NT File Manager

this has been going on since I started using MBAM around v. 1.4x the scan finishes but I can't do anything with the program only two things I can do it says scan finished so I click "show results" button it lists the group policy items it thinks are caused by infections ie. - no system restore config. - no recycle bin files - no SM search - add log off to Start Menu all these are set by group policy I like my systems stripped not bloated after I move those items to the ignore list I can't do anything except click save log none of the other tabs work and when I click main menu it says: "you will lose yer scan results" if I click exit it says: "Scan in progress" how can the scan be in progress if it already finished?

Thanks for the continued help here's the status I now have the 1.5 full installer I had a friend email it to my GMail I forwarded it to my Yahoo email I Can DL it from the GMail Servers - but not from the Yahoo Mail Servers it gives only the first 40KB and then quits saying the DL is complete or freezes and never starts (I could leave the DL Window open for the next 26 years and it wouldn't start) it seems some servers don't like my connection (WiMax) which is crappy at best most days slower than dial-up never less than 3% packet loss and on some days, up to 30%+ packet loss on those days nothing works

Thanks for replying but Spybot is not open it only runs when I open it as I mentioned in the OP Teatimer is not enabled

can't update with either old systems or 3 Fresh OS Installs on New HDDs 2 fresh installs are mine, and I just rebuilt a system for a friend whose HDD had bombed no system here can DL the 1.5 installer in any browser so I used the 1.46 installer and tried check for updates but that hasn't worked for a long time on any system I can update everything else ie. - WinUpdates come down - the winupdate site works what happens with the MBAM updater is the first 5.5MB file completes, but when the 7.27 (V 1.5) update starts to DL it fails in less than 3 seconds when I try to DL the full installer I get one of two things > the first 50KB comes down and then it quits or > the DL never starts - the TechSpot page never asks if I want to save the file and it never starts - the CNET page pops the dialog for "save file" but never starts or gives the first 50KB and then fails Eset says I'm Clean the last sig. update I have for MBAM says I'm clean SpyBot S&D says I'm Clean I installed MSE, SpyBot S&D and MBAM 1.46 on my Friends system and it says he's clean and it should be it's a fresh install and so should my 2 fresh installs I don't use the S&D Teatimer nor have I "Immunized" the fresh installs

preview post didn't preview, it actually posted it so that's why there's two; can't see any option to delete either the post

My apologies for taking this long, my weekends are always packed with stuff to do; I'm attaching the file from the win32's for win3.1 that is detected as a trojan dropper. W32SKRNL.DLL in addition to the GPO item: "Remove search from the start menu" I also have checked: - "Remove Documents menu item" - "Remove my pictures from the start menu" - "Remove my music from the start menu" - "Disable User Tracking" - "Do not keep history of recently opened documents" - "Clear document history on exit" etc. I would think that most people would be more freaked out if their documents, pictures, and music menu links disappeared from the start menu before they'd even notice that Search was missing, and yet these settings aren't detected as problems cheers W32SKRNLDLL.zip

just adding that I've sent the log file & included with it a screen shot of the GPO for the registry entry that's detected as a Hi-jack should I submit a copy of the file W32SKRNL.DLL? MBAMLog.zip

Hi; I was doing some system maintenance on a win2k SP4 Machine and 2 XP-Pro SP3 machines and found some files in: - ..\Local Settings\Application Data\ and - ..\Documents and Settings\user name\Application Data\ when I searched for them they came back as supposedly bad fusioncache.dat (no threat detected during scan) GDIPFFONTCACHEV1.DAT (no threat detected during scan) IconCache.db (no threat detected during scan) except these two (which supposedly belong to roxio / sonic) rx_audio.Cache (no threat detected during scan) rx_image.Cache (no threat detected during scan) some of these files had a file date of when the system was built so I used the Eset Online Scanner, Spybot S&D, and then tried MBAM I had AVG up until 2 days ago and then dumped it because it wasn't working properly other than to slow my systems down, - it wouldn't even detect the EICAR test string every time during the quick scan a registry entry which I created with Group Policy Editor was detected as a HiJack on all the systems actually all the anti-Spy/Malware scanners detect this and I don't know why, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind Result > (Hijack.Find) this key is created when using The GPO User Configuration\Administrative Templates\Start Menu and Taskbar\ "Remove Search From the Start Menu" (Enabled) (I try to remove clutter I don't use from my system / menus etc.) so after all that I ran a "Deep Scan" and selected all the drives in my main system which has a ton of backed up files from 4 win3.1x machines that I haven't had time to sort out and permanently archive or remove yet; here's where it gets weird; one 14 year old file from the Microsoft Win32's extension set for 16-bit Win3.1x was detected as a trojan dropper D:\310Moved\Server~D\SOFTWARE\WIN~DLLS.100\SYSTEM\WIN32S\W32SKRNL.DLL D:\310Moved\Server~D\SOFTWARE\WIN~DLLS.166\SYSTEM\WIN32S\W32SKRNL.DLL D:\310Moved\Server~J\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL D:\310Moved\Server~L\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL E:\310Moved\Server~D\SOFTWARE\WIN~DLLS.100\SYSTEM\WIN32S\W32SKRNL.DLL E:\310Moved\Server~D\SOFTWARE\WIN~DLLS.166\SYSTEM\WIN32S\W32SKRNL.DLL E:\310Moved\Server~J\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL E:\310Moved\Server~L\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL Result on all files > (Trojan.Dropper) -> No action taken. they're all the same file: W32SKRNL.DLL 82,944 Bytes 30/01/1996 23:00 the file comes from a legitimate program install CD which included win32's and the game FreeCell even though those win3.1x systems were never on the internet or even a real network, I used Interlink to transfer to the main backup file storage server back then and then when I got the new XP system I pulled the largest drive and put it on an IDE/USB adapter and pulled the files to the main system now in use. should I submit a copy of this file just to verify it, sorry for the long post, I hope it makes enough sense. summary there's really two things going on: > where'd those weird files come from and why aren't they detected? > and why are a legitimate registry entry and a file from 1996 detected as threats? THX