Please, please, please help me! I can't access ANY secure sites.

[mesmith322]

Help, I’m getting desperate!!!

A few days ago I replaced my C:\ drive - 3GB with a new drive 30GB and made the old drive a primary slave. I also upgraded memory to 256K. I used MaxBlast 3 to transfer everything...including Windows 98SE. I don't know if any of this has caused my problems or not.

For some unknown reason, I am no longer able to connect to any secure sites on the web. I don't know for sure when it started. I get the following irritating error.

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Please try the following:· Click the Refresh button, or try again later.· If you typed the page address in the Address bar, make sure that it is spelled correctly.· To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP). · If your Network Administrator has enabled it, Microsoft Windows can examine your network and automatically discover network connection settings.If you would like Windows to try and discover them, click Detect Network Settings · Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed. · If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0. · Click the Back button to try another link. Cannot find server or DNS ErrorInternet Explorer

SSL 2.0, SSL 3.0, TLS 1.0 - verified checked. Can't find PCT 1.0.

I have tried 4 different browsers and 2 different ISP's and I continue to have the same problem. The main site I have been trying to access is the bank...www.wamu.com. It works fine from my friend's pc. I have been all over my pc trying to fix the problem. (Hopefully, I haven’t messed up anything else.) I even changed the internet security to LOW, and it still didn't work.

I have been all over these forums and nothing I have found works for me.

I deleted all temp files, cookies…and probably a few things I shouldn’t have. I ran Spybot and Ad-aware 6.0. I can’t think of any reason this would happen unless something got corrupted in the data transfer. I don’t have windows CD’s, so I can’t reinstall windows. All I have is a start up disk and a master recovery CD. I don’t know much about either…I’ve never loaded windows before. I’ve even tried to access the internet from my old drive which is now my D drive. That doesn’t work very well. It seems that if I launch IE from the D drive, I end up with the IE that’s on the C drive???

This is what I have…..(I know it’s old. It was my mother’s, but it’s all I have anymore.)

Packard Bell Multimedia L1100
CPU AMDK6 / 400MHz
Bios AMI MIV127
Memory 256K
C drive is a Maxtor ATA 133 30GB 7200RPM (I was told this was backwards compatible)
D drive is a Seagate ATA 33 3GB
Modem 56 V.90 Lucent
Floppy and 2 CD drives
Running Windows 98SE 4.10.2222A
IE 6.0.2800.1106
(Up-to-date on windows updates)

I have seen a lot of posts ask for a Hijack This scan……here it is…..

Logfile of HijackThis v1.97.3
Scan saved at 12:34:54 AM, on 11/10/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\PRINTKEY2000\PRINTKEY2000.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\SUPPORTCENTER\SUPPORTCENTER.EXE
C:\MY INTERNET DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Windows\Options\Systools\delay32.exe 2 C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [BEILOVYB] C:\WINDOWS\BEILOVYB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [tclockex] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\RunServices: [tclockex] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)

I sure someone can help me with this. It is really causing me some problems.

Thanks.

Marilyn

[AnnMarie]

Hi mesmith322 - there are some nasties on your PC that were not removed. We can fix that but first, could you please go here and run the online scanner. If RAV reports any malware, copy the log and post it back in this thread.

[mesmith322]

AnnMarie,

Thank you so much for responding to my post.

Here's the RAV log file

Scan started at 11/10/03 1:04:30 PM

Scanning memory...
c:\FRUDIAG\HDD\HDD03\ACTHDDC.BIN - Type_Trojan -> Suspicious
d:\FRUDIAG\HDD\HDD03\ACTHDDC.BIN - Type_Trojan -> Suspicious

Scanned
============================
Objects: 36513
Directories: 3309
Archives: 0
Size(Kb): 791122
Infected files: 0

Found
============================
Viruses found: 0
Suspicious files: 2
Disinfected files: 0
Mail files: 249

I ran it twice to make sure I got the same thing both times.

Just so you know, I have run virus checks many times and never got this. I just never used RAV. I always wondered what that FRUDIAG folder was.

I'll check back later today.

Thanks so much!

Marilyn

[AnnMarie]

Hi Marilyn - it's possible that RAV is reporting a false/positive although I am aware that F-Prot has indicated this is a suspicious file in the past. As far as I can ascertain, FRUDIAG is diagnostic program provided by Microsoft with some earlier preloaded versions of Windows. I think it would be a good idea to run another online scanner for a second opinion. I dont want to recommend that you remove any files unless I am 100% that it is safe to do so. Try the online scanner here and let us know what it reports.

We can start removing some unwanted entries using Hijack This. Close all browser windows and run Hijack This again. Select the below entries and click on Fix Selected. Dont reboot yet though.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE


Next go to Start > Run and type:

msconfig

then OK. Click on the Startup Tab and disable the below entry:

O4 - HKLM\..\Run: [BEILOVYB] C:\WINDOWS\BEILOVYB.exe

Reboot now and run a search for msbb.exe and delete it. Dont delete BEILOVYB.exe yet though. Please make a copy of it, zip it up and send it to me. My address is annmarie@cybertechhelp.com. Thanks. I am fairly sure that it's spyware but I want to check the file before I recommend that you delete it.

What can you tell me about the below entries? The Systools folder, cyxid98.exe and delay32.exe?

F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe

O4 - HKLM\..\Run: [Onscreen Display] C:\Windows\Options\Systools\delay32.exe 2 C:\Program Files\Netropa\Onscreen Display\OSD.exe

if you are still having problems, open IE, click on About Internet Explorer and tell us what cipher strength is reported.

[mesmith322]

AnnMarie,

This is what I have so far...

The virus scan said the following...

Scan completed. 43256 files scanned. No viruses found.

Internet Explorer - cipher strength = 0-bit (I know there is something posted on here somewhere about cipher strength = 0-bit and my problem. I don't remember what it said. I can't see where this is a problem with IE because I didn't used to have this problem on this same computer. Also, I tried 4 different browsers and got the same exact thing.)


The BEILOVYB.exe file is dated 11/8/03. I already had this problem before 11/8. I downloaded a whole mess of shareware & freeware programs that day. A lot of it was an effort to find something that might be able to identify or fix my problem.

Netropia is a folder that contains 2 folders - multimedia keyboard & onscreen display. The multimedia keyboard folder looks legit. The onscreen display contains only osd.exe.

osd.exe and delay32.exe both show up together in startup. It reads across one line like this...

onscreen display c:\windows\options\systools\delay32.exe c:\program files\netropa\onscreen display\osd.exe all users - registry run key

Startup also contains...

multimedia keyboard c:\program files\netropia\multimedia keyboard\mmkeybd.exe all users - registry run key

Here's more detail on osd.exe I found online.

(Netropa Corp)

Netropa’s OnScreen Display System Tray icon which comes installed on a number of blue-chip manufacturers’ PCs, such as DELL, Compaq, HP, IBM, Acer. etc... If you right-click on the icon you can change the colour or font of your display, and you can also modify other display settings.

Recommendation :
This icon simply adds to the clutter of the system tray – it adds nothing that you cannot do by going into the Display Settings in the Control Panel. Worse, OSD interferes with games which change the volume during the game, it has significant compatibility problems with some graphics drivers, and it causes some screen savers to crash. Delete immediately in Startup Manager.

It does not show up in my system tray. But I have had problems with volume changing during a game played online.


There were a lot of posts online about the mysterious cyxid98.exe file. Several people thought it may be a virus or something. However, none of the virus scan programs showed it as such. I also found a post where someone said it should be in startup. It's not in my startup though.


I think I have answered all of your questions. I will email you the file you requested and I will be back in a few hours with the results from Hijack This.

Thanks so much for your help!

Marilyn

[AnnMarie]

Quote:

There were a lot of posts online about the mysterious cyxid98.exe file. Several people thought it may be a virus or something. However, none of the virus scan programs showed it as such. I also found a post where someone said it should be in startup. It's not in my startup though.

Hi Marilyn - It is in your startups. It being loaded from win.ini. I couldnt find out much about it either. Still, as you say, it is not detected by any AV scanner as being malware so I guess it's OK.

Thanks, I received the file that you sent me. BEILOVYB.exe is installed by the nCase parasite so it's now OK to delete it.

Your problem accessing secure sites is caused by corrupted files. Have a look at this article by Microsoft Cipher Strength Appears as 0-Bit in Internet Explorer. Try the fix for Win98SE and let us know how you get on.

[AnnMarie]

Hi again Marilyn - If you wouldnt mind, could you please copy cyxid98.exe and delay32.exe, zip them up and send them to me. It wont hurt to check them out. Thanks.

[mesmith322]

AnnMarie!!!!! :thumb:

You are just too awesome!

I took care of the files from Hijack This, I emailed the files you requested, I downloaded IE 6 from Microsoft, and I deleted the BEILOVYB.exe file.

When I first tried to delete BEILOVYB.exe, I got an error saying - unable to delete BEILOVYB.exe, being used by windows.

I then ran Ad-ware 6 and it came up with the n-Case files again (I was afraid to remove them before.)

***** Warning *****
The system has detected that a 3rd party application has removed n-Case, possibly without your consent. This may cause some programs not to run as expected. Please choose an option below.

* Reinstall n-Case
* Leave n-Case uninstalled and clean up any n-Case files or settings that remain
* Remind Me Later

I chose to leave n-Case uninstalled. After that, I was able to delete BEILOVYB.exe.

I think this is when I ran the download for IE 6, spk 1. Once completed, it showed Cipher Strength = 128-bit.

NOW I CAN ACCESS THE BANK!!!!!!!!!

After all of this, I ran a new Hijack This. I am including it below for you to see if anything else looks wrong. Also, what about the other files I sent you. Do I deleted them or leave them.

Logfile of HijackThis v1.97.3
Scan saved at 12:50:48 AM, on 11/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\PRINTKEY2000\PRINTKEY2000.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\BEILOVYB.EXE
C:\WINDOWS\BEILOVYB.EXE
C:\MY INTERNET DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Windows\Options\Systools\delay32.exe 2 C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [tclockex] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Thank you so much for everything. You have been just wonderful.

I'll follow up on this later today.

Thanks.

Marilyn

[AnnMarie]

Hi Marilyn - that is really good news and you are very welcome.

The files you sent me today are fine. Both tb525 and I had a look at them and we concur that the origin is Packard Bell.

I have had a look at your latest log and I see that Ad-Aware did not remove the nCase file, it's still running. Probably the easiest way to get rid of it is to run msconfig again and uncheck the entry that you disabled (O4 - HKLM\..\Run: [BEILOVYB] C:\WINDOWS\BEILOVYB.exe) and reboot.

Next, download the newest version of Hijack This from here and run another scan. When you have done this, use it to fix the below entry and then boot into Safe Mode (restart your PC and tap F8 as it starts).

O4 - HKLM\..\Run: [BEILOVYB] C:\WINDOWS\BEILOVYB.exe

Once you are in Safe Mode, run a search for BEILOVYB.exe and delete it (ignore any warnings ). When you have done this, post back a new log, just to be sure that we got it.

[mesmith322]

AnnMarie,

Here's a new Hijack This log. I will check back later for an further instructions.

Thank you so much.

Marilyn

Logfile of HijackThis v1.97.6
Scan saved at 10:48:35 AM, on 11/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\PRINTKEY2000\PRINTKEY2000.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY INTERNET DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.D LL
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Windows\Options\Systools\delay32.exe 2 C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [tclockex] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

[AnnMarie]

Your log is fine now Marilyn.

[mesmith322]

[size=5][color=Sienna]
THANK YOU SO VERY MUCH!!!!

YOU ROCK AnnMarie :rock:

Marilyn

(I just love these littles smilies)

[AnnMarie]

LOL! You are very welcome Marilyn.