I tried to post my hijack log but it sent me to a link to download the latest version, but I have windows 95 and don't think it will work. I keep seeing a program named Wink even after I get rid of it. anyone heard of this? I ran pandascan and it didn't find anything. Can't use spybot for windows 95. I love this laptop and don't want to part with it- I have a WIN386.swp file in windows that is very large- is this a virus??
Thanks

WIN386.swp is a very needed file. It is the Swap file.

Go here and download StartDreck

http://www.niksoft.at/download/startdreck.htm


Unzip and run StartDrek.exe:
Click config
Under 'Registry' - Select All registry options
Leave everyting else whch is already checked alone.

Click ok.

Click save. Name the log. Start the log you just saved. Run it in Notepad.

Copy and paste the contents of the log in your next reply here.


If you need an unzipping program you can install winzip free trial.

http://www.winzip.com

OK, here it is: the wink isn't showing at the moment, but who knws

StartDreck (build 2.1.7 public stable) - 2006-02-16 @ 00:17:26 (GMT -05:00)
Platform: Windows 95 (Win 4.0.1111 B)
Internet Explorer: 5.00.2919.6307
Logged in as at LAUNDRY ROOM

»Registry
»Run Keys
»Current User
»Run
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Local Machine
»Run
*SystemTray=SysTray.Exe
*Essdc=essdc.exe
*AvconsoleEXE=C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
*Vshwin32EXE=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
*VsStatEXE=C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
*LoadQM=loadqm.exe
*Norton Auto-Protect=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*Vshwin32EXE=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe %1
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Norton Program Scheduler.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Norton Program Scheduler.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=hpfsched
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\wininit.ini
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
+FFEFB245=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF5F29=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF4EA5=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFED4CD=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
+FFFEE7E9=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
+FFFE1969=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE2099=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
+FFFD9E35=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFE6F01=C:\WINDOWS\EXPLORER.EXE
+FFFD0EC1=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFEFBBF1=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
+FFFDBEED=C:\WINDOWS\LOADQM.EXE
+FFFDAEA9=C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
+FFFDB2E1=C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
+FFF2A52D=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFF39E21=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFF0FAC1=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
+FFF17149=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF2E1F9=C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
+FFF19355=C:\WINDOWS\NOTEPAD.EXE
+FFF2F221=C:\UNZIPPED\STARTDRECK217\STARTDRECK.EXE
»NT Services
»Application specific

Quoted from Merijn's (the Author of Hijackthis)page:
http://www.spywareinfo.com/~merijn/downloads.html

Note: You need the Visual Basic 6 runtime libraries to run any of my programs.
Most systems already have this, but should you get an error about MSVBVM60.DLL missing, get the libraries from Microsoft.com

The most popular files are available in their original form (i.e. you can use 'Run program from this location'), as well as a zipped form. You can open zipped files with a program like WinZip.

All my programs are compatible with all versions of Windows, unless stated otherwise in the description.
[/quote]

But there is an even newer version of the runtime support files now from MS and it does say it supports Windows 95.

Have a look:

http://www.microsoft.com/downloads/details...&displaylang=en


After you install the runtimes qnd restart, then do please run hijackthis and post the log.

I will not be here when you get back. It's late here.

I was up half the nite trying to download this- I get a pop up saying the plug in didn't initialize, then a box dia saying there isn't a viewer or something, then I go to download and active X object, only I don't know which one, and I downloaded the viewer but it still doesn't work to let me download that link.

I cannot guess. When you get a message I need to see exactly what it says please.

You click this link.

http://www.microsoft.com/downloads/details...&displaylang=en
It takes you to a Microsoft page.

You click the download button and then what?

I just ried the new version of hijack to see if it would work and this is the file:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:20 AM, on 2/16/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .com/exec/obidos/clipserve/B000002OW4001012/0/102-1524194-0360150: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx

I will go back to the microsoft page and try that and let you know

You don't need the Microsoft download. that was to enable hijackthis. You already ave th4e support files.


But I am not sure what you were talking about before re: the errors. Can you please explain?

error locating object handler: there is no viewer for the object you are trying to open content:application octet/stream possible location of viewer:microsoft active x gallery. then it asks if I want to go there and I go there and it doesn't eactly tell me what to do- I downloaded the viewer but that doesn't help, then I tied the viaual basic service pack 6 but that doesn't download either, I always get "the plug in didn't initliaze"

You don't need that download so I'm going to leave that alone for now at least.

Plus you have an obsolete operating system and Internet Explorer Version. I am not sure I am going to be able to help.

You are running two Anti Virus programs in the background, McAfee and Norton. This is not good. Run only one at a time.

Where did you see Wink?

It started downloading the other nite when I walked away from my computer- I do not know if one of my cats walked accross it and stepped on something to download, but I couldn't stop it- it created a file under programs. I went into the control panel and did a remove, but it said it couldn't fully remove it. I did a hijack this (older version) and it showed there and I checked it off to "fix", deleted the file and the exe and it refused to let the recycle bin get rid of it. the the recycle bin showed something in the trash can but when I opened it nothing was there and the program appeared to be gone . Did a restart and it came back. When I did the control alt delete to see if it was running, it wasn't, then it re-apeared when I went on the web. I haven't re-started it- am afraid, but will try. My cd drawer keeps opening, and I suddenly keep getting these "stock alert" messages in my e-mail with different addresses and no matter how many I block, I keep getting them. I realize this is an old computer, but it is perfect in my bedroom, and do not use it to do anything secure such as banking, etc.

Post a startuplist too please. In Hijackthis press the Config Button
Click Misc Tools
Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.

Paste the contents into your next reply here.

For that error you gte when trying to download we can try a registry edit.

I take no responsibility if you commit an error here. The windows 95 registry is touchy.

Close all Internet Explorer windows.

Let's make a backup first.

Go to Start >Run

Paste in this command.

regedit /e registry.reg

Press enter.


It will put a copy of the registry named registry.reg on your desktop. NEVER Double click on registry.reg unless right after you make this change and you have a problem.



After you do that then copy the contents of the quote box to notepad.
Name the file fix.reg
Save as Type: All files
Save in My documents
Double click on fix.reg and say yes to the prompts.




You do not need that download, but try to see if you can get it started now. If the download button works, good. Just stop the download. Let me know how you do.

I just ran this after re-booting. I will do what you posted above.
Logfile of HijackThis v1.99.1
Scan saved at 11:05:33 AM, on 2/16/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .com/exec/obidos/clipserve/B000002OW4001012/0/102-1524194-0360150: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx

StartupList report, 2/16/06, 11:11:10 AM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
Essdc = essdc.exe
AvconsoleEXE = C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
Vshwin32EXE = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
VsStatEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
LoadQM = loadqm.exe
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Vshwin32EXE = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 15/2/2006, 19:54:54)

[rename]
NUL=C:\WINDOWS\UNVISE32.EXE
NUL=C:\WINDOWS\UNVISE32.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.EXE C:\
IF ERRORLEVEL 1 PAUSE
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

*File not found*

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab

[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx

--------------------------------------------------

Enumerating Winsock LSP files:


--------------------------------------------------

Enumerating Win9x VxD services:

IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 16,724 bytes
Report generated in 2.084 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

You are still running two Anti Virus programs. You need to disable one of them.


Please do the other hting I asked so I can see if your download function is repaired.

OK, I just opened this on my other computer to print out the info.
which virus program do I keep?

I don't know. Have you kept the Anti Virus up to date? I have to leave in a few minutes. I see nothing in your logs. Wink couild be the Klez worm. But I see no signs of anything being there.

you are a genius! I did the regedit fix and was able to download! still not seeing the wink, but who knows, it came back before when I thought it was gone.. if there is nothing else I can do, do you know if there are any old versions of spybot or adaware I could put on? I fixed the downstairs computer a few years ago with the help of calamity jane, and it is still going strong, and I have those programs on it with antivir. . my daughter got a new laptop for x-mas and she took it to college- what should I put on that? she brings it home tomorrow, so wanted to update the virus software, and put some kind of spyware blocker on it, if it isn't already corrupted.

Thanks. Once you described what you had it was not hard to help.

The thing about old versions of Spybot and Ad-AWare is that they are out dated and useless. Your Spyware protection is only as good as the signatures. Signatures are updated as these nasties keep updating to keep up. It's a never ending effort to keep track of the newest.

We could try a registry search for wink.



As for a search of the registry here's a very nice script to help you out.

Download it and run it. When it starts, you will be prompted to enter a search phrase. Do that, enter wink and go have a cup of coffee.
When you get back, a message box will be there on the desktop.Say yes to open the results. Copy and paste the contents into a reply here. Once you close that file, it will be deleted, so please save it as results.txt. We may need it again.

Here's that link:
http://www.billsway.com/vbspage/
Find Registry Search Tool And download it.

I tried with WINK,wink,Wink, and everytime got a box back saying no instances of wink found. maybe it is really gone? anyway, signing off for today, it's 1:50 AM.
Thanks

We'll see how that all goes. We've done just about everything I can think of other than online scans to look for files, many of which will be leftovers.


Go for free online Virus scans here:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/

Allow them to clean

Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.

----------------


For your daughter's computer, have a look at this link:

http://www.computercops.biz/postt7736.html

OK, I guess I was being too optomistic. I killed my computer- I went to micrsoft and downloaded a bunch of updates, now that it would let me do the downloads again. After I was done, I shut down the computer, when I tried to re-boot this morning- it gets stuck on the micrsoft 95 loading windows page and stops! I got it into safe mode and ran this hijack log. I am running scandisk right now. I see a recent program called web.exe created the night I think the wink appeared. Don't know what this is, but anyway, cn't use the computer right now, so am sending this on my other one. There is a run once thing I don't remember:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:27 AM, on 2/17/06
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Motorola BCS Advanced Support
F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer Control 10.0) - http://activex.microsoft.com/activex/contr...ss/Snapview.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

What did you install? It is not wise to install a huge assortment. When you do that, you cannot trace which one is the problem.

You are still set to run two AV's. Are you keeping current with your updates to those Av programs? One has to be disabled.

How much free disk space is on that system?

This entry is ok:
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o

It's been years since I have even seen a 95 system up close. Did you keep track of what you installed? If so, uninstall it and see what happens.


I am on my way out the door and the Forums are going to be closing later for an upgrade. They should be back at some point tomorrow.

where do I find the uninstall? they were microsoft updates on the 95 page.

Do you know the exact updates?

Look in add remove programs in control panel.

grr.. I don't know what they were, I only see an Outlook Security Patch there that might be one, but don't see anything else that looks like any microsoft update. I can't find any files anywhere else. It will still just go into safe mode, the loading windows 95 stays on the screen otherwise. Is there anything else I can do to get it back- will clicking on that re.reg file on the desktop that I created before do anything, or the hijack backup? My husband says he has a copy of windows 95 and can reload the system- should I let him do that? I don't know if he can reload the internet card if he does that as it is an external card in the slot.

i did a search for wink.exe in metacrawler and it took me to this page:http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html
and it talks about the wink.exe so I guess you were right- it is the klez- maybe when I rebooted it took over . So if I follow the steps listed ont he page - do you think I can get rid of it?? Also, I copied a floppy to this computer for the hijack this log from that computer- does that mean this computer is infected too??

If you have up to date Virus protection your good system is probably ok.

You can start a new topic and ask for help. Let them know what happened.


Before you go off and do anything you'll regret, download the tool Symantec links to and follow the instructions to run it. I see no indication you have an active infection.

As to any reinstall of Windows95, it's a lot harder than you think.

You need a working Floppy drive and a Windows 98 boot floppy to install the generic dos drivers for your cd on the drive. Otherwise, the 95 CD will not be read. To do that, you have to go into the bios and set it up so that the floppy is read before the Hard drive. When you put a boot floppy in the drive, if the boot load order is not floppy first, it will not be read. It will boot right to Windows.

Then you have the issue of Internet Explorer. Where do you get that? These old versions are just not available or supported any longer. Did you get that version from an old Office install CD?


And are all the drivers for your hardware available? Do you have them or are you going to have to search for drivers compatible to 95?

I used to work the 98 forums and trust me, plenty of people who rushed into a format and reinstall without preparation were half bald by the time they finished.

Take it one step at a time.



That registry file is not a cure all. It will put back anything changed that existed before. BUT it will not remove anything extra which has been added to your registry. And it will not replace any files with other versions if those were changed if that's the problem.

Panicking and double clicking is not the deal quite yet.

Look in your windows folder for a lot of yellow folders name uninstall.

Let me know what you find. Understand this. I have not worked on a 95 system in years and when I did, I was a beginner and knew nothing. This is not an Operating system forum. If you do end up with complications, we may not be able to help.

How much free disk space was left on that drive? I need that information too please.

You can also look in your Temporary internet folder for those installers. They may still be in there. Then you'll at least have the names of the updates you installed.

Ok, I got it back on., don't ask. Tried to reboot a hundred times, got into safe mode and didn't find anything to get rid of, but did an uninstall of mcafee virus. rebooted in the verify command mode #5 and somehow I am back. Maybe the upload I did interferred with the macafee? Have not seen the wink anywhere. As for the space on the drive- 598MB disk free. My husband said the virus isn't updated because he said no one supports windows 95. This is his old computer from work that he gave me (to play solataire on but I really liked the size and have become attached to it.) and I do not know where the software came from-- he worked at motorola. I use it in the bedroom for e-mail and research/ nurisng journals. I do not do anything secure such as banking, etc. I do not have preview pane open on the outlook and set up the internet tools as described above in the info section.

OK, ran pandascan again (I don't think it was working the last time as it was very quick and found nothing) here is what the c scan showed (I could'nt copy and paste and when I tried the save scan function it didn't do anything, so I wrote down what it said:
"C" scan:
Spyware: Spyware/Virtumonde Ad/Startpage.AIW C\WINDOWS\SYSTEM\rqroo.dll not disinfected
C:\WINDOWS\SYSTEM\opnmn.dll
not disinfected

Virus: Trj/Downloader.GLH C:\web.exe
not disinfected

Now what do I do with this? I did see the web.exe file and wasn't sure what it was- it was created Feb 12- probably when the wink appeared?
Does the pandascan fix things, or just let you know what is there? As I still see that program in "C".
Here is the latest hijack:
StartupList report, 2/19/06, 11:39:57 AM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 18/2/2006, 20:14:0)

[rename]
NUL=C:\WINDOWS\DELETE.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 18/2/2006, 20:4:48)

[rename]
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\SETUP.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\_ISDEL.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\SETUP.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\_ISDEL.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

*File not found*

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab

[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx

--------------------------------------------------

Enumerating Winsock LSP files:


--------------------------------------------------

Enumerating Win9x VxD services:

IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 16,106 bytes
Report generated in 2.241 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I haven't forgoten about you and am not ignoring you. But you have a special situation. Trying to assess it is not easy.

I am thinking you probably have a 2 Gig Hard drive. Let me know on that please.

AVG does have a free Anti Virus and they say it runs on windows 95 if you have IE 5.1 installed. I'll have a look at your IE version later and see if you are ok to use that.

But then we run into a major roadblock. Hard Drive Space. You are short on that.

There's the download and then the install. And the ever increasing size as new updates are added.


And the operating system uses hard drive space for the swap file, the temporary internet files which both take up quite a bit of room and increase as needed.


Get in the habit of cleaning out your temp folder and Temporary internet files.

Uninstall any programs you no longer need and clean up any old personal files you don't need. Leave anything else alone. You don't want to delete anything the system needs to run.
Panda doesn't clear Spyware files, but you can do that if you like.


Delete these files:

C\WINDOWS\SYSTEM\rqroo.dll
C:\WINDOWS\SYSTEM\opnmn.dll
C:\web.exe


What really bothers me is the fact that you got into Windows and don't know why. I hope that isn't a sign of imminent hardware failure.

Let me know how you do and we'll continue this later.


The problem is a lot of these infections are spread to your email from your friends' infected systems.

The infection gets a list of their contacts and then sends out a copy of itself to each of those and on and on. Be careful.


If you have old AV which hasn't been updatged in ages, it is truly unreliable. Pretty much useless in fact. It won't recognoze the latest infections. So you get little or no protection unless your ISP is scanning your emails.

I truly appreciate all your help, especially since my system is a dinosaur and I should get rid of it, but with 2 in college, that will have to wait. I deleted the files, they cleared the recycle bin. When I deleted the web.exe it shut down the internet page and I got an "iexplore error". But it came back up. I looked at the system info: 1.98 gig, 80.0 RAM, 71% free. I use no space, but e-mail mostly. I have shut down outlook for a few days, and I have been using only hotmail. I do have the capapcity to use comcast webmail for my outlook mail, so will try that so I don't infect anyone.
I updated my daughters new computer laptop today, and purchased the norton (it came free for 60 days and was due to run out Feb. 25), also downloaded and purchased SpySubtract on her computer, as she uses a lot of messaging, etc.
I ran a scan from the comcast site today on this computer from mcaffe- a free klez scan- this is the report:
McAfee Virus Removal Tool
Copyright © 2001-2002 Networks Associates Technologies, Inc.
All Rights Reserved.

===============================================================
Scanning Action
===============================================================

Scanning completed! The Klez virus was not found on your computer.

===============================================================
Scan Summary
===============================================================
Infected:........... 0
Repaired:........... 0
Renamed:............ 0
Deleted:............ 0
RebootReq:.......... 0


===============================================================
McAfee VirusScan
===============================================================
VirusScan Online is the easiest, most convenient way to protect
your PC from computer viruses, such as "Klez", "BugBear",
"I Love You", and "Nimda". VirusScan Online's subscription
plan automatically checks for virus updates, providing the latest
version, without the usual upgrade charges and hassles.

Get comprehensive anti-virus protection now:
http://www.mcafee.com/myapps/vso/

To be honest you do look good. You're celaner than 99.999999999% of the systems in existence. But I can't advise yo to go without an up to date AV. However, you really don't have enough disk space to have the wiggle room you need.

I have company coming and have to leave very shortly. I won't be around too much for a couple of days. But I will continue to work with you after that if you like.

We can get you in the habit of trimming the fat your system creates after each internet session to keep your free disk space as high as possible and get rid of anything old to make room on your hard drive. Even if you aren't able to install new AV and only settle for online scans a couple times a week, your system will work better if you clean it up.

Thank you so much. I am now up to 797 disk free, deleted some program not used. Do you know what internat is? It shows up in the bottom as English, and is always on when I check the task mangager. I think it is something to do with translations? My husband doesn't seem to know. anyway, I am only letting active x script marked safe as enable, and I have all the others asking for a prompt on the web pages. Most of the stuff I am on doesn't really need that- it let it on with comcast home page. Is it safe to copy my address folder from outlook and my book marks on a disk for another computer? I would like to try and re-boot, but that is the only thing on here I need to save incase the computer dies with reboot- if that happens, I will accept it. I always clean out my temp internet folder and cookies very often to not clog up the computer- I learned that when I fixed our other computer, which is a Windows NT 4.0, not so new either, but functional. My daughter has a Windows XP, and a new laptop XP, and my son has a Windows 2000, so they are OK(but their computers are at school).
Thanks again!

You're welcome.

internat.exe is exactly what you guessed. You don't need it running if you are using an English versoin and have no other languages installed which you use.


Outlook or Outlook
express? You can export your folders and address book and reimport them back in if need be.

Sure, copy your favorites folder. IF too large, you can export that too. IT will export to a file named bookmark,htm and that can be imported back to an empty favs if you need it. It will re-expand to look just like it should.


Let me check your Internet Explorer version and get back. Then I'll be back sporadically for the next couple days.

To use AVG you need an IE verions 5.01 or greater. Yours doesn't qualify and finding a download of such an older version of IE is just about impossible.

If you have an old AOL CD or possibly and older Office CD, IE was included and could be installed from there.

Oterh thatn that, you would have to look for other AV's and see what they support.

It's back!! I opened outlook express to copy my address book, then went on the web. My screen blinked white, then a download box came up to download an object, I said no, then new boxes were opening on the bottom with the address of...& nbsp then the microsoft internet explorer then a microsoft box popped up and said you must say yes to continue, and wouldn't let me close the x, so I did task manager, and there were 3 of them in there with that address- so I stopped them all and closed the internet. A huge pepsi ad came up that I closed. I ran the hijack, but it didn't show, so ran the version with the startup list and it's there!! I had the active x cofigured not to run and it still
happened.
StartupList report, 02/22/06, 12:42:01 AM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
Detected: Windows 95 B (Win9x 4.00.1111)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\WINK\WINK.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
wink.lnk = C:\Program Files\Wink\Wink.exe
Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
Essdc = essdc.exe
LoadQM = loadqm.exe
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PETZII~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 18/2/2006, 20:14:0)

[rename]
NUL=C:\WINDOWS\DELETE.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 18/2/2006, 20:4:48)

[rename]
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\SETUP.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\_ISDEL.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\SETUP.EXE
NUL=C:\PROGRA~1\NETWOR~1\MCAFEE~1\_ISDEL.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR_USER=
if not "%OS%"=="Windows_NT" if "%COMSPEC%"=="C:\WINDOWS\COMMAND.COM" set SMS_LOCAL_DIR=
ECHO OFF
SET PATH=C:\ORAWIN\BIN;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM\WBEM;C:\RWIN77
SET TEMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
BUFFERS=80
FILES=80
DOS=HIGH,UMB

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

*File not found*

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\dajava.cab
OSD = C:\WINDOWS\DOWNLO~1\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\DOWNLO~1\Microsoft XML Parser for Java.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MNVIEWER.DLL
CODEBASE = http://www.musicnotes.com/download/mnview95.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://software-dl.real.com/25357c1e6878dd...ip/RdxIE601.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/Static_...en/actsetup.cab

[Snapshot Viewer Control 10.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPVIEW.OCX
CODEBASE = http://activex.microsoft.com/activex/contr...ss/Snapview.ocx

--------------------------------------------------

Enumerating Winsock LSP files:


--------------------------------------------------

Enumerating Win9x VxD services:

IOS: *IOS
VNETSUP: vnetsup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VSHARE: *VSHARE
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
SPOOLER: *SPOOLER
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VREDIR: vredir.vxd
NDIS: ndis.vxd,ndis2sup.vxd
VNETBIOS: vnetbios.vxd
BIOS: *BIOS
NWLink: (no file)
NWREDIR: (no file)
NSCL: (no file)
VSERVER: (no file)
MTRR: mtrr.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 16,208 bytes
Report generated in 1.634 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I am here only for short spurts for the next few days.

But let;s see what this is. If not Klez or what.

What else is in that Wink folder?

I would like you to go and have the file scanned here:
http://virusscan.jotti.org/

Enter this path into the File to upload box and then press the submit button.

C:\Program Files\Wink\Wink.exe

Copy and paste the scan results into your next reply here.

If you can get into Safe mode, run hijackthis and fix the entry in the startup folder for wink.

Let me know how you do.

Well, this thing is driving me crazy. My computer locked up before I could do what you asked, and had to restart it- it locked up in outlook, deleted items folder- I had 41 junk messages from blocked addresses at one time. So..had to restart it, which surprisingly enough went without a hitch. Now I do not see either wink.exe or web.exe. So will wait till they reappear again.
Thanks.

OK, it just came back at 1:11- but this time before I could end the process with task manager, it shut me down. I had trouble rebooting and could not get it into safe mode. H ere is the scenario- it puts the folder wink in the program files underneath the windows update containing wink.exe, but when the system reboots, or you delete it then it put web.exe directly in the c drive. I tried scanning the wink.exe, but the folder is now empty, as it hatches out on re-boot:: this is the scan result:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file- that is what the scanner found and sure enough if you look, it says 0 for file size.
So I scanned the web.exe and here are the results:Jotti's malware scan 2.99-TRANSITION_TO_3.00

File to upload & scan:
Service
Service load: 0% 100%

File: Web.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 60e05666f11c39b17dbbc20c013ca731
Packers detected: PE_PATCH, UPACK
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Downloader.Delf.Ags
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found BehavesLike:Trojan.Downloader (probable variant)
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.6808
F-Prot Antivirus Found nothing
Fortinet Found Dloader.Y!tr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.ags
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.Delf.ags

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: Server.exe, detected by:

Scanner Malware name
AntiVir Backdoor-Server/NetDevil.14.Srv backdoor
ArcaVir Trojan.Netdevil.15
Avast Win32:Trojan-gen. {Delphi}
AVG Antivirus BackDoor.Netdevil
BitDefender Backdoor.NetDevil.1.5
ClamAV Trojan.NetDevil.15-srv
Dr.Web BackDoor.Nels
F-Prot Antivirus W32/NetDevil.G
Fortinet W32/NetDevil.15-bdr
Kaspersky Anti-Virus Backdoor.Win32.NetDevil.15
NOD32 Win32/NetDevil.11.D
Norman Virus Control X
UNA Backdoor.NetDevil.15
VBA32 Backdoor.Win32.NetDevil.15


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback



Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

OK. I see a few others of these when I do a gppgle and no resolution. But they had no strange behavior like yours. No disappearing entries or shutdowns. I do believe that wink and web.exe are the problems. Wink is not Klez here.

Are you able to restart into regular windows?


If so, please do this.
Copy and paste the contents of the quote box to notepad,
Name the file out.bat
Save as Type: All Files

Save in the winodws folder. So now you'll have
C:\windows\out.bat




Go to the shutdown menu and choose Restart in Ms-Dos

This will take you to a black screen with a C:\windows prompt.

Type this and press enter:

out.bat

That will run the batch file I had you create earlier.

When finished you will be back at another prompt.

Type exit and press enter to get back to Windows.

Run hijackthis and post the new log please.

Here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html

I am on my husbands computer, but last nite I found a link to avast that has a free home av program that works with windows 95, so downloaded that this morning and am trying to run a scan. When that is done, I will do the above, unless I shouldn;t have done that? I haven't touched the web.exe or wink.exe to try and get rid of them, and have my outlook shut down.

just went to check the scan and it shows:
Virus
C:\WINDOWS\SYSTEM\ActiveScan\pskavs.dll
Win32:CTX
Virus/Worm/VPS version 0608-1, 02/23/2006do I delete this??

Great! Yes. an AV is an absolute necessity for you. I am glad you did that. But don't forget to uninstall any other Anti Virus you have installed. Did you manage to update the AV program to get the latest signatures before running the scan?

You say Outlook. Is that Ms Office's Outlook? or are you using Outlook Express?

After you do that scan, let me know the results please.

outlook express- it says it protects your mail too on the virus software.

As I remember, avast has an issue with Panda. It will see that panda file as a virus. It isn't though. It's a part of the panda online you ran.