explorer problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
Can someone help?
On startup,I get an error:
'The shortcut Gstartup.lnk refers to a location that is unavailable.the location could be on a harddrive on this computer or on a network.check to make sure the disk is properly inserted or that you are connected to the internet,then try again'

then once the desktop is loaded,I cannot open internet explorer,I keep getting an error:
'Explorer has caused an error in MSIESH.DLL.Explorer will now close,try restarting.'

..when I check the properties of explorer, the default address is
' res://mshp.dll/index.html#10213'.

What is wrong with the explorer?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download Hijackthis.
Create a folder on your hard drive and save it there.
Unzip the file and extract it to the folder you have created.
Scan your machine, then click on Save Log.

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.
 

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
I followed the link from your first post and did the 'fix'.
It must of helped because I restarted . I still got the 'Gstartup.lnk' shortcut message but I was able to access the internet. I didn't follow your second post yet,but thank you for your quick helpful response
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
HJT will allow us to see where that bad link is so you can remove it ;)
 

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
Every time I try to reply here with the HJT results that I cut/paste,
When I hit 'reply' I get an 'unknown' error and explorer shuts down,
WhenI try to restart , I get a 'surftrust bone has caused an error' or a
'sysai' not responding, ???
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Go to "Post Reply" and use the Manage Attachments button to get the file here.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Posting log...


Logfile of HijackThis v1.97.7
Scan saved at 7:51:03 PM, on 4/13/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYSAI\SYSAI.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\REF EGGS VIEW\SURF TRUST BONE.EXE
C:\WINDOWS\WINUPD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\WINDOWS\SXCHOST.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 11;64.136.18.160;64.136.18.164;64.136.29.34;209.247.165.140;64.136.19.170;209.247.164.50;64.136.21.30;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.aol.com;*.earthlink.com;*.nyc.office.juno.com;*.corp.netzero.net;;localhost;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\SWPortal.html
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\PLG0\APROPOSPLUGIN.DLL
O2 - BHO: (no name) - {A9DC5AC2-F3B3-570E-208A-E829C77CA580} - C:\PROGRAM FILES\OPTION LIST WAVE\PEAKEXIT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Hole Play Gpl - {A6313E59-95C7-A88E-BC09-76646A9742E2} - C:\PROGRAM FILES\OPTION LIST WAVE\PEAKEXIT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [Gram Active] C:\PROGRA~1\REFEGG~1\Surf Trust Bone.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [yaquierosexoes] C:\yaquierosexoes\YAQUIEROSEXOES.EXE -t
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/026698.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {95612D1D-F6AB-4EC5-BE9F-B544861DA2B7} (IEDial Class) - http://usa-download.nocreditcardgay.com/download/Object/DialerHTML/dhtml2.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamg.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/318da50674eb54e01821/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37872.7041319444
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
 

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
Ran the scan, my Mcafee kept interupting,finding the infected files as housecall did, I couldn't seem to post a log from housecall but one thing was obvious,I did a McA scan, all along I've seen the problem but ignored,both scans showed me the infected files, all located in
C:\_RESTORE\TEMP\A000***,most are 'potentially unwanted', but 2 of them:
Downloader-DS and Multidropper-GP.d are infected and with the rest of the Adware-gator,pop,showsearch, cannot be deleted or quarentined and are 'write protected'.
I'm embarrassed to say that I saw them in previous scans but thought I was helpless to remove. Can I assume that as long as they are there,they are dangerous? Is this a WinME 'fault'?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Is your McAfee current? What version are you using and what level are your dat files?

If it's current start in safe mode and do a full scan.

I'd like to see a current HJT log so I know where you're at. You do have some baddies to remove based on the original log.
 

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
here is the hjt in safe, I don't know the McA vers,it is updated almost daily and I scan regularly.
 

Attachments

Triple6

Rob
Moderator
Joined
Dec 26, 2002
Messages
52,933
There's definitely some adaware or virus looking at your Hijackthis log.

In IE go to Tools -> Internet Options -> and delete Files and Cookies.

To remove any Spyware or Adware that may be installed on your machine, download and install Adaware and Spybot. Then update each program before scanning. Fix ALL problems found by either of the programs. You may need to reboot and have the scan run at startup. Run it again to make sure all components have been removed. There is also an Immunize in feature in Spybot that should be enabled to protect against some installations of Adware/Spyware.

Ad-aware and Spybot:
http://spywareinfo.com/downloads.php?cat=sp#det

As for the files in C:\_Restore they are protected, here's soem instructions on how to clean them:
http://service1.symantec.com/SUPPOR...8825696500726d13?OpenDocument&src=bar_sch_nam

Then rescan with Housecall or Symantec's online scan: http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=TBOWYHGBYNCJEIMXQKC
 

patd

Thread Starter
Joined
Apr 12, 2004
Messages
105
Hello again,
I followed your last instruc,disabled system restore,ran adware,updated and ran spybot s&D,then ran my udated McAfee scan ( did not do housecall ), and finally came up clean .I then enabled system restore. I did not realize that these things hiding in '_RESTORE' were causing so much trouble. Am I out of trouble?

I REALLY appreciate you folks taking the time to walk me through this mess.
Thank you
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top