1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Do you know what this is-Mortician's Memo?

Discussion in 'Virus & Other Malware Removal' started by beckri, Feb 11, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    I started my computer up the other day and received the following message:

    "Mortician's Memo (in the blue title bar on the box)
    It looks like somehow the DSP is Dead! Please go to the Device Manager and Disable/Enable the Audio Device."

    Then the screen remained blank when I closed that box. The desktop didn't load up and I had to hit the power switch on the outlet strip. Ever since I've been getting oodles of pop-ups and I've ran AVG and found three or four viruses. I've ran Ad-aware and Spybot, as well as Spyware. It keeps freezing up on me.
    Anyone know what that message above is about?
     
  2. Sponsor

  3. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Just checking back one more time. Thanks.
     
  4. Ihatemy_comp

    Ihatemy_comp

    Joined:
    Feb 11, 2005
    Messages:
    30
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Based on the virii and pop ups sounds as if u have some malware

    Make sure AdAware is the SE v1.05 and try running it in safe mode

    Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
     
  6. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Ihatemy comp - Yes! I happen to have Win98 and a Philips Seismic Edge sound card. Not sure what to do about that at the moment. But atleast now I see it is a seperate issue from the other problems I'm having with the computer. Thank you so much for that!

    I will get back with the hijack log.
     
  7. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Logfile of HijackThis v1.98.2
    Scan saved at 9:37:26 PM, on 02/13/2005
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
    C:\WINDOWS\HDTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TBHDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORMWATCHER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMGR.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMON.EXE
    C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE
    C:\WINDOWS\SYSTEM\CMUPRO32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\CARSRTP.EXE
    C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORMKEEP.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\WEBWASHER\WWASHER.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.charter.msn.com/
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [HDTray] hdtray.exe
    O4 - HKLM\..\Run: [HDHelp] tbhdhelp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Windows FormatAd] C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE
    O4 - HKLM\..\Run: [SpySpotter] C:\PROGRAM FILES\SPYSPOTTER\SpySpotter.exe
    O4 - HKLM\..\Run: [qq8S36R] CMUPRO32.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [CMD] cmd32.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
    O4 - HKCU\..\Run: [b9r2RWdmh] CARSRTP.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &2 Customize Menu - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComCustomIEMenu.html
    O8 - Extra context menu item: &5 Fill from Identity - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillIdent.html
    O8 - Extra context menu item: &7 Fill Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillForms.html
    O8 - Extra context menu item: &8 Save Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComSavePass.html
    O8 - Extra context menu item: &9 Robo Toolbar - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComShowToolbar.html
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://64.14.193.213/download_1/isetup.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/3112/ftp.coupons.com/r3112/brix6ie.cab
    O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (NetOnCourse Compatibility Test Control) - http://212.199.43.24/events/bin/comptest/milivecomptest.ocx
    O16 - DPF: {5D11F7A5-DB3D-458B-80DF-08EFC77C4F39} (NetOnCourse MILive Participant Control(MR)) - http://62.219.1.103/events/bin/2.1.1.0/MrLivepdp2.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191/central/02030105/cccabs/CleverContent.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/3114/ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4010/ftp.coupons.com/v3121/cpbrkpie.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {7BA16120-B314-4EE4-A676-8B4B33909513} (Invoke Solutions MILive Participant Control(MR)) - http://157.238.134.97/events/bin/media/3.1.0.1109-3.0.0.7203/MILive.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {8AB662FD-CFE0-4D68-96B8-128AFA3C68A6} (CPrtTmpControl Object) - http://eshare.hpphoto.com/download/setup.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} (Invoke Solutions MILive Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/4.0.0.1408-3.0.0.7203/MILive.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
     
  8. Ihatemy_comp

    Ihatemy_comp

    Joined:
    Feb 11, 2005
    Messages:
    30
    As far as the soundcard goes I did a little research into that as I was sorta curious about it. I cant find anything else about it....My thoughts would be to either maybe disable the sound card OR try to reinstall the drivers for it. It's a good possibility that the card could be going out but before going out and buyin one I'd say to try to reinstall the drivers for it first. Also maybe look for a driver update for it rather than install old software. Might just be a glitch with the driver as well.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Get the current HJT

    Dump SpySpotter - http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Print this and boot to safe mode
    Fix these with HJT

    O4 - HKLM\..\Run: [Windows FormatAd] C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE

    O4 - HKLM\..\Run: [SpySpotter] C:\PROGRAM FILES\SPYSPOTTER\SpySpotter.exe

    O4 - HKLM\..\Run: [qq8S36R] CMUPRO32.EXE

    O4 - HKLM\..\RunServices: [CMD] cmd32.exe

    O4 - HKCU\..\Run: [b9r2RWdmh] CARSRTP.EXE

    O4 - Startup: PowerReg Scheduler.exe


    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll

    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spys...tterInstall.cab


    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\SYSTEM\CARSRTP.EXE
    C:\WINDOWS\RunDLL.exe - make sure this folder and not the system folder

    Search for CMUPRO32.EXE should be in C:\WINDOWS\SYSTEM


    Delete these folders

    C:\PROGRAM FILES\WINDOWS FORMATAD


    START – RUN – key in %temp% OK - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  10. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    I got as far as "View Hidden Files". When I open Explorer and go to Tools, I don't see anything that says Folder Options or a View tab. Am I looking in the right place? When I click on Tools, I see Internet Options.
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Windows Explorer not Internet Explorer

    Right click start - click explore
     
  12. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Oh boy, huh?!? Thank you for pointing that difference out to me. I don't see those exact phrases but under Hidden Files, Show all files is selected. I'll keep going and post hjt log again. I wasn't sure where to update that either, so I'm not sure if I actually did when I tried.
     
  13. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Logfile of HijackThis v1.98.2
    Scan saved at 10:03:04 PM, on 02/14/2005
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
    C:\WINDOWS\HDTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TBHDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORMWATCHER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMGR.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\PMADETMG.EXE
    C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\OIUASK.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORMKEEP.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.charter.msn.com/
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [HDTray] hdtray.exe
    O4 - HKLM\..\Run: [HDHelp] tbhdhelp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [qq8S36R] PMADETMG.EXE
    O4 - HKLM\..\Run: [Windows FormatAd] C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [b9r2RWdmh] OIUASK.EXE
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &2 Customize Menu - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComCustomIEMenu.html
    O8 - Extra context menu item: &5 Fill from Identity - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillIdent.html
    O8 - Extra context menu item: &7 Fill Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillForms.html
    O8 - Extra context menu item: &8 Save Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComSavePass.html
    O8 - Extra context menu item: &9 Robo Toolbar - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComShowToolbar.html
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://64.14.193.213/download_1/isetup.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/3112/ftp.coupons.com/r3112/brix6ie.cab
    O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (NetOnCourse Compatibility Test Control) - http://212.199.43.24/events/bin/comptest/milivecomptest.ocx
    O16 - DPF: {5D11F7A5-DB3D-458B-80DF-08EFC77C4F39} (NetOnCourse MILive Participant Control(MR)) - http://62.219.1.103/events/bin/2.1.1.0/MrLivepdp2.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191/central/02030105/cccabs/CleverContent.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/3114/ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4010/ftp.coupons.com/v3121/cpbrkpie.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {7BA16120-B314-4EE4-A676-8B4B33909513} (Invoke Solutions MILive Participant Control(MR)) - http://157.238.134.97/events/bin/media/3.1.0.1109-3.0.0.7203/MILive.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {8AB662FD-CFE0-4D68-96B8-128AFA3C68A6} (CPrtTmpControl Object) - http://eshare.hpphoto.com/download/setup.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} (Invoke Solutions MILive Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/4.0.0.1408-3.0.0.7203/MILive.cab
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these


    O4 - HKLM\..\Run: [qq8S36R] PMADETMG.EXE
    O4 - HKLM\..\Run: [Windows FormatAd] C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE
    O4 - HKCU\..\Run: [b9r2RWdmh] OIUASK.EXE

    Boot to safe mode and delete

    C:\WINDOWS\SYSTEM\PMADETMG.EXE

    C:\PROGRAM FILES\WINDOWS FORMATAD Folder

    C:\WINDOWS\RunDLL.exe

    C:\WINDOWS\SYSTEM\OIUASK.EXE
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Mortician's Memo
  1. life4raj
    Replies:
    0
    Views:
    245
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329533