error parsing voucher

mus21tang · 02-Jun-2003, 03:57 AM #1

whenever I try to download a file for my email account, I first save target to my documents. When I try to open it I get" Error parsing voucher" then the file disappers from my documents. I haved tried everything and everywhere to find a solution Anybody out there that can help

Rollin' Rog · 02-Jun-2003, 01:54 PM #2

Are these Adobe .pdf files that you are downloading? I see numerous hits for this in Google > Groups, all of them apparently Adobe related. You may need to update your current version.

http://groups.google.com/groups?hl=e...=Google+Search

jpete · 28-Jun-2003, 02:23 PM #3

I am very new to your site but here goes. When I restart my computer I keep receiving the parsing error and it has 2 choises either quit or hit the X. If I hit the x I get message it can't do it becaus it working offline. It is a adobe download manager message.

Rollin' Rog · 28-Jun-2003, 02:59 PM #4

I'd suggest installing Adobe 6.0 then. If that is what you have, uninstall it first -- probably a good idea anyway.

http://www.adobe.com/products/acrobat/readstep2.html

jpete · 28-Jun-2003, 09:44 PM #5

i made a mistake i have windows98se but we did whatwas suggested it loaded fine.but no luck. this is wht happens, when i restart my computer it does everyhing ok till it gets to the desktop icons. then the hour glass appears leaves appears leaves and desktop icons stay but an error message 2x4 appx. from Adobe Download Manager cannot complete download parsing voucher and there is a quit button i push the button and everything looks good till you go to work and page leaves and workoffline or try again option appears. hit tryagain it all works

Rollin' Rog · 28-Jun-2003, 10:18 PM #6

Did you uninstall the old Adobe before installing the new?

In any case maybe we should see just what is trying to startup. Give us a post of the ScanLog using HijackThis:

http://www.tomcoyote.org/hjt/

Also try following these instructions to clear temporary files in DOS:

Click Start>Shutdown>Restart in MS-DOS mode.

At the c:\windows\> prompt enter each bold line:

smartdrv
deltree tempor~1
deltree temp
deltree history
deltree locals~1\tempor~1
exit

(you may get an error message on this last one (locals~1), just skip to "exit" if you do, it just means you don't have that directory)

Enter smartdrv first or the process will take a very long time. For each deltree, confirm by entering 'y' if the target directory is correct.

jpete · 29-Jun-2003, 12:18 AM #7

i am having problem trying to send hijackthis the scanpost you asked for i am no sure how to return to forum as directed

Rollin' Rog · 29-Jun-2003, 01:25 AM #8

The easiest way is to save the log to the desktop. Open it and click Edit > Select All > Edit > copy. Then right click on a message box and select 'paste'

if you have trouble opening the log after saving it, right click on the file and rename it HijackThis.txt

You can also upload it as an attachment if you have first renamed it HijackThis.txt

jpete · 29-Jun-2003, 02:11 AM #9

Logfile of HijackThis v1.95.0
Scan saved at 11:05:16 PM, on 6/28/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.3020.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [MSVXD] C:\WINDOWS\MSVXD.EXE 1632
O4 - HKLM\..\Run: [RapidBlaster] c:\program files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
O4 - Startup: CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
O4 - User Startup: CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
O4 - User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab
O16 - DPF: {ABE92375-8159-4759-A4B2-BF29E11CAAC3} (HearMe Microphone Configuration Wizard) - http://www.hearme.com/products/vp/co...ins/evpcfg.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometc...fire/comet.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.jp.uo.com/fonts/TDSERVER.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: Dialpad US Java Applet (Symantec RuFSI Registry Information Class) - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/ca...ile=stamps.cab
O16 - DPF: {06B28923-0447-44BE-BB19-9C7A330BCDBD} (NetworkPlace Class) - http://www.driveway.com/partners/msoe/netplace.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://cnt.rapidblaster.com/install/activeinstaller.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...592.8980439815
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe

jpete · 29-Jun-2003, 02:38 AM **#10**

StartupList report, 6/29/03, 1:35:53 AM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.3020.2100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
MSVXD = C:\WINDOWS\MSVXD.EXE 1632
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Pop-Up Stopper =
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LDM = C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
LDM = C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/6/2003, 14:55:22)

[Rename]
NUL=C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\mouse;c:\windows\system;C:\PROGRA~1\G RISOFT\AVG6
PATH=%PATH%;"C:\ProgramFiles\Mts"

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE = http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab

[HearMe Microphone Configuration Wizard]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVPCFG.DLL
CODEBASE = http://www.hearme.com/products/vp/co...ins/evpcfg.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
CODEBASE = http://files.cometsystems.com/cometc...fire/comet.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.jp.uo.com/fonts/TDSERVER.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/sa/us/common/bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SDCINSTALL.DLL
CODEBASE = http://www.stamps.com/download/us/ca...ile=stamps.cab

[NetworkPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETPLACE.DLL
CODEBASE = http://www.driveway.com/partners/msoe/netplace.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://cnt.rapidblaster.com/install/activeinstaller.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...592.8980439815

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab

[MSN Money Charting]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INV12.OCX
CODEBASE = http://fdl.msn.com/public/investor/v12/invinstl.exe

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,939 bytes
Report generated in 0.068 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 6/29/03, 1:35:53 AM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.3020.2100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
MSVXD = C:\WINDOWS\MSVXD.EXE 1632
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Pop-Up Stopper =
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LDM = C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
LDM = C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/6/2003, 14:55:22)

[Rename]
NUL=C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\mouse;c:\windows\system;C:\PROGRA~1\G RISOFT\AVG6
PATH=%PATH%;"C:\ProgramFiles\Mts"

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE = http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab

[HearMe Microphone Configuration Wizard]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVPCFG.DLL
CODEBASE = http://www.hearme.com/products/vp/co...ins/evpcfg.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
CODEBASE = http://files.cometsystems.com/cometc...fire/comet.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.jp.uo.com/fonts/TDSERVER.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/sa/us/common/bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SDCINSTALL.DLL
CODEBASE = http://www.stamps.com/download/us/ca...ile=stamps.cab

[NetworkPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETPLACE.DLL
CODEBASE = http://www.driveway.com/partners/msoe/netplace.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://cnt.rapidblaster.com/install/activeinstaller.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...592.8980439815

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab

[MSN Money Charting]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INV12.OCX
CODEBASE = http://fdl.msn.com/public/investor/v12/invinstl.exe

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,939 bytes
Report generated in 0.068 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 6/29/03, 1:35:53 AM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.3020.2100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
MSVXD = C:\WINDOWS\MSVXD.EXE 1632
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Pop-Up Stopper =
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LDM = C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
LDM = C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/6/2003, 14:55:22)

[Rename]
NUL=C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\mouse;c:\windows\system;C:\PROGRA~1\G RISOFT\AVG6
PATH=%PATH%;"C:\ProgramFiles\Mts"

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE = http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab

[HearMe Microphone Configuration Wizard]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVPCFG.DLL
CODEBASE = http://www.hearme.com/products/vp/co...ins/evpcfg.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
CODEBASE = http://files.cometsystems.com/cometc...fire/comet.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.jp.uo.com/fonts/TDSERVER.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/sa/us/common/bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SDCINSTALL.DLL
CODEBASE = http://www.stamps.com/download/us/ca...ile=stamps.cab

[NetworkPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETPLACE.DLL
CODEBASE = http://www.driveway.com/partners/msoe/netplace.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://cnt.rapidblaster.com/install/activeinstaller.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...592.8980439815

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab

[MSN Money Charting]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INV12.OCX
CODEBASE = http://fdl.msn.com/public/investor/v12/invinstl.exe

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,939 bytes
Report generated in 0.068 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 6/29/03, 1:35:53 AM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.3020.2100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
MSVXD = C:\WINDOWS\MSVXD.EXE 1632
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Pop-Up Stopper =
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LDM = C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
LDM = C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/6/2003, 14:55:22)

[Rename]
NUL=C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\mouse;c:\windows\system;C:\PROGRA~1\G RISOFT\AVG6
PATH=%PATH%;"C:\ProgramFiles\Mts"

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE = http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab

[HearMe Microphone Configuration Wizard]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVPCFG.DLL
CODEBASE = http://www.hearme.com/products/vp/co...ins/evpcfg.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
CODEBASE = http://files.cometsystems.com/cometc...fire/comet.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.jp.uo.com/fonts/TDSERVER.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/sa/us/common/bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SDCINSTALL.DLL
CODEBASE = http://www.stamps.com/download/us/ca...ile=stamps.cab

[NetworkPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETPLACE.DLL
CODEBASE = http://www.driveway.com/partners/msoe/netplace.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://cnt.rapidblaster.com/install/activeinstaller.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...592.8980439815

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab

[MSN Money Charting]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INV12.OCX
CODEBASE = http://fdl.msn.com/public/investor/v12/invinstl.exe

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,939 bytes
Report generated in 0.068 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 6/29/03, 1:35:53 AM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.3020.2100)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\pete\Start Menu\Programs\Startup]
GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
MSVXD = C:\WINDOWS\MSVXD.EXE 1632
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Pop-Up Stopper =
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LDM = C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
LDM = C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/6/2003, 14:55:22)

[Rename]
NUL=C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\mouse;c:\windows\system;C:\PROGRA~1\G RISOFT\AVG6
PATH=%PATH%;"C:\ProgramFiles\Mts"

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE = http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab

[HearMe Microphone Configuration Wizard]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVPCFG.DLL
CODEBASE = http://www.hearme.com/products/vp/co...ins/evpcfg.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
CODEBASE = http://files.cometsystems.com/cometc...fire/comet.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.jp.uo.com/fonts/TDSERVER.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/sa/us/common/bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SDCINSTALL.DLL
CODEBASE = http://www.stamps.com/download/us/ca...ile=stamps.cab

[NetworkPlace Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETPLACE.DLL
CODEBASE = http://www.driveway.com/partners/msoe/netplace.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://cnt.rapidblaster.com/install/activeinstaller.dll

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...592.8980439815

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21cd4213c650ebf...p/RdxIE601.cab

[MSN Money Charting]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INV12.OCX
CODEBASE = http://fdl.msn.com/public/investor/v12/invinstl.exe

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,939 bytes
Report generated in 0.068 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Rollin' Rog · 29-Jun-2003, 02:44 AM **#11**

Well you've got some real nasties there, chief among them being rapidblaster. This may take some work to get rid of so have patience. There is a rapidblaster killer available, but the site for it is down right now, so we are going to procede to see what we can do manually.

Run HijackThis again and check for 'fixing' the following entries. Close out IE before clicking 'fix selected':

O4 - HKLM\..\Run: [MSVXD] C:\WINDOWS\MSVXD.EXE 1632
O4 - HKLM\..\Run: [RapidBlaster] c:\program files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll

O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab
O16 - DPF: {ABE92375-8159-4759-A4B2-BF29E11CAAC3} (HearMe Microphone Configuration Wizard) - http://www.hearme.com/products/vp/c...gins/evpcfg.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/comet...lfire/comet.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: Dialpad US Java Applet (Symantec RuFSI Registry Information Class) - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://cnt.rapidblaster.com/install/activeinstaller.dll

I'm not all together sure this will resolve the error, but we need to start here. Reboot after fixing.

Then install, UPDATE, and run Spybot following the directions here, and reboot afterwards. Then post another ScanLog.

http://tomcoyote.org/SPYBOT/

There is a rapidblaster killer available at the javacool site given in the first link in this thread; when it becomes available it may help to use it:

http://forums.techguy.org/t138563/s.html

If the above cleanup does not resolve the parser error, we will do some 'clean-boot' troubleshooting using msconfig. You have a number of 'legitimate' programs there which could also cause the error if they are seeking to do updates.

Rollin' Rog · 29-Jun-2003, 03:00 AM **#12**

It looks like the rapidblaster killer site is back up, you can get it here:

http://www.wilderssecurity.net/speci...r.html#removal

jpete · 29-Jun-2003, 04:14 AM **#13**

on my scanlog all the information is visiable but there aren't boxes to clickin. how do i mark them sothey can be fixed. i can remove the numbers like 04 or 16 but have no idea if this will work. have any suggestions

Rollin' Rog · 29-Jun-2003, 07:40 AM **#14**

You do not do anything with the saved log. What you must do is run HijackThis again, and click the "scan" tab. Then put checks in the entries I listed, and only those. Close the Internet Explorer Browser window and then click "fix checked". Reboot. Then install, Update and run Spybot according to directions given on the Spybot link.

You should also download and run the Spyblaster killer from the last site I posted.

After completing those steps, create a NEW Scanlog and copy/paste that here so we can see what improvement we've had.

jpete · 29-Jun-2003, 09:02 AM **#15**

the error message went away but i am not sure if i did it right i hope so is here anyway for you to check it out if i did let me know either way thank you very much and i will be making a donation very soon

Tag Cloud
acer asus bios bsod computer crash desktop drive driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard mouse network operating system printer problem ram registry router slow software sound toshiba trojan uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!