I use a web site for business that I pay to access. I have a sign on name & password. When I enter my info I am "welcomed by name " Then I try to search for info and then a message comes up from the web site that I have been logged off due to inactivity or an incorrect password. My lap top works perfectly from any location but my home PC does not work.
Does it sound like a virus etc...? I have Pop up killers, Adaware,Trend. Macafee fire wall etc...


Thank you for your help & suggestions.
Ron F

What version of IE? (assuming you're using IE)
What security settings & privacy settings?

Hi Degsy
Thank you for the reply.
Hiow do I find the answers to your questions? (sorry
I run Win 98

Thanx again Ron

IE Version:
Goto Help>About Internet Explorer
The Version will be displayed

Security & Privacy:
Goto Tools>Internet Options>
There are Security & Privacy tabs
Select them to show what settings you have.

Just to eliminate a possibility - do you have any problems using this site? Theory being that if this site works your problem isn't cookies ;)

Degsy & Steven
I have IE 5.5
When I check the for the Security & Privacy tabs I only see a Security tab which shows icons for
Internet
Local Intranet
Trusted sites
Restricted sites
There isn't a privacy tab.
Sorry I'm not much help
This web site works perfectly for me

Thanx
Ron

What are your settings for internet in the security box?

Steven,
Medium
Axctive x controls & plug ins
download signed prompt
download unsigned disable
Initialize and script active x disable
Run active x enable
script active x controls enable
COOKIES
allow that are stored enable
allow per session enable
DOWNLOADS
File enable
Font enable
MICROSOFT VM
Java Permissions high safety
MISC
access data disable
Don't prompt disable
drag & drop Enable
Installation prompt
Launching prompt
Navigate enable
Software channel Medium safety
submitt non encrypted enable
userdate persistence enable
SCRIPTING
Active enable
allow paste enable
scripting of Java enable
USER AUTHENTICATION
logon Automatic w/ Intranet zone

I hope I got them all & THANK YOU

What version of IE does the laptop have?

Steven,
my lap top runs a 5 .o version of IE.
My regular computer ran fine until I loaded either a free virus scan program or a pop up ad stopper. I have tried to turn all off then try the web site and still get the same problem.
Thanx again

Ah, now we're getting the to root of the problem :) Which specific free anti virus and popup stopper were they?

Sorry I didn't tell ya sooner.
Saga Super Pop Up Blocker- downloaded recently
Panicware Pop Up Stopper- """""""
Lava Soft Ad Aware-"""""""""
Accerleration Software Anti Virus-""""""""
Active Scan Virus Scan -'''''''''''''''
Trend Micro PC-cillin 2002 -orig had and web site worked
Macafee Firewall-orig had & web site worked

Panda is also a newer download.


Thanx again and again

I think you need to uninstall some of that lot, 2 popup stoppers and 3 antivirus programs is asking for trouble, should only need one program per category, otherwise you get conflicts

Hi Steven
I uninstalled all virus scans & pop up killer & ad aware etc.......
I still cannot DO A SEARCH ON THIS WEB SITE once I sign in and it welcomes me. Here's what it reads:
You are seeing this page because...
You have been logged out after 20 minutes of inactivity.
- or -
You have tried to view a page on XXXXXXXX without first logging in.

I found 3 items in the add/remove programs list that I am not familiar with. They are:
indeo.codec
FT Remove
VTPCllRQV1.1

Any ideas or how I can find out what they are?

ThaNX

indeo is video software, not sure about the others but a little googling will find them I'm sure.

Have you tried deleting the cookies for this site? Or clearing the cache (Temp internet files)

Hi Steve,
I cleared the cache & cookies. Same problem. The web site people are not any help.

Thanx for the help[

Hi RonF - just a long shot, but it might be worthwhile looking at your startups to see if there are any that might be causing this problem. Go here (http://www.spywareinfo.com/files/startuplist.zip) (direct download link) and download and run Startup List. It will generate a text file. Post it in this thread and we will have a look at it for you.

Hi Ann Marie,
Thank you for the help. Everyone has been been very helpful & kind.
Here's what I found:

StartupList report, 10/17/02, 7:42:01 PM
StartupList version: 1.34.0
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\STUTFIX.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ACCESSORIES\MSPAINT.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
WinPopup.lnk = C:\WINDOWS\HWINFO.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
InCD = C:\Program Files\ahead\InCD\InCD.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SVAPlayer = C:\Program Files\SVA Player\SVAPLAYER.EXE
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
LexStart = Lexstart.exe
LexmarkPrinTray = PrinTray.exe
MPFExe = C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
ScanRegistry = c:\windows\scanregw.exe /autorun
Essdc = essdc.exe
AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
CPQSTUTFIX = C:\Windows\stutfix.exe
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
babeie = rundll32 "C:\Program Files\CommonName\Toolbar\CNBabe.dll",DllStartup
b3dupdate = C:\WINDOWS\BDE\b3dsetup.Exe -silent -p "C:\WINDOWS\BDE" -s setup.cab
DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

ConfigServices =
Aureal A3D Interactive Audio = sa3dsrv.exe
HC Reminder = hc.exe
SchedulingAgent = mstask.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 16/10/2002, 21:53:30)

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp
[Rename]
NUL=c:\WINDOWS\TEMP\A~NSISU_.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 16/10/2002, 21:22:58)

[rename]
NUL=C:\WINDOWS\BWUNIN~1.EXE
NUL=c:\windows\TEMP\GLB1A2B.EXE
NUL=C:\PROGRA~1\TRENDM~1\PC-CIL~1\VBPROP.DLL
NUL=c:\windows\TEMP\_iu14D2N.tmp
NUL=c:\windows\TEMP\GLB1A2B.EXE
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\DPPS2.EXE
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\\UNWISE.EXE
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\\DPPS2.EXE
NUL=C:\PROGRA~1\PANICW~1\POP-UP~1\\DPHOOK32.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@ECHO OFF
SET BLASTER=A220 I5 D1
LH C:\WINDOWS\COMMAND\DOSKEY
if exist c:\paprfix.bat call c:\paprfix.bat
@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
@REM Next Line added by Compaq Service Connection Install - Please do not Remove
@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
ECHO bw_workgroup=,"Service Connection">>%DSHD%\CPQS\BACKWEB\USERPROF.DAT
\CPQS\TOOLS\MINIFER2.EXE CREV=,200 LANG=,"EN"
IF EXIST C:\PIPOST.BAT CALL \PIPOST.BAT
IF EXIST C:\PIPOST.BAT DEL \PIPOST.BAT

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
DOS=HIGH,AUTO,UMB
DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
FILESHIGH=40
BUFFERSHIGH=20,4

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@ECHO OFF
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
SET MOUSE=C:\COMPAQ\IMOUSE
LH C:\COMPAQ\IMOUSE\IMOUSE.COM

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 09172002192702.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.es/activescan/as/asinst.cab

--------------------------------------------------
End of report, 9,397 bytes
Report generated in 0.600 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Hi RonF - well you do have some spyware and other files of a dubious nature running on your PC. See below.

New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
babeie = rundll32 "C:\Program Files\CommonName\Toolbar\CNBabe.dll",DllStartup
b3dupdate = C:\WINDOWS\BDE\b3dsetup.Exe -silent -p "C:\WINDOWS\BDE" -s setup.cab

Earlier in your post, I see that you have recently downloaded Ad-Aware. I'm a bit surprised because I know that Ad-Aware targets at least one of the above. It is possible that any of the above programs could be causing your problem. I have posted my standard instructions for new users of Ad-Aware below. When you have read them and scanned with Ad-Aware, could you please run StartUp List again and post back so we can see whats left to get rid of.

Download and install Ad-Aware . This is a program which scans your system for spyware/foistware.

After installing AAW, and before running the program, also download the Refupdate Utility.
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).

Run the refupdate.exe installation file, and once installed, go to Start Menu>Programs, find the Lavasoft Refupdate entry and run it.

If the main server happens to be down, pick another server from the list.

Now click connect; it will open a connection to the internet to check and update the current signature file.
signature file.

When that's completed, close Internet Explorer, launch Ad-aware, and look at the bottom left corner.
It should now say "Signature file in use: "042-24.09.2002".

Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed. When you have finished reboot.

Hi AnnmARIE,
I downloaded adaware
the I downloaded refupdate and ran it
then i open adaware.
the signature file read 029-15-06-2002 !!!!
Should I still run adaware ??

Hi annMarie,
I ran the start up list again and the same susoected filed showed up after i folowed your instructions. the only problem is my sig file in use was 029 15 06 2002



Scan initialized on 10/17/02 10:29:34 PM.
(AAW release 5.83, referencefile 029-15.06.2002)
=================================================


Started memory scan
====================
Running processes:

#:1 : C:\WINDOWS\SYSTEM\KERNEL32.DLL

#:2 : C:\WINDOWS\SYSTEM\MSGSRV32.EXE

#:3 : C:\WINDOWS\SYSTEM\SPOOL32.EXE

#:4 : C:\WINDOWS\SYSTEM\MPREXE.EXE

#:5 : C:\WINDOWS\SYSTEM\SA3DSRV.EXE

#:6 : C:\WINDOWS\SYSTEM\MSTASK.EXE

#:7 : C:\WINDOWS\SYSTEM\DDHELP.EXE

#:8 : C:\WINDOWS\SYSTEM\LEXBCES.EXE

#:9 : C:\WINDOWS\SYSTEM\RPCSS.EXE

#:10 : C:\WINDOWS\SYSTEM\LEXPPS.EXE

#:11 : C:\WINDOWS\SYSTEM\mmtask.tsk

#:12 : C:\WINDOWS\EXPLORER.EXE

#:13 : C:\WINDOWS\SYSTEM\SYSTRAY.EXE

#:14 : C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

#:15 : C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

#:16 : C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE

#:17 : C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

#:18 : C:\WINDOWS\SYSTEM\PRINTRAY.EXE

#:19 : C:\WINDOWS\SYSTEM\ATICWD32.EXE

#:20 : C:\WINDOWS\SYSTEM\ATITASK.EXE

#:21 : C:\WINDOWS\STUTFIX.EXE

#:22 : C:\PROGRAM FILES\AIM95\AIM.EXE

#:23 : C:\WINDOWS\SYSTEM\PSTORES.EXE

#:24 : C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE

Memory scan result:
Total modules found:24
Suspicious modules found:0


Started registry scan
======================
Cydoor key:HKEY_USERS\.default\software\cydoor\
Cydoor key:HKEY_USERS\.default\software\cydoor services\
Other key:HKEY_CURRENT_USER\software\acceleration software international corporation\
Other key:HKEY_LOCAL_MACHINE\software\acceleration software international corporation\
BrilliantDigital key:HKEY_LOCAL_MACHINE\software\brilliant digital entertainment\
Cydoor key:HKEY_CURRENT_USER\software\cydoor\
Cydoor key:HKEY_LOCAL_MACHINE\software\cydoor\
Cydoor key:HKEY_CURRENT_USER\software\cydoor services\


Started extended registry scan
===============================


Registry scan result:
Suspicious keys found : 8


Started folder scan
====================
Cydoor folder:C:\WINDOWS\SYSTEM\AdCache
Folder scan result:
Folders processed:3409
Suspicious folders found:1


Started file scan
==================
Cydoor file:C:\WINDOWS\SYSTEM\cd_clint.dll
Cydoor file:C:\WINDOWS\SYSTEM\cd_htm.dll
Other file:C:\WINDOWS\Cookies\default@servedby.advertisi ng[2].txt
Doubleclick file:C:\WINDOWS\Cookies\default@doubleclick[1].txt
Other file:C:\WINDOWS\Cookies\default@fastclick[2].txt
Other file:C:\WINDOWS\Cookies\default@valueclick[2].txt

File scan result:
Suspicious files found:6



Scanning finished
==================
Suspicious modules found:0
Suspicious keys found : 8
Suspicious folders found:1
Suspicious files found:6
=========================
Components ignored:0
Total components found:15

Hi again RonF - hmmmm...I'm not sure why you didnt get the latest signature file but you really need to run Ad-Aware with the latest update. Go here (http://www.lsfileserv.com/downloads.html) and download the signature file to your desktop. Now, rightclick on it and copy it. Open Windows Explorer and navigate to C:\Program Files\Lavasoft Ad-Aware. Open the Lavasoft Ad-Aware folder and paste the signature file in the right hand pane of Explorer. Go back and delete the file on your desktop. Ad-Aware should now show the latest update. Make sure that your browser is closed and it would be a good idea to run it in Safe Mode.

Re NewDot.net, go to Control Panel > Add/Remove Programs and see if you can uninstall it from there. If not, you could try the method outlined here (http://www.cexx.org/newnetfix2.htm) but under no circumstances delete files except by one of the approved methods. Incorrect removal can cause you to lose your Internet connectivity. It is this installation that I suspect may be causing your problem.

Hi AnnMarie
you wont't believe any of what I'm going to tell you

I followed your directions to the t re: the signature file. The correct sig file did not show up. the same sig file showed up as I posted earlier.

I went to control panel as instructed to delete new dot net. It wasn't there so I went to the web site and followed the instructions. That didn't work. Can't I delete thru registry editor?

Oh well thanx for trying. I don't know what to sdo now. I sent Lavasoft an email asking about the sig file.

Thanx
Ron

Hi again RonF - No, dont try to delete Newdot through the registry. I will try and find out more information for you. Have you heard back from Lavasoft yet?

AnnMArie,
LavaSoft was able to help. If you need the instructions let me know.

I deleted the NewDot myself from the regiseditir!!! Nothing bad happened yet.
Here's my startup list again. Looks like Babei is gone.
StartupList report, 10/20/02, 12:18:27 PM
StartupList version: 1.34.0
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\STUTFIX.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
WinPopup.lnk = C:\WINDOWS\HWINFO.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
InCD = C:\Program Files\ahead\InCD\InCD.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SVAPlayer = C:\Program Files\SVA Player\SVAPLAYER.EXE
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
LexStart = Lexstart.exe
LexmarkPrinTray = PrinTray.exe
MPFExe = C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
ScanRegistry = c:\windows\scanregw.exe /autorun
Essdc = essdc.exe
AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
CPQSTUTFIX = C:\Windows\stutfix.exe
b3dupdate = C:\WINDOWS\BDE\b3dsetup.Exe -silent -p "C:\WINDOWS\BDE" -s setup.cab
DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

ConfigServices =
Aureal A3D Interactive Audio = sa3dsrv.exe
HC Reminder = hc.exe
SchedulingAgent = mstask.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 19/10/2002, 10:5:30)

[rename]
nul=c:\windows\TEMP\~ef7194.tmp
nul=c:\windows\TEMP\~ef7194.tmp
nul=c:\windows\TEMP\~ef7194.tmp
NUL=c:\windows\TEMP\GLB1A2B.EXE
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 16/10/2002, 21:53:30)

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp
[Rename]
NUL=c:\WINDOWS\TEMP\A~NSISU_.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@ECHO OFF
SET BLASTER=A220 I5 D1
LH C:\WINDOWS\COMMAND\DOSKEY
if exist c:\paprfix.bat call c:\paprfix.bat
@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
@REM Next Line added by Compaq Service Connection Install - Please do not Remove
@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
ECHO bw_workgroup=,"Service Connection">>%DSHD%\CPQS\BACKWEB\USERPROF.DAT
\CPQS\TOOLS\MINIFER2.EXE CREV=,200 LANG=,"EN"
IF EXIST C:\PIPOST.BAT CALL \PIPOST.BAT
IF EXIST C:\PIPOST.BAT DEL \PIPOST.BAT

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
DOS=HIGH,AUTO,UMB
DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
FILESHIGH=40
BUFFERSHIGH=20,4

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@ECHO OFF
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
SET MOUSE=C:\COMPAQ\IMOUSE
LH C:\COMPAQ\IMOUSE\IMOUSE.COM

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 09202002111902.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.es/activescan/as/asinst.cab

--------------------------------------------------
End of report, 8,906 bytes
Report generated in 0.189 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

THANX FOR ALL YOUR HELP. I tried the web site again and it's a no go but it works elsewhere( other computers) All my problems started when I downloaded pop up killers etc.....

Ron

Hi RonF

I would try turning off or uninstalling the pop up killer.

I use one called POW and there are some sites it will lock me
out of unless I disable POW first.

Hi gstone4911
Everything has been turned off for 3 days now.
Still doesn't work
Thank you for the suggestion

Hi RonF, You still have a very obnoxious piece of spyware.:(
It is this entry:

b3dupdate = C:\WINDOWS\BDE\b3dsetup.Exe -silent -p "C:\WINDOWS\BDE" -s setup.cab

Which is being re-installed every-time you reboot by this obnoxious piece of malware:

C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE

There is probably an entry in add/remove programs to uninstall
SVAPlayer , But I doubt it will work. (most of them don't)

If it doesn't uninstall, see this:

http://www.quickflicks.com/help.html

Once you get SVAPlayer un-installed, run AdAware to remove BDE.


Next time you log into the web site you are having problems with, try shutting down your McAffee firewall and see if you still get logged off.

Another thing, Are you running any type of script blocking?

Hello everyone,
Uninstalled the SVA player,ran adaware got rid of the BDE, tried the web site again. NO LUCK
script blocking ? Should it be enabled or disabled?

Thanx a million
Ron

Hi RonF - if you have any software running with a script blocking feature, disable it. Did you try tb525's suggestion of shutting down your McAfee firewall and then trying to connect?

If you are still having problems, a good cleanup of your registry and drive may help. I can recommend jv16 Power Tools. Its freeware and you can check it out here (http://www.vtoy.fi/jv16/shtml/software.shtml). Instructions for use below:

Install then restart your computer. Shut down everything in systray that will close and make sure that your browser is closed and you are off the net.

When you open the program, click on Registry Tool. It will give you a complete listing of the programs on your computer. Search that list VERY carefully and make sure that you put a checkmark in front of the ones that you KNOW that you dont have anymore (previously uninstalled) then click "Remove". On the same screen, click "Tools" then "Registry Cleaner". Make sure that there are checkmarks in "I want to manually verify deleted entries", "Show why each item should be safe to remove" and "Dont pop up the registry cleaner after scan". Make sure that the other options are NOT checked. Click "Continue", then uncheck Active X/Com (this is not functional yet) then let it find everything that its going to. Click "Select", then “Special Select” and click "All items that are safe to remove"" and then "Remove". Close that screen

While you are there, you might as well clean up your drive. Click on "File Tools". Go to Preferences and make sure that you select "Create a backup" Now choose your Source (drive) and select "Find Only Broken Shortcuts". Let it find them, "Select", "All" and "Remove".(at the bottom) Click on Find Broken ShortCuts again to unselect it and then do the same thing for "Temp Files" (dont use the other selections unless you really know what you are doing).

Hi Everyone,
AnnMarie- I did everything you suggested, everything turned off etc.... used jv16. it cleaned alot up but
SAME PROBLEM.
I'm gonna give up. It's the only web site that I have problems with.
Maybe I'll back up my personal files and start completely over.


I wanted to thank everyone for their help. I really learned alot.

Thank you
Ron F

Maybe a fresh start might be the best choice Ron. I hate to give up but I think that collectively, we have exhausted nearly every avenue that might help you. Thanks for posting back and as far as help goes, you are very welcome but I wish we had fixed it. :)

Hi AnnMarie,
Is there a way to reload the nec. "stuff" and not loose the families files etc...

Thanx
Ron

Hi RonF - Yep, if you are referring to backing up data (documents and other files that your have created), you can either use a backup utility which compresses them so that they can be loaded onto floppies or zip drives or just burn the files directly to CD. Its your choice what you backup and save.

You may already have a backup utility on your PC but if not, you might want to look at purchasing a backup utility such as Second Copy (http://www.centered.com/) or Backup Plus (http://www.wugnet.com/shareware/spow.asp?ID=213)

Also, have a look at our tutorial How to Backup your E-mail (http://www.cybertechhelp.com/html/tutorials/tutorial.php/id/7)