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ajrotator [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@atdmt[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@bfast[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@bis.180soluti ons[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@bluemountain [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@bravenet [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@bravenet [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@centrport [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@cgi-bin [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@cms[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@commission- junction[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@commission- junction[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@doubleclick [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ehg- idg.hitbox[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@ehg.hitbox [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@exit.xitcash [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [4].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [5].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [6].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fastclick [7].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fl01.ct2.comc lick[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fortunecity.c o[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fortunecity [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fortunecity [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fortunecity [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@fortunecity [4].txt NUL=c:\windows\profiles\nathan\cookies\nathan@gator[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@gator[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@gator[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@hc2.humanclic k[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@hg1.hitbox [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@hitbox[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@hypercount [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@internetwashe r[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@it.netster [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@iwon[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediaplex [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediaplex [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediaplex [4].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediatrack.po pupsponsor[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediatrack.po pupsponsor[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediatrack.re venue[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@mediatrack.re venue[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@nitrous.inter netfuel[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@offshoreclick s[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@peel[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@popupsponsor [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@popupsponsor [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@qksrv[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@qksrv[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@servedby.adve rtising[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@servedby.adve rtising[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@servedfor.val uead[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@statse.webtre ndslive[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@t1.adserver [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@t1.adserver [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@targetnet [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@targetnet [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@targetnet [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@tmpad[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@tmpad[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@tradedoubler [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@trafficmp [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@trafficmp [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@trafficmp [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.adserver. jolt.co[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.bluemount ain[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.commissio n-junction[2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.commissio n-junction[3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.maximumca sh[1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.qksrv [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www.qksrv [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www1.paypopup [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www3.paypopup [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@www4.paypopup [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@xupiter [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@xupiter [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@xxxtoolbar [2].txt NUL=c:\windows\profiles\nathan\cookies\nathan@z1.adserver [1].txt NUL=c:\windows\profiles\nathan\cookies\nathan@z1.adserver [3].txt NUL=c:\windows\profiles\nathan\cookies\nathan@z1.adserver [4].txt NUL=c:\windows\profiles\nathan\cookies\nathan@z1.adserver [5].txt NUL=c:\windows\profiles\nathan\cookies\nathan@zedo[1].txt -------------------------------------------------- C:\AUTOEXEC.BAT listing: SET BLASTER=A220 I5 D1 T4 LH C:\WINDOWS\AU30DOS.COM C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanpm.exe C:\ IF ERRORLEVEL 1 PAUSE -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962- 6F74-2D53-2644-206D7942484F} -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job -------------------------------------------------- Enumerating Download Program Files: [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA B?37998.308275463 [RdxIE Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL CODEBASE = http://207.188.7.150/31868fb5ee9efd21fb23/netzip/RdxIE601.c ab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/s wflash.cab [Pulse V5 ActiveX Control] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXPULSE5.DLL CODEBASE = http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5 .2AxWin.cab [InstallShield International Setup Player] InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL CODEBASE = http://www.installengine.com/engine/isetup.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1- 4E20-9F5F-94901338C922/wmv9VCM.CAB [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/ sw.cab [CrazyTalk Player] InProcServer32 = C:\WINDOWS\SYSTEM\CRAZYT~1.DLL CODEBASE = http://www.reallusion.com/Stuff/CrazyTalk.cab [Yahoo! Audio UI1] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSUI.DLL CODEBASE = http://chat.yahoo.com/cab/yacsui.cab [Yahoo! Audio Conferencing] InProcServer32 = C:\WINDOWS\DOWNLO~1\YACSCOM.DLL CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacs com.cab [FilePlanet Download Control Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FILEPLANETDOWNLOADCTRL.DLL CODEBASE = http://dev- www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab [EPSImageControl Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EPSCONTROL.DLL CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3- 0.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX CODEBASE = http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant ivirus.com/housecall/xscan53.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- End of report, 12,361 bytes Report generated in 0.379 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Not an expert but if this is running stop it. Netzip Smart Downloader npnzdad.exe Advertising spyware Source:START-UP APPLICATIONS http://www.sysinfo.org/startupinfo.php Run MSCONFIG from the Start/Run applet and under Start Up tab. if this process is found disable it for now. See is you can remove it with the Add/Remove program applet. SignatureWhile in the Start Up tab. Disable all except Explorer and Systray. Reboot. Test you system. Can you start any .exe file by locating the file and opening it directry from the .exe file. Henri Leboeuf Web page: http://www.colba.net/~hlebo49/index.htm ** NOTE NEW ADDRESS ** Pages at generation.net will no longer be updated. === > Ok, here's what I've done so far and since making the > post. Same problems persist...all attempts to run an exe [quoted text clipped - 493 lines] > regardless of platform > /history - to list version history only I have noticed a trojan (i think) on your system that adaware has not yet dealt with. When you press Ctrl+Alt+Del in the processes window there will probably be a program running that is a nonsense word of about 8/9 letters. On my system this name was created randomly so don't go looking for it yet. End-task this and hopefully you should be able to access Explorer and outlook express. After you get your important mail out of the way, restart your computer in safe mode, goto c:\windows\system and delete the SR64 folder. Hopefully this should get rid of the problem for you. When i did this, my computer rebooted itself automatically after i restarted, so i don't know if there is something in the registry still trying to load up those programs - then again maybe it's my 48MB RAM having a siezure. Hope this helps George New email - georgesmailuk@yahoo.co.uk YES! Thank you!!! Well I did find the nonesense prog listed in the processes window and I closed it. I was able to use Outlook, no problem. I'm about to shut down and delete SR64 from safe mode. Thanks again! >-----Original Message----- >I have noticed a trojan (i think) on your system that adaware has not [quoted text clipped - 20 lines] >New email - georgesmailuk@yahoo.co.uk >. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.