1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can only start up in Safe Mode...Normal Mode Blank??

Discussion in 'Virus & Other Malware Removal' started by Lsa0824, Oct 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    Ok here is the problem that I am having. When I start in normal mode it is just a black screen and the only thing I can do is hit ctrl, alt & delete. NOTHING else is working. I can go into safe mode and move around but I am limited due to only certain processes running. I can not even run restore on it because it freezes up. Unable to use the cd-rom to restore that way either. I have tried to run HJT on it but not having that much luck with it. I can't sign online with it in safe mode either..no modem running. Can anyone help me???

    Ran HJT in safe mode..not sure if it will show everything??

    Logfile of HijackThis v1.98.2
    Scan saved at 12:18:10 AM, on 10/4/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\PLG0\APROPOSPLUGIN.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
    O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\SYSTEM\RESTORE\RSTRUI.EXE /f
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
    O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/nce9rck.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.1.18/holdem/holdem-ob-assets.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
     
  2. Sponsor

  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,397
    We can do this in safe mode no problem but you will have to re-enable everything thats disabled with MSConfig.
    The only things I see to fix with HijackThis are:
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\PLG0\APROPOSPLUGIN.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL (file missing)
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
    O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...uginstaller.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab


    Find and delete:
    C:\PROGRAM FILES\SYSAI
    C:\PROGRAM FILES\COMMON FILES\CMEII


    Re-boot,re-scan and post again please.

    ;)
     
  4. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    OK...I tried to remove the items you referred to but some of them kept coming back with each reboot. Here is another log..

    Logfile of HijackThis v1.98.2
    Scan saved at 9:32:59 PM, on 10/4/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    F1 - win.ini: run=hpfsched
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
    O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\INSTALL\MINIBUG.EXE 1
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
    O4 - HKLM\..\Run: [idfgnr] C:\WINDOWS\aimkjkb.exe
    O4 - HKLM\..\Run: [fwueuc] C:\WINDOWS\hokpy.exe
    O4 - HKLM\..\Run: [qs8P36l] DISNSCTL.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.1.18/holdem/holdem-ob-assets.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
     
  5. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    Does anybody know what else I can do to fix the problem?
     
  6. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    I'd uninstall WeatherBug. It's adware.

    Exit the program before uninstalling it. (Right-click the icon, in the system tray, and exit.)

    Restart your computer after it's uninstalled.


    To replace WeatherBug with an adware-free weather program:

    This one's recommended by Flrman1. I use it with WeatherWatcher.

    http://tropicdesigns.net/weatherpulse.php

    WeatherWatcher




    Click here for the TV Media uninstaller from MicroSoft.

    Restart your computer.





    Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.


    Disabling System Restore in Windows XP Disable System Restore in Windows ME

    IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".


    Open HiJackThis. Click "Scan". Put a checkmark next to these:

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL (file missing)

    O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\INSTALL\MINIBUG.EXE 1

    O4 - HKLM\..\Run: [idfgnr] C:\WINDOWS\aimkjkb.exe

    O4 - HKLM\..\Run: [fwueuc] C:\WINDOWS\hokpy.exe

    O4 - HKLM\..\Run: [qs8P36l] DISNSCTL.EXE

    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe

    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe

    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe





    Close ALL browser windows (except HiJackThis ;) ) and click "Fix checked."



    NEXT:

    Restart your computer into safe mode.

    How to start your computer in Safe Mode



    NEXT:

    Because XP will not always show you hidden files and folders by default, Go to Start > Search under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on "My Computer". Go to "Tools" ---> "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also, uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK".


    NEXT:

    Find and delete these folders:

    C:\PROGRAM FILES\AWS\WEATHERBUG

    c:\Program Files\AutoUpdate

    C:\PROGRAM FILES\TV MEDIA

    C:\Program Files\ClockSync

    C:\PROGRAM FILES\TV MEDIA

    C:\Program Files\Common Files\GMT



    Find and delete these files:

    aimkjkb.exe

    hokpy.exe

    DISNSCTL.EXE

    wdskctl.exe



    NEXT:

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    How to delete Windows Temp files in Windows 2000, Windows 95, Windows 98, Windows NT or Windows ME


    Next navigate to the C:\Documents and Settings\ <all users>\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.


    Empty the Recycle Bin.


    Restart to normal mode.


    Post another HJT log.
     
  7. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    I am still having a problem a month later after asking for help. Is there anyone out there that can please help me? The computer I am referring to is a HP Pavilion and it has WinME on it. When I turn it on it loads as if it will go into normal mode but once it gets past the loading stage the monitor goes blank. I can go to safe mode and see everything but I can't use the cd-rom and I can't restore the computer through the help support either.What has happened and how can I fix it? Please Help!! :)
     
  8. norton850

    norton850

    Joined:
    Mar 8, 2004
    Messages:
    7,794
    It sounds like you posted before about this so I'm not sure what you have tried so sorry if I'm repeating what you've done. In safe mode in device manager are there are conflicts/ or non functioning devices?

    You have a HP restore CD, not real familiar with these, I am right that this just puts things back to the way your system was when you got it?
     
  9. brindle

    brindle

    Joined:
    Jun 14, 2002
    Messages:
    3,520
  10. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    I have the restore disks but I can't use the cdrom in safe mode. When looking at the device manager in safe mode not all of the devices are running so right now it is not showing any problems.
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    53,670
    First Name:
    Derek
    I've merged both threads together so we can see what was done before now post a new hijackthis log and we'll carry on from there
     
  12. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    Thanks Brindle. I could not find that one earlier so I reported it for them to decide if they needed to remove it or not.
     
  13. Lsa0824

    Lsa0824 Thread Starter

    Joined:
    Sep 19, 2004
    Messages:
    19
    Logfile of HijackThis v1.98.2
    Scan saved at 12:23:19 PM, on 11/13/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.1.18/holdem/holdem-ob-assets.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    OK...here it is
     
  14. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,397
    Lets see if you can do a system restore through the DOS interface.
    ======================================
    Press the F8 key when your computer starts up. You may
    have to tap the F8 key frequently to get to the special
    menu. Once the menu displays, select Safe Mode with
    Command Prompt. If you have to log on, log on as Administrator.

    At the DOS prompt, type "%systemroot%\system32\restore\rstrui.exe"
    (without the quotes) and then press the Enter key. This brings
    up the System Restore feature in Windows. You can now go back to
    a previous Restore Point where everything worked correctly.

    This folder needs deleting:C:\PROGRAM FILES\TV MEDIA
    =================================================
    Let us know how it go`s.

    ;)
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    53,670
    First Name:
    Derek
    $teve it's ME not XP so that won't work
     
  16. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    53,670
    First Name:
    Derek
    I've just though what the problem probably is

    start in safe mode

    Right click a blank part of desktop & select properties/settings

    set your screen resolution to a lower setting, probably 800 x 600 and see if taht cures the problem

    in ME or 98 when you try to set too high a resolution the video card can't cope with it just
    gives a blank screen

    when you are in safe mode it only uses a default low resolution

    If that doesn't work then boot into safe mode again and go to device manager and find your video card, uninstall it and reboot

    Windows will install the default drivers and settings then you can sort out proper drivers later
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/280874