pop ups - help

mmuzzy

New Member
My computer has started showing pop ups like crazy. Is there anyone who can help me get rid of it? I have run ad aware, spybot, CW shredder, but it only stops it for a while. I tried to find and get rid of programs that had been downloaded onto my computer. I do have hijacks this on my computer, but don't have a clue about interpreting what it says. I would so appreciate some help.
thanks
 
mmuzzy, please follow the tips for using HijackThis in the sticky, and then post a log! Usually either Buzz or I (or both) will analyze it, and give further directions.

Staying clean: use a realtime virus scanner (update it weekly), use a realtime spyware scanner (MSantispyware or spysweeper, update it weekly). Use Spyware blaster from javacool (update it weekly), FireFox for a browser, and install Sun Java.
 
Last edited by a moderator:
Dear Byteman,
Here is the hijacks log. I will need help in fixing the problems. Am a novice at this, but am good at following directions. I did this once before, as I remember having to do it in safe mode, but you gave me real clear directions on what to do. Thanks for helping, and thanks to everyone who posted. I'm going to check into everything you all advised.
mmuzzy

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 1:19:03 PM, on 6/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\WINSTARTER.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\ELITESWA32.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MOTN3216.EXE
C:\PROGRAM FILES\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKS THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myexcel.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ironmountaindailynews.com/loclnews.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WinTaskMan] C:\WINDOWS\SYSTEM\winstarter.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITESWA32.EXE
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Y357RXZ6R] MOTN3216.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41003.lnk = C:\Program Files\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Dell Home - {770BAA40-0094-11D4-AB37-40C34FC1EA00} - http://business.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .aspx: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://C:\Program Files\Windows Media Player\mp3codec543.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.dasd.org/qp2.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
 
mmuzzy.
Download Kaspersky , update it but don't run it yet. Then download Ewido, update it, then boot to safemode. Run Kaspersky followed by ewido, reboot and post a new Hijackthis log.
P.S. disable your AV until you get rid of Kaspersky to avoid a possible conflict.
 
Last edited:
Kaspersky download

Dear Buzz,
I am having trouble downloading the Kaspersky software. It looks like it's downloading, but nothing is happening. My Norton AV seems like it is having trouble too. I can't seem to get it to respond to live update downloads. I do not think my AV is actively protecting my computer. So, I am not sure what to do with the download of the Kaspersky. Any suggestions?


Buzz1927 said:
mmuzzy.
First off, you have the bube.d virus, download Kaspersky , update it but don't run it yet. Then download Ewido, update it, then boot to safemode. Run Kaspersky followed by ewido, reboot and post a new Hijackthis log.
P.S. disable your AV until you get rid of Kaspersky to avoid a possible conflict.
 
Did you manage to download ewido? If so, run it then try Kaspersky again (you need to see hidden files and extensions, and protected operating system). If not, follow the steps in the sticky, then try to download Kaspersky again.
 
Muzzy, try rightclicking on Buzz's link for Kaspersky, and choose "Save Target as". See if that will let you save the file. :)
 
Apparently, this infection can sometimes stop downloads from Kaspersky and other sites through the Hosts file. If Byteman's method doesn't work, download the Hoster here. Unzip it to the desktop. Run it and hit "Restore original Hosts". Then try the Kaspersky link again.
 
Ewido

Buzz,
I downloaded Ewido but it says I have to have Windows 2000 or higher to use it. I have Windows 98. I'm trying to download the Kaspersky again. I will let it download for a longer period of time and see if I have success. Any other suggestions?
mmuzzy

Buzz1927 said:
Did you manage to download ewido? If so, run it then try Kaspersky again (you need to see hidden files and extensions, and protected operating system). If not, follow the steps in the sticky, then try to download Kaspersky again.
 
Kaspersky download problems

Dear Buzz,
I tried to download Kaspersky twice and each time it says the download cannot take place because the connection with the server was reset.
mmuzzy

mmuzzy said:
Buzz,
I downloaded Ewido but it says I have to have Windows 2000 or higher to use it. I have Windows 98. I'm trying to download the Kaspersky again. I will let it download for a longer period of time and see if I have success. Any other suggestions?
mmuzzy
 
mmuzzy.
Sorry about ewido, I missed you were running 98. I changed the link for kaspersky, have you tried the new one? If you still can't download it, do the online scans in the sticky, reboot and post the new hijackthis log, we'll get whats left manually.
 
hijacks this

Hi Buzz,
I have had quite a time with the computer, but this is where things are right now. I followed your sticky directions as best I could. I was unable to figure out how to disable the system restore, as I could not see 'system restore' anywhere once I right clicked on My Computer and then on properties. Perhaps the Windows 98 operating system looks different. I was able to enable the viewing of all of the files and could uncheck the 'hide extentions for known file types.'

I ran the housecall and it found quite a few 'not cleanable' items. These are some, but not all: troj bloader.OT, troj dloader.OT, troj krepper.p, bkdr padodor.aa, bkdr padodor.a, troj start pag.qy, troj start pag.qy, troj small.aal, troj clicker.ad

I could not get the pandasoftware to download...wouldn't work.

I have Ad-Aware 6.0 on the computer, but could not download the Ad-Aware SE. When I tried to download, nothing would happen. So I only had the choice of running the Smart Scan on the 6.0 version. I ran the Spy-bot several times. Sometimes the computer would freeze, or have a fatal error, so I cleaned up each problem one at a time until I figured out which problems were causing the computer to freeze. This is what I erased:
admilli service, callinghome.biz, booked space, pacimedia, holistyc, hot search bar, exact advertising.bargains, IE plugins, delfin project, my web search, hunt bar and wild tangent. This is what I COULD NOT erase because my computer would freeze or shut down: Callinghome.biz, Elitum.EliteBar

I ran the Hijacks this. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:31 PM, on 6/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\WINSTARTER.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\ELITESWA32.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\THESRV.EXE
C:\WINDOWS\SYSTEM\VFMLOQ.EXE
C:\WINDOWS\RHRAPK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\T2EPI.EXE
C:\PROGRAM FILES\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKS THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myexcel.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ironmountaindailynews.com/loclnews.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WinTaskMan] C:\WINDOWS\SYSTEM\winstarter.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITESWA32.EXE
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [p4mX37V] THESRV.EXE
O4 - HKLM\..\Run: [vfmloq] c:\windows\system\vfmloq.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\rhrapk.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Y357RXZ6R] T2EPI.EXE
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\TEMP\STUBINSTALLER6480.EXE"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41003.lnk = C:\Program Files\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: nrna.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Dell Home - {770BAA40-0094-11D4-AB37-40C34FC1EA00} - http://business.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .aspx: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://C:\Program Files\Windows Media Player\mp3codec543.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.dasd.org/qp2.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Any help you or byteman can give me would be most appreciated. Thanks so much.
mmuzzy

Buzz1927 said:
mmuzzy.
Sorry about ewido, I missed you were running 98. I changed the link for kaspersky, have you tried the new one? If you still can't download it, do the online scans in the sticky, reboot and post the new hijackthis log, we'll get whats left manually.
 
Hi mmuzzy.
Don't worry about the system restore, Win98 doesn't have it. I need you to download a few programs.
Find Qoologic.
LQfix.
CWShredder.
About Buster.
Unzip them to the desktop, but don't run them yet. Boot into safemode.
Run CWShredder. Don't worry if it doesn't find anything.
Run About Buster 3 times.
Run LQfix.
Boot back to normal mode. Run Find Qoologic. After 10 minutes or so a text file will open (starting with "not all files are bad"), post that in your next reply along with a new Hijackthis log.
 
Qoologic

Hi Buzz,
I did everything you asked. Here is the log from Qoologic:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»»» Files found in System »»»»»»»»»»»»»»»»»»»»»»»

* qoologic C:\WINDOWS\SEEDCO~1.EXE
* aspack C:\WINDOWS\EFAXVIEW.EXE
* aspack C:\WINDOWS\RHRAPK.EXE
* aspack C:\WINDOWS\BDBAMCM.EXE
* aspack C:\WINDOWS\SEEDCO~1.EXE


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\NRNA.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

Buzz1927 said:
Hi mmuzzy.
Don't worry about the system restore, Win98 doesn't have it. I need you to download a few programs.
Find Qoologic.
LQfix.
CWShredder.
About Buster.
Unzip them to the desktop, but don't run them yet. Boot into safemode.
Run CWShredder. Don't worry if it doesn't find anything.
Run About Buster 3 times.
Run LQfix.
Boot back to normal mode. Run Find Qoologic. After 10 minutes or so a text file will open (starting with "not all files are bad"), post that in your next reply along with a new Hijackthis log.
 
Hi mmuzzy.
It doesn't look quite right (there should be more), can you run it again, making sure you're off-line and all windows are closed. And can I see a new Hijackthis log, please.
 
Hi mmuzzy.
Sorry, I'd forgotten you're using 98, the Qoologic log is ok, but I need to see a new one if you've rebooted since that scan . When you post a new log, do so when you can leave the computer on for a long time, to make sure me or Byteman can give you the next steps.
Buzz.
 
Last edited:
new log

Dear Buzz,
I reran CWShredder, About Buster, LQfix and Qoologic. I ran LQfix in safe mode as you noted, but there was a warning message about doing so. I was not online, but my cable connection makes it possible to log on at any time, thus the pop-ups interrupt constantly, even when I'm not online.

Here is the Qoologic message:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»»» Files found in System »»»»»»»»»»»»»»»»»»»»»»»

* qoologic C:\WINDOWS\SEEDCO~1.EXE
* aspack C:\WINDOWS\EFAXVIEW.EXE
* aspack C:\WINDOWS\RHRAPK.EXE
* aspack C:\WINDOWS\BDBAMCM.EXE
* aspack C:\WINDOWS\SEEDCO~1.EXE


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\NRNA.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

I will post the hijacks this on another quote, since my message exceeds the limit.
mmuzzy

Buzz1927 said:
Hi mmuzzy.
Sorry, I'd forgotten you're using 98, the Qoologic log is ok, but I need to see a new one if you've rebooted since that scan (the file names change every time). When you post a new log, do so when you can leave the computer on for a long time, to make sure me or Byteman can give you the next steps.
Buzz.
 
hijacks this log

Here is the Hijacksthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:52:12 PM, on 6/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WINSTARTER.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\THESRV.EXE
C:\WINDOWS\SYSTEM\VFMLOQ.EXE
C:\WINDOWS\RHRAPK.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\T2EPI.EXE
C:\WINDOWS\SYSTEM\HPZCFG.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\WINDOWS\SYSTEM\HPZCFG.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKS THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myexcel.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ironmountaindailynews.com/loclnews.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WinTaskMan] C:\WINDOWS\SYSTEM\winstarter.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [p4mX37V] THESRV.EXE
O4 - HKLM\..\Run: [vfmloq] c:\windows\system\vfmloq.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\rhrapk.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Y357RXZ6R] T2EPI.EXE
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\TEMP\STUBINSTALLER6480.EXE"
O4 - HKCU\..\Run: [HPZCFG] C:\WINDOWS\SYSTEM\HPZCFG.exe
O4 - HKCU\..\RunOnce: [HPZCFG] C:\WINDOWS\SYSTEM\HPZCFG.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41003.lnk = C:\Program Files\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: nrna.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Dell Home - {770BAA40-0094-11D4-AB37-40C34FC1EA00} - http://business.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .aspx: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://C:\Program Files\Windows Media Player\mp3codec543.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.dasd.org/qp2.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

I will leave the computer on until I get a message back from you or Byteman.
mmuzzy
Buzz1927 said:
Hi mmuzzy.
Sorry, I'd forgotten you're using 98, the Qoologic log is ok, but I need to see a new one if you've rebooted since that scan (the file names change every time). When you post a new log, do so when you can leave the computer on for a long time, to make sure me or Byteman can give you the next steps.
Buzz.
 
Dear Buzz and Byteman,
My computer became unstable and shut down. I'll run another log in the morning and leave the computer on until I hear from you. Disregard this last scan since I'll have to reboot the computer. Sorry...
mmuzzy
 
new qoologic record

Dear Buzz and Byteman,
I started up the computer this morning and followed the procedures you last gave me. I ran CWShredder, About Buster and LQfix in safe mode. Then I rebooted and ran Qoologic. Here is the Qoologic log: (I will post the Hijacks this log on another post, since it is too much data to post all at once.)

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»»» Files found in System »»»»»»»»»»»»»»»»»»»»»»»

* qoologic C:\WINDOWS\SEEDCO~1.EXE
* aspack C:\WINDOWS\EFAXVIEW.EXE
* aspack C:\WINDOWS\RHRAPK.EXE
* aspack C:\WINDOWS\BDBAMCM.EXE
* aspack C:\WINDOWS\SEEDCO~1.EXE


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\NRNA.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp


Thanks you guys, for hanging in there with me.
mmuzzy
 
Back
Top