1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijackthis log

Discussion in 'Virus & Other Malware Removal' started by gamegeek2, Sep 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Hi all,

    I think I've been infected with a hijacker, (something called PeopleonThis, I think it was something like PestScan that found it) so can someone please check my log? Thanks in advance :)

    Logfile of HijackThis v1.98.2
    Scan saved at 08:39:10, on 04/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
     
  2. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Sorry, I forgot to add; all the screen resolution has gone big, the one bigger then 800X600 or something like that, and I can't change it from the control panel 'display' icon..Does anyone have any idea on how to fix this? All I did about a week or so ago, was turn the computer off, and go to sleep, woke up, turned it on, and then: BIG! I've gotten used to it abit though, so if no-one can fix it, then it's okay..Also, if there is an edit button, I can't find it :D
     
  3. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
  4. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Uh..? Bump?! Oh yeah, and it isn't PeopleonThis , but it begins with 'Peopleon'.
     
  5. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    There is no sign of it in your log.....Make sure you are using "normal" startup by doing this: Start>Run>type 'msconfig' (no quotes) and select "Normal" for start mode..Then without rebooting so we don't start whatever has been disabled, Rerun HijackThis and post a new HijackThis log.

    One reason not to bump your post is if we (I) see a log with 4 replies I will usally skip over it, looking for a log with 0 or only one reply.....
     
  6. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    I kinda realised that people normally skip 1+ replies :D There's no edit button at all after I post on this computer tho..

    Anyway, on topic....What is REALLY weird, is that I got hi-jacked yesterday, while I was browsing in www.fictionalley.org (I'm a HP lunatic ;)) when all of a sudden, loads of junk popped up, and downloaded crap onto my computer without my permission (and its not fictionalley.org that had the spyware, they don't have ads). I mean, it wouldn't even let me start the computer up and enter the desktop without bombarding me with toolbars, ads, porn, more downloading crap, and tons of other stuff just appeared, and everything was going VERY slow and lagging (still is), and it is just extremely annoying. Luckily, I had spyware s&d downloaded on the computer (IE wouldn't come up, and for some weird reason, ctrl&alt&delete don't work, dunno why, plus when I used 'Add&Remove' it had tons of junk like 'Internet Optimizer', a type of porn blocke [which downloaded it I guess], 'Slothbar' and numerous other things, but the ads took over comletely and there wasn't enough memory to procees all that was going on, and I had to restart about 3 times) and after about 8 ads, I finally managed to start the checking. (Another weird thing is, that the exact same happened to my brothers comp, and he decided that he couldn't be arsed to get rid of the spyware....)

    Guess how many traces of spyware it came up with?!?! 93. Yes, NINETY-THREE. The main one was the Slothtoolbar , which downloaded all the other spyware onto the comp, and some porn into the favourites folder.

    Anyhow, the msconfig is set to 'Normal' although it could be mistaken for 'Ab-Normal' or something..Here's another HijackThis log:-

    Logfile of HijackThis v1.98.2
    Scan saved at 20:05:54, on 08/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\XQUTOQK.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\STUFF\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [fiuzagox] C:\WINDOWS\SYSTEM\xqutoqk.exe
    O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
    O4 - HKLM\..\Run: [jqzsh] C:\WINDOWS\jqzsh.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    P.S. Is it okay if I get rid of that housecall thing? I don't really need it now that I've got an anti-virus (even though that and zonealarm don't go very well together, I've made it so that zonealarm accepts the anti-virus).

    P.S.S. Sorry for taking long to reply...School and homework and stuff, y'see.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [fiuzagox] C:\WINDOWS\SYSTEM\xqutoqk.exe
    O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
    O4 - HKLM\..\Run: [jqzsh] C:\WINDOWS\jqzsh.exe
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe

    Close all applications and browser windows before you click "fix checked".


    Restart in Safe Mode


    Delete this folder:
    C:\PROGRAM FILES\TV MEDIA

    Delete these files:
    C:\WINDOWS\SYSTEM\xqutoqk.exe
    C:\WINDOWS\jqzsh.exe

    Reboot.

    Download Adaware SE http://lavasoft.element5.com/software/adaware/

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window: Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Reboot and post another HJT log for review.

    Did you get your display fixed?
     
  8. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Thanks for the reply...I'll post another HJT log when I copy it all down (no printer), although it might not be until tomorrow that I can reply, due to stupid school.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    No problem!
     
  10. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    :D Wow, my computer's working all fine, except for the resolution, but I think I'll just check the driver (or get my lazy brother to do it ;)) and whatever.Thanks, jwbirdsong, and mostly cybertech! Oh yeah, and that file, 'C:\WINDOWS\jqzsh.exe' wasn't found..

    Logfile of HijackThis v1.98.2
    Scan saved at 21:45:39, on 08/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\MY DOCUMENTS\STUFF\HIJACKTHIS\HIJACKTHIS.EXE

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\MY DOCUMENTS\FANFICTION\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    And if there is something else in the HJT log, I can't post today..Gotta be tomorrow or something. Thanks!
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)

    Close all applications and browser windows before you click "fix checked".

    Go to Internet Options, Programs
    Click the "Reset Web Settings" Button to reset your home and search pages.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269989

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice