1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

explorer problem

Discussion in 'All Other Software' started by patd, Apr 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    Can someone help?
    On startup,I get an error:
    'The shortcut Gstartup.lnk refers to a location that is unavailable.the location could be on a harddrive on this computer or on a network.check to make sure the disk is properly inserted or that you are connected to the internet,then try again'

    then once the desktop is loaded,I cannot open internet explorer,I keep getting an error:
    'Explorer has caused an error in MSIESH.DLL.Explorer will now close,try restarting.'

    ..when I check the properties of explorer, the default address is
    ' res://mshp.dll/index.html#10213'.

    What is wrong with the explorer?
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download Hijackthis.
    Create a folder on your hard drive and save it there.
    Unzip the file and extract it to the folder you have created.
    Scan your machine, then click on Save Log.

    Post a copy back here and someone will be happy to review it.

    Don't make any changes until instructed to do so.
     
  4. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    I followed the link from your first post and did the 'fix'.
    It must of helped because I restarted . I still got the 'Gstartup.lnk' shortcut message but I was able to access the internet. I didn't follow your second post yet,but thank you for your quick helpful response
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    HJT will allow us to see where that bad link is so you can remove it ;)
     
  6. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    Every time I try to reply here with the HJT results that I cut/paste,
    When I hit 'reply' I get an 'unknown' error and explorer shuts down,
    WhenI try to restart , I get a 'surftrust bone has caused an error' or a
    'sysai' not responding, ???
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to "Post Reply" and use the Manage Attachments button to get the file here.
     
  8. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    here is the HJT
     

    Attached Files:

    • hjt.txt
      File size:
      7.5 KB
      Views:
      98
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Posting log...


    Logfile of HijackThis v1.97.7
    Scan saved at 7:51:03 PM, on 4/13/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\SYSAI\SYSAI.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\REF EGGS VIEW\SURF TRUST BONE.EXE
    C:\WINDOWS\WINUPD.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
    C:\WINDOWS\SXCHOST.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 11;64.136.18.160;64.136.18.164;64.136.29.34;209.247.165.140;64.136.19.170;209.247.164.50;64.136.21.30;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.aol.com;*.earthlink.com;*.nyc.office.juno.com;*.corp.netzero.net;;localhost;<local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\SWPortal.html
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\PLG0\APROPOSPLUGIN.DLL
    O2 - BHO: (no name) - {A9DC5AC2-F3B3-570E-208A-E829C77CA580} - C:\PROGRAM FILES\OPTION LIST WAVE\PEAKEXIT.DLL
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Hole Play Gpl - {A6313E59-95C7-A88E-BC09-76646A9742E2} - C:\PROGRAM FILES\OPTION LIST WAVE\PEAKEXIT.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
    O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [Gram Active] C:\PROGRA~1\REFEGG~1\Surf Trust Bone.exe
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
    O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [yaquierosexoes] C:\yaquierosexoes\YAQUIEROSEXOES.EXE -t
    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/026698.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {95612D1D-F6AB-4EC5-BE9F-B544861DA2B7} (IEDial Class) - http://usa-download.nocreditcardgay.com/download/Object/DialerHTML/dhtml2.cab
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamg.redhotnetworks.com/cabs/videox.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/318da50674eb54e01821/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37872.7041319444
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  11. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    Ran the scan, my Mcafee kept interupting,finding the infected files as housecall did, I couldn't seem to post a log from housecall but one thing was obvious,I did a McA scan, all along I've seen the problem but ignored,both scans showed me the infected files, all located in
    C:\_RESTORE\TEMP\A000***,most are 'potentially unwanted', but 2 of them:
    Downloader-DS and Multidropper-GP.d are infected and with the rest of the Adware-gator,pop,showsearch, cannot be deleted or quarentined and are 'write protected'.
    I'm embarrassed to say that I saw them in previous scans but thought I was helpless to remove. Can I assume that as long as they are there,they are dangerous? Is this a WinME 'fault'?
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Is your McAfee current? What version are you using and what level are your dat files?

    If it's current start in safe mode and do a full scan.

    I'd like to see a current HJT log so I know where you're at. You do have some baddies to remove based on the original log.
     
  13. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    here is the hjt in safe, I don't know the McA vers,it is updated almost daily and I scan regularly.
     

    Attached Files:

  14. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,923
    First Name:
    Rob
    There's definitely some adaware or virus looking at your Hijackthis log.

    In IE go to Tools -> Internet Options -> and delete Files and Cookies.

    To remove any Spyware or Adware that may be installed on your machine, download and install Adaware and Spybot. Then update each program before scanning. Fix ALL problems found by either of the programs. You may need to reboot and have the scan run at startup. Run it again to make sure all components have been removed. There is also an Immunize in feature in Spybot that should be enabled to protect against some installations of Adware/Spyware.

    Ad-aware and Spybot:
    http://spywareinfo.com/downloads.php?cat=sp#det

    As for the files in C:\_Restore they are protected, here's soem instructions on how to clean them:
    http://service1.symantec.com/SUPPOR...8825696500726d13?OpenDocument&src=bar_sch_nam

    Then rescan with Housecall or Symantec's online scan: http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=TBOWYHGBYNCJEIMXQKC
     
  15. patd

    patd Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    105
    Hello again,
    I followed your last instruc,disabled system restore,ran adware,updated and ran spybot s&D,then ran my udated McAfee scan ( did not do housecall ), and finally came up clean .I then enabled system restore. I did not realize that these things hiding in '_RESTORE' were causing so much trouble. Am I out of trouble?

    I REALLY appreciate you folks taking the time to walk me through this mess.
    Thank you
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219693

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice