1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cleaning her up a little...

Discussion in 'Earlier Versions of Windows' started by Jizzmack, Oct 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Jizzmack

    Jizzmack Thread Starter

    Joined:
    Jul 23, 2003
    Messages:
    125
    Every time that I start my pc up after the windows password screen a big 'ole X comes up and says can not find Thursday.exe
    blah blah blah. It happens every time and I wondering how to resolve this issue. Also she is running hella slow for a 500mh P3
    .

    here's the paydirt:

    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\SAVE\SAVE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\KAZAA\KAZAA.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\PROFILES\WARPIG\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-exe.com/searchbar/iev1.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch&fw=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch&fw=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SE\V2\SE.DLL
    F0 - system.ini: Shell=explorer.exe thursday.exe
    O2 - BHO: (no name) - {FA79FA22-8DB3-43D1-997B-6DBFD8845569} - C:\WINDOWS\SYSTEM\MYACCESS.DLL
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V2\SE.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
    O4 - HKLM\..\Run: [Letter] C:\WINDOWS\CJRSTR\letter.exe
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [GRA] C:\Cabs\grainstall\GRA.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL,NewDotNetStartup
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - User Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
    O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
    O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/comet.cab
    O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.48.69.51/chain1/download/Uncensored_Sex.exe
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://terra.es/personal6/bobmpeg/viewer.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
    O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.coulomb.co.uk/del/200772.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab

    and....

    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\SAVE\SAVE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\KAZAA\KAZAA.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\PROFILES\WARPIG\DESKTOP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Profiles\Warpig\Start Menu\Programs\Startup]
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

    User shell folders Startup:
    [C:\WINDOWS\Profiles\Warpig\Start Menu\Programs\Startup]
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    EnsoniqMixer = starter.exe
    Primax 3-D Mouse = 3dmoused.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
    LoadQM = loadqm.exe
    CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    PrecisionTime = C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
    Letter = C:\WINDOWS\CJRSTR\letter.exe
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    WhenUSave = C:\PROGRA~1\SAVE\Save.exe
    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    GRA = C:\Cabs\grainstall\GRA.exe
    ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    Search-Exe = "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    InCD = C:\Program Files\Ahead\InCD\InCD.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    KAZAA = C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    AltnetPointsManager = c:\program files\altnet\points manager\points manager.exe -s
    New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL,NewDotNetStartup

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    SchedulingAgent = mstask.exe
    ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    ALUAlert = C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    washindex = C:\Program Files\Washer\washidx.exe

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 11/10/2003, 19:54:52)

    [rename]
    nul=c:\windows\TEMP\~f1d055.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1
    PATH=%PATH%;
    SHARE.EXE /L:500 /F:5100

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\SYSTEM\MYACCESS.DLL - {FA79FA22-8DB3-43D1-997B-6DBFD8845569}
    MediaLoads Enhanced - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\SE\V2\SE.DLL - {00041A26-7033-432C-94C7-6371DE343822}
    myBar BHO - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    (no name) - C:\Program Files\NewDotNet\newdotnet5_48.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
    CODEBASE = http://files.cometsystems.com/cometcursor/comet.cab

    [{B3AA2F6B-6BAF-11D3-BA05-00C0F0322972}]
    CODEBASE = http://209.48.69.51/chain1/download/Uncensored_Sex.exe

    [{A45F39DC-3608-4237-8F0E-139F1BC49464}]
    CODEBASE = http://terra.es/personal6/bobmpeg/viewer.exe

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Register Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HWUTILS.DLL
    CODEBASE = http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab

    [plug Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CHARGI~1.DLL
    CODEBASE = http://dist02.chargitdial.com/chargitplug.dll

    [{A1DC3241-B122-195F-B21A-000000000000}]
    CODEBASE = http://www.coulomb.co.uk/del/200772.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.2]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
    CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

    [WONWebLauncher Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WONWEBLAUNCHERCONTROL.OCX
    CODEBASE = http://www.flipside.com/cab/WONWebLauncherControl.cab

    --------------------------------------------------








    and the start up list is ....


    etected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\SAVE\SAVE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\KAZAA\KAZAA.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\PROFILES\WARPIG\DESKTOP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Profiles\Warpig\Start Menu\Programs\Startup]
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

    User shell folders Startup:
    [C:\WINDOWS\Profiles\Warpig\Start Menu\Programs\Startup]
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    EnsoniqMixer = starter.exe
    Primax 3-D Mouse = 3dmoused.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
    LoadQM = loadqm.exe
    CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    PrecisionTime = C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
    Letter = C:\WINDOWS\CJRSTR\letter.exe
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    WhenUSave = C:\PROGRA~1\SAVE\Save.exe
    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    GRA = C:\Cabs\grainstall\GRA.exe
    ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    Search-Exe = "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    InCD = C:\Program Files\Ahead\InCD\InCD.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    KAZAA = C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    AltnetPointsManager = c:\program files\altnet\points manager\points manager.exe -s
    New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL,NewDotNetStartup

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    SchedulingAgent = mstask.exe
    ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    ALUAlert = C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    washindex = C:\Program Files\Washer\washidx.exe

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 11/10/2003, 19:54:52)

    [rename]
    nul=c:\windows\TEMP\~f1d055.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1
    PATH=%PATH%;
    SHARE.EXE /L:500 /F:5100

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\SYSTEM\MYACCESS.DLL - {FA79FA22-8DB3-43D1-997B-6DBFD8845569}
    MediaLoads Enhanced - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\SE\V2\SE.DLL - {00041A26-7033-432C-94C7-6371DE343822}
    myBar BHO - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    (no name) - C:\Program Files\NewDotNet\newdotnet5_48.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{1678F7E1-C422-11D0-AD7D-00400515CAAA}]
    CODEBASE = http://files.cometsystems.com/cometcursor/comet.cab

    [{B3AA2F6B-6BAF-11D3-BA05-00C0F0322972}]
    CODEBASE = http://209.48.69.51/chain1/download/Uncensored_Sex.exe

    [{A45F39DC-3608-4237-8F0E-139F1BC49464}]
    CODEBASE = http://terra.es/personal6/bobmpeg/viewer.exe

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Register Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HWUTILS.DLL
    CODEBASE = http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab

    [plug Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CHARGI~1.DLL
    CODEBASE = http://dist02.chargitdial.com/chargitplug.dll

    [{A1DC3241-B122-195F-B21A-000000000000}]
    CODEBASE = http://www.coulomb.co.uk/del/200772.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.2]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
    CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

    [WONWebLauncher Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WONWEBLAUNCHERCONTROL.OCX
    CODEBASE = http://www.flipside.com/cab/WONWebLauncherControl.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #2: C:\Program Files\NewDotNet\newdotnet5_48.dll
    Protocol #1: C:\Program Files\NewDotNet\newdotnet5_48.dll
    Protocol #2: C:\Program Files\NewDotNet\newdotnet5_48.dll
    Protocol #9: C:\Program Files\NewDotNet\newdotnet5_48.dll
    Protocol #10: C:\Program Files\NewDotNet\newdotnet5_48.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    also how do you reload an operating system\uninstall one

    for certain I must have left some pertanent detail out so please show some mercy.

    thanks in advance to all who reply.
     
  2. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    OK, it will take some time to go thru your log, in the mean time Download and run CoolWebShredder to remove Cool Web Search.
    http://www.spychecker.com/program/cwshredder.html

    Also go into add/remove programs and remove New Dot Net
    Then reboot.

    It will help to clean up some of it.
     
  3. Jizzmack

    Jizzmack Thread Starter

    Joined:
    Jul 23, 2003
    Messages:
    125
    roger that nitehawk>

    thanks. anything else you recommend? My ears are wide open.
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-exe.com/searchbar/iev1.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-se...exesrch&fw=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-se...exesrch&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...exesrch&fw=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...exesrch&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SE\V2\SE.DLL

    F0 - system.ini: Shell=explorer.exe thursday.exe

    O2 - BHO: (no name) - {FA79FA22-8DB3-43D1-997B-6DBFD8845569} - C:\WINDOWS\SYSTEM\MYACCESS.DLL
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V2\SE.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [GRA] C:\Cabs\grainstall\GRA.exe
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - User Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net

    O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/comet.cab
    O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.48.69.51/chain1/download/Uncensored_Sex.exe
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://terra.es/personal6/bobmpeg/viewer.exe
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.26/Hiwire.cab
    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
    O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.coulomb.co.uk/del/200772.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab



    I need some more info on this one, it may be a virus or it may be good.
    Right click on this and open Properties, then the Version tab and see what the description and company name is.
    O4 - HKLM\..\Run: [Letter] C:\WINDOWS\CJRSTR\letter.exe

    Next reboot into Safe Mode and remove the following files and folders that are bolded

    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
    C:\Program Files\DownloadWare\dw.exe" /H
    C:\PROGRA~1\SAVE\Save.exe
    C:\PROGRAM FILES\SE\V2\SE.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    c:\program files\altnet\points manager\points manager.exe -s
    C:\ Program Files\NEWDOTNET\NEWDOT~4.DLL,NewDotNetStartup
    C:\Program Files\Common Files\GMT\GMT.exe



    C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    Download KazaaBegone 1.01 http://majorgeeks.com/download.php?det=3446

    Kazaalite is the same as Kazaa without the spyware.
    http://fe1.edskes.com/k/klitekpp242e.exe

    See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

    Reboot into normal mode

    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  5. skyman

    skyman

    Joined:
    Jan 30, 2001
    Messages:
    1,234
    Something else is to go to Start, Run and type in msconfig.

    Go to the "startup" tab and click on it. Write down everything that has a check next to it and then "uncheck" all of them.

    Go to this site and look up each one you have witten down to see which ones you really need. When you find out the ones you need, go back into msconfig and check them and reboot.

    Many folks have too much in their startup and it will create problems for you...

    http://www.pacs-portal.co.uk/startup_content.htm
     
  6. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Skyman: Look at post #4. Effectively we have done just that. I would just as soon keep the rest of the start-up items there for now so we know what we are dealing with.

    We may resort to that a little later.
     
  7. skyman

    skyman

    Joined:
    Jan 30, 2001
    Messages:
    1,234
    NiteHawk,

    My bad...
     
  8. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    No problem (y)
     
  9. Jizzmack

    Jizzmack Thread Starter

    Joined:
    Jul 23, 2003
    Messages:
    125
    Waahooo! That fixed the thursday.exe problem!

    need some more info on this one, it may be a virus or it may be good.
    Right click on this and open Properties, then the Version tab and see what the description and company name is.
    O4 - HKLM\..\Run: [Letter] C:\WINDOWS\CJRSTR\letter.exe


    couldn't right click on this in Hijack ,you kinda lost me there or maybe I just couldn't follow. Other then that though thanks alot . Glad that there are others out there who beleive that the knowledge of many is greater then one! So many truely clueless know it alls. Always there is something to learn if you listen I think.

    unning processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\PROFILES\WARPIG\DESKTOP\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch&fw=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Letter] C:\WINDOWS\CJRSTR\letter.exe
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
    O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37909.8100925926

    I think I got all of it. Except that one that you weren't sure of. BTW- what's the reason for running in safe mode when removing files from the C:\ ? I'm learning !

    thanks again!
     
  10. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    These two still need your attention.

    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V2\SE.EXE" /U
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

    Then delete

    C:\PROGRAM FILES\SE\V2\SE.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

    Use the Find command to find the file and then right click on it and open Properties, then the Version tab and see what the description and company name is.
    O4 - HKLM\..\Run: [Letter] C:\WINDOWS\CJRSTR\letter.exe


    The reason for Safe Mode is that, altho using HJT should prevent it from starting up, sometimes windows may think that a file is in use. You can not delete a file that is open and in use.

    Instead of trying to delete a file in Normal Mode and finding you can't, it's easier and faster just to go into Safe Mode, which loads just the basic set of files and drivers, and delete from there.

    Hope that has been helpful.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172238

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice