I think I have a virus

Download HijackThis from http://209.133.47.200/~merijn/files/HijackThis.exe & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your post. DO NOT FIX ANYTHING YET.

Give you a suggestions, please install the operation system again.

if you can't run EXE's how do you run IE or Netscape?

disconnect it from your netowork, boot up in safe mode, and run adaware, and some antivirus.

it could just be security settings you have, or your firewall is blocking almost everything, you tried disabling it yet?

everytime I download an .exe file it gets downloaded as .exe.asf
I have to rename all the files to get them to work

Your Internet Explorer may be hijacked as in reply # 1 above, I suggest the same thing run hijack this and post the results here

what exactly are you looking for.. if I post this info, it has some account numbers for software that I bought.

I guess I can post this...
this is the C:/ info

Logfile of HijackThis v1.97.7
Scan saved at 9:22:56 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

ohhh, did not see the last message from you, ASF = Advanced streaming format used in Windows Media player, sounds like you got it slapped onto the end of all your exe files.

when was Quicktime installed?.....recently?

No-one is looking for your personal info. They're looking for entries relating to the stuff that you didn't put there! The spyware that has got into your system and is stopping things from working as they should.

Posting the log will enable people to identify problem entries, and suggest the actions you need to take to fix it.

what the heck.. here is the rest of it.. I appreciate your help

Logfile of HijackThis v1.97.7
Scan saved at 9:22:56 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.3792361111
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ucn.webex.com/client/latest/webex/ieatgpc.cab

Quicktime was not recently installed, but is on the computer.

weatherbug = gain, tracking cookie, spyware, Plaxo?.....Here is a link to an article about it. http://www.meskill.net/archives/000467.html (copy & Paste) You have some BHO (browser Helper Objects) Let me look at this some more.

ok, htpatch.exe is an AGP video update, so that was not an issue, You use Google, no issue there. wuauclt.exe is a script that checks for updates when you connect to the Internet for Windows ME., upgrade from Windows ME?.......I am not seeing nothing major yet.

I have had Plaxo and Weatherbug for sometime now and It has been working fine for me.

what security settings should I be at for IE to allow for all of the java applications?

snapfish is spyware, it is uploading tracking data from your computer. Stop sign in my book is spyware. akamai.net is used to provide content although in this case you may have used it to run online virus scan?....Housecall was at the tail of that line. I am not seeing a virus. You download music and I see you have a ref. to realtime. I think it is in the audio\video applications. download any lately?...

go to control panel and look at your list of recently installed programs. (add\remove). uhm, I leave my security at medium. That works for me.

Have only HJT running & fix these entries=

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe

O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab

Reboot into safe mode following the instructions here. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 & navigate to & delete
C:\WINDOWS\System32\winupd.exe< this one
C:\WINDOWS\system32\llass.exe< this one
Both added as a result of different viruses.

These are suspect & I would be deleting them too.
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1

Reboot & you should post another log.

I deleted c:/WINDOWS/System32/windupd.exe
I could not find any of the following files in safe mode... C:\WINDOWS\system32\llass.exe<
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32vuwqvb.dll,Init 1
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32vuwqvb.dll,Init 1

here is the new log.
Logfile of HijackThis v1.97.7
Scan saved at 10:39:48 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
09 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.3792361111
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ucn.webex.com/client/latest/webex/ieatgpc.cab

ok C:\Program Files\AWS\WeatherBug\Weather.exe is a spywear prog

"and O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab"

sounds dodge to me

why can't I edit my posts on the first page of the thread?

ok.. weatherbug is gone...deleted
no big loss.

download adawear from somewhere like www.download.com?

infact http://www.lavasoftusa.com/ download section

the first problem I would like to take care of is allowing IE to run Javascript...
What should my security settings be to allow this again.?

Those entries I noted in my last post are still there. You need to get rid of them. When you try next time, Go to folder options & select 'Show hidden files/folders' to be sure these files can be found.
Might be an idea to have an online scan, so go to http://housecall.trendmicro.com/ for an on-line scan & set it to autoclean for you.

http://vil.nai.com/vil/stinger/

Run the stringer utility for a quick and free scan of the latest dats sent out by McAffee. :evil: