HELPER100.dll is ruining my life

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SteelTownIII

Thread Starter
Joined
Feb 10, 2005
Messages
2
I was attempting to rid my comp of unwanted spyware via SpyWare Killer Pro. in the process i've wound up with this damn Helper100.dll. it wont let me access my computer, windows explorer, or my documents. i have run a number of other spyware programs to try and solve the problem. i'm out of ideas.
please help me

here is my hijack this log...

Logfile of HijackThis v1.99.0
Scan saved at 2:12:16 PM, on 2/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WSQPTVVW\EUWDF8HM.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\WSQPTVVW\MH8FDWUE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\STINGER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3gqjjbn2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3gqjjbn2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {1789E1AF-E38B-CFE0-9CBA-0812A9C5386F} - C:\windows\system\rypkbtwq.dll (file missing)
O2 - BHO: (no name) - {1B4FC662-CBF7-BC9F-CEB6-D424B42F9003} - C:\windows\system\kbwdsaoj.dll (file missing)
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll
O2 - BHO: SDWin32 Class - {C36C92E4-95AC-4BED-A744-149230C19BDD} - C:\WINDOWS\SYSTEM\DCVUR.DLL
O2 - BHO: (no name) - {E155EDD6-FA1E-4876-8FB2-5FB358014EBE} - (no file)
O2 - BHO: (no name) - {12ABCEC4-AA89-4629-15EA-11EF49FCEE25} - C:\WINDOWS\Uhkmkxdu.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\COSMI\SPYWAR~1\POP\ABG_PL~1.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: Search - {92FCCAD6-2DDA-D2FD-8451-3DDEE339648B} - C:\WINDOWS\Uhkmkxdu.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Qw0GQ5Ex] C:\PROGRA~1\WSQPTVVW\EUWDF8HM.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O19 - User stylesheet: (file missing)
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Let me know what kind of trouble i'm in
thanks a ton
-SteelTown
 

SteelTownIII

Thread Starter
Joined
Feb 10, 2005
Messages
2
I was attempting to rid my comp of unwanted spyware via SpyWare Killer Pro. in the process i've wound up with this damn Helper100.dll. it wont let me access my computer, windows explorer, or my documents. i have run a number of other spyware programs to try and solve the problem. i'm out of ideas.
please help me

here is my hijack this log...

Logfile of HijackThis v1.99.0
Scan saved at 2:12:16 PM, on 2/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WSQPTVVW\EUWDF8HM.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\WSQPTVVW\MH8FDWUE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\STINGER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3gqjjbn2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3gqjjbn2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {1789E1AF-E38B-CFE0-9CBA-0812A9C5386F} - C:\windows\system\rypkbtwq.dll (file missing)
O2 - BHO: (no name) - {1B4FC662-CBF7-BC9F-CEB6-D424B42F9003} - C:\windows\system\kbwdsaoj.dll (file missing)
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll
O2 - BHO: SDWin32 Class - {C36C92E4-95AC-4BED-A744-149230C19BDD} - C:\WINDOWS\SYSTEM\DCVUR.DLL
O2 - BHO: (no name) - {E155EDD6-FA1E-4876-8FB2-5FB358014EBE} - (no file)
O2 - BHO: (no name) - {12ABCEC4-AA89-4629-15EA-11EF49FCEE25} - C:\WINDOWS\Uhkmkxdu.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\COSMI\SPYWAR~1\POP\ABG_PL~1.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: Search - {92FCCAD6-2DDA-D2FD-8451-3DDEE339648B} - C:\WINDOWS\Uhkmkxdu.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Qw0GQ5Ex] C:\PROGRA~1\WSQPTVVW\EUWDF8HM.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/gam...nts/y/et1_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall...meInstaller.exe
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.30/Hiwire.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/gam...nts/y/jt0_x.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/gam...ts/y/dct2_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/gam...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/gam...nts/y/pt0_x.cab
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gi...in/mgaxctrl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O19 - User stylesheet: (file missing)
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Let me know what kind of trouble i'm in
thanks a ton
-SteelTown
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,728
You've got the following problems that I see right off the bat:

about:blank - Read here.

wintools - Read here.

No antivirus program installed and running. :eek:

---------------------------------------------------------------

Click Start - Run, type in MSCONFIG, then click Ok - Startup(tab). Make sure that the following are checked:

ScanRegistry

SystemTray


I don't see them listed in the startup list, and these 2 should always be running in the background.

After you do that, uncheck the following:

realplay.exe

mstask.exe

qttask.exe

wkdetect.exe


These are unnecessary and don't need to be running in the background.

Also, do a "find" for qttask.exe, then delete it.

Click Apply - OK, then reboot.

---------------------------------------------------------------

Go to the spyware tools section at www.majorgeeks.com and download Ad-Aware SE Personal 1.05 and Spybot - Search & Destroy 1.3. Install them both, then run their update function to get them up-to-date with the latest files. Run a full system scan with Ad-Aware, then select and delete everything it finds. Run a scan with Spybot, then select and delete everything in red that it finds.

----------------------------------------------------------------

Go into the C:\WINDOWS\Downloaded Program Files folder. If any of the activeX programs listed there show a status of "Damaged" or "Unknown", delete those that do.

----------------------------------------------------------------

Once you've done the above, post a new log here.

Hopefully, someone more experienced than me will jump into this post and assist you further.

----------------------------------------------------------------
 
Joined
Sep 7, 2004
Messages
49,014
Deep trouble!!!! Lots to do so take it slow and easy

First you MUST move HJT to a permanent folder like C:\HJT and NOT the desktop

Download but don’t run CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html

Print this out
Boot to safe mode

Open cwshredder.exe then click "Fix" and let it run.

Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: (no name) - {1789E1AF-E38B-CFE0-9CBA-0812A9C5386F} - C:\windows\system\rypkbtwq.dll (file missing)

O2 - BHO: (no name) - {1B4FC662-CBF7-BC9F-CEB6-D424B42F9003} - C:\windows\system\kbwdsaoj.dll (file missing)

O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll

O2 - BHO: SDWin32 Class - {C36C92E4-95AC-4BED-A744-149230C19BDD} - C:\WINDOWS\SYSTEM\DCVUR.DLL

O2 - BHO: (no name) - {E155EDD6-FA1E-4876-8FB2-5FB358014EBE} - (no file)

O2 - BHO: (no name) - {12ABCEC4-AA89-4629-15EA-11EF49FCEE25} - C:\WINDOWS\Uhkmkxdu.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O3 - Toolbar: Search - {92FCCAD6-2DDA-D2FD-8451-3DDEE339648B} - C:\WINDOWS\Uhkmkxdu.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [Qw0GQ5Ex] C:\PROGRA~1\WSQPTVVW\EUWDF8HM.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot

O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot

O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe

O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.30/Hiwire.cab


O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O19 - User stylesheet: (file missing)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file



View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\PROGRAM FILES\COMMON FILES\WINTOOLS
C:\PROGRAM FILES\TOOLBAR
C:\PROGRAM FILES\WSQPTVVW
C:\Program Files\NaviSearch
C:\PROGRAM FILES\SURFSIDEKICK 2

Delete these files

C:\WINDOWS\Helper100.dll
C:\WINDOWS\SYSTEM\DCVUR.DLL
C:\WINDOWS\Uhkmkxdu.dll


START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin
Boot and post a new log
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,728
MFDnSC:

Thanks for jumping in. I knew this was too much for me to handle. :eek:
 
Joined
Sep 7, 2004
Messages
49,014
flavallee said:
MFDnSC:

Thanks for jumping in. I knew this was too much for me to handle. :eek:
Maybe too much for me, but we'll see - Thanks for pointing out the AV, I saw the sript blocking and let it fade away, eyes we in a blur getting all (most) of the entries
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
I've merged the threads.

SteelTownIII, Welcome to TSG.

Please do not start new threads for the same problem. Continue to reply to this thread until it's resolved.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top