HJT log - please help, the computer is impossible to use

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
I have windows ME; p4 1.5ghz, 640RAM, comcast cable
Recently my computer started running extremely slow, taking about 8 minutes to boot up. Now it only works for about 10 minutes before it crashes.
I've run spybot and it finds no problems, and ad-aware will stop scanning and crash half way through. They are both fully updated. The computer is virtually unusable. Here's my Hijack-This log, I could really use some help on this. Thanks

Logfile of HijackThis v1.98.2
Scan saved at 5:17:00 PM, on 9/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\NETUO.EXE
C:\WINDOWS\SYSTEM\APPCX.EXE
C:\WINDOWS\SYSTEM\IPKK32.EXE
C:\WINDOWS\JAVADB.EXE
C:\WINDOWS\SYSTEM\D3OT.EXE
C:\WINDOWS\SYSTEM\MSAM.EXE
C:\WINDOWS\SYSTEM\MSGD.EXE
C:\WINDOWS\APPLX32.EXE
C:\WINDOWS\WINOR.EXE
C:\WINDOWS\SYSTEM\NETDI32.EXE
C:\WINDOWS\SYSTEM\ADDEU.EXE
C:\WINDOWS\SYSTEM\MFCCP.EXE
C:\WINDOWS\ADDPU32.EXE
C:\WINDOWS\SYSTEM\IPII32.EXE
C:\WINDOWS\JAVAOU.EXE
C:\WINDOWS\CRWD.EXE
C:\WINDOWS\SYSTEM\IERY.EXE
C:\WINDOWS\WINTX32.EXE
C:\WINDOWS\SYSTEM\WINWX.EXE
C:\WINDOWS\CRMP.EXE
C:\WINDOWS\JAVAXG32.EXE
C:\WINDOWS\ADDTV32.EXE
C:\WINDOWS\NETFN.EXE
C:\WINDOWS\SYSTEM\NETPE32.EXE
C:\WINDOWS\SYSTEM\NTBP.EXE
C:\WINDOWS\SYSTEM\WINHG32.EXE
C:\WINDOWS\ATLDQ32.EXE
C:\WINDOWS\WINLH.EXE
C:\WINDOWS\SYSTEM\IEDA32.EXE
C:\WINDOWS\SYSTEM\APIZT.EXE
C:\WINDOWS\SYSTEM\APIZI32.EXE
C:\WINDOWS\NETAP.EXE
C:\WINDOWS\IEMH32.EXE
C:\WINDOWS\CRPG.EXE
C:\WINDOWS\SYSTEM\MSYN.EXE
C:\WINDOWS\SYSTEM\APPJW.EXE
C:\WINDOWS\NETLB32.EXE
C:\WINDOWS\IPGD32.EXE
C:\WINDOWS\SYSTEM\CRWX.EXE
C:\WINDOWS\SYSTEM\IEOB32.EXE
C:\WINDOWS\SYSTEM\ADDWS.EXE
C:\WINDOWS\APIER.EXE
C:\WINDOWS\CRUH32.EXE
C:\WINDOWS\CRZY32.EXE
C:\WINDOWS\SYSTEM\IPHP32.EXE
C:\WINDOWS\NTGU.EXE
C:\WINDOWS\IERP.EXE
C:\WINDOWS\D3WE.EXE
C:\WINDOWS\JAVAEW32.EXE
C:\WINDOWS\WINNE.EXE
C:\WINDOWS\SYSTEM\JAVAXT.EXE
C:\WINDOWS\D3XR.EXE
C:\WINDOWS\SYSTEM\ADDKH.EXE
C:\WINDOWS\APIFR32.EXE
C:\WINDOWS\SYSTEM\SDKYD.EXE
C:\WINDOWS\SYSTEM\D3KA32.EXE
C:\WINDOWS\APILD.EXE
C:\WINDOWS\SYSTEM\NTLI32.EXE
C:\WINDOWS\NETCX32.EXE
C:\WINDOWS\SYSTEM\MFCIR32.EXE
C:\WINDOWS\SYSTEM\ATLDY.EXE
C:\WINDOWS\APIOV.EXE
C:\WINDOWS\IEWJ.EXE
C:\WINDOWS\ADDCO.EXE
C:\WINDOWS\NTAV32.EXE
C:\WINDOWS\APPPC32.EXE
C:\WINDOWS\JAVARQ.EXE
C:\WINDOWS\JAVAVO32.EXE
C:\WINDOWS\SYSTEM\D3PD32.EXE
C:\WINDOWS\JAVAMM32.EXE
C:\WINDOWS\IPFM.EXE
C:\WINDOWS\JAVATE32.EXE
C:\WINDOWS\SYSTEM\JAVANY.EXE
C:\WINDOWS\MFCXD.EXE
C:\WINDOWS\WINWO.EXE
C:\WINDOWS\SYSTEM\SDKVA.EXE
C:\WINDOWS\NTLJ32.EXE
C:\WINDOWS\SYSTEM\IEFB32.EXE
C:\WINDOWS\SYSTEM\IEWD.EXE
C:\WINDOWS\SYSTEM\IPSQ32.EXE
C:\WINDOWS\SYSTEM\D3ZP32.EXE
C:\WINDOWS\SYSTEM\MFCWI32.EXE
C:\WINDOWS\SYSTEM\WINHT32.EXE
C:\WINDOWS\CRKG.EXE
C:\WINDOWS\SYSTEM\MFCVL.EXE
C:\WINDOWS\SYSTEM\ATLHR32.EXE
C:\WINDOWS\MSPY.EXE
C:\WINDOWS\SYSTEM\APPBC32.EXE
C:\WINDOWS\SDKAR32.EXE
C:\WINDOWS\ADDZA.EXE
C:\WINDOWS\NTOP32.EXE
C:\WINDOWS\SDKKU32.EXE
C:\WINDOWS\D3YF.EXE
C:\WINDOWS\ATLRI.EXE
C:\WINDOWS\SYSTEM\MSNM32.EXE
C:\WINDOWS\NTKE.EXE
C:\WINDOWS\SYSTEM\MFCBM.EXE
C:\WINDOWS\SYSTEM\JAVAGX.EXE
C:\WINDOWS\SYSTEM\D3JT32.EXE
C:\WINDOWS\SYSTEM\APPTT.EXE
C:\WINDOWS\SYSTEM\IEFK32.EXE
C:\WINDOWS\SYSTEM\IPEN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\APPCX.EXE
C:\WINDOWS\ADDZA.EXE
C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avbse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\avbse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2AAD032F-C2DB-6300-2B79-91AEA3EAF236} - C:\WINDOWS\SYSTEM\SDKMI.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
O4 - HKLM\..\Run: [NETWY.EXE] C:\WINDOWS\SYSTEM\NETWY.EXE
O4 - HKLM\..\Run: [MSDR.EXE] C:\WINDOWS\SYSTEM\MSDR.EXE
O4 - HKLM\..\Run: [APPTE32.EXE] C:\WINDOWS\SYSTEM\APPTE32.EXE
O4 - HKLM\..\Run: [MFCHG32.EXE] C:\WINDOWS\SYSTEM\MFCHG32.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [MFCOF32.EXE] C:\WINDOWS\SYSTEM\MFCOF32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [APPCX.EXE] C:\WINDOWS\SYSTEM\APPCX.EXE
O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
O4 - HKLM\..\RunServices: [NETUO.EXE] C:\WINDOWS\NETUO.EXE
O4 - HKLM\..\RunServices: [JAVADB.EXE] C:\WINDOWS\JAVADB.EXE
O4 - HKLM\..\RunServices: [MSAM.EXE] C:\WINDOWS\SYSTEM\MSAM.EXE
O4 - HKLM\..\RunServices: [D3OT.EXE] C:\WINDOWS\SYSTEM\D3OT.EXE
O4 - HKLM\..\RunServices: [MSGD.EXE] C:\WINDOWS\SYSTEM\MSGD.EXE
O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE
O4 - HKLM\..\RunServices: [APPLX32.EXE] C:\WINDOWS\APPLX32.EXE
O4 - HKLM\..\RunServices: [NETDI32.EXE] C:\WINDOWS\SYSTEM\NETDI32.EXE
O4 - HKLM\..\RunServices: [ADDEU.EXE] C:\WINDOWS\SYSTEM\ADDEU.EXE
O4 - HKLM\..\RunServices: [IPII32.EXE] C:\WINDOWS\SYSTEM\IPII32.EXE
O4 - HKLM\..\RunServices: [MFCCP.EXE] C:\WINDOWS\SYSTEM\MFCCP.EXE
O4 - HKLM\..\RunServices: [ADDPU32.EXE] C:\WINDOWS\ADDPU32.EXE
O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\JAVAOU.EXE
O4 - HKLM\..\RunServices: [WINTX32.EXE] C:\WINDOWS\WINTX32.EXE
O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\CRWD.EXE
O4 - HKLM\..\RunServices: [IERY.EXE] C:\WINDOWS\SYSTEM\IERY.EXE
O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\SYSTEM\WINWX.EXE
O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [ADDTV32.EXE] C:\WINDOWS\ADDTV32.EXE
O4 - HKLM\..\RunServices: [NETFN.EXE] C:\WINDOWS\NETFN.EXE
O4 - HKLM\..\RunServices: [NETPE32.EXE] C:\WINDOWS\SYSTEM\NETPE32.EXE
O4 - HKLM\..\RunServices: [WINHG32.EXE] C:\WINDOWS\SYSTEM\WINHG32.EXE
O4 - HKLM\..\RunServices: [NTBP.EXE] C:\WINDOWS\SYSTEM\NTBP.EXE
O4 - HKLM\..\RunServices: [ATLDQ32.EXE] C:\WINDOWS\ATLDQ32.EXE
O4 - HKLM\..\RunServices: [APIZI32.EXE] C:\WINDOWS\SYSTEM\APIZI32.EXE
O4 - HKLM\..\RunServices: [APIZT.EXE] C:\WINDOWS\SYSTEM\APIZT.EXE
O4 - HKLM\..\RunServices: [IEDA32.EXE] C:\WINDOWS\SYSTEM\IEDA32.EXE
O4 - HKLM\..\RunServices: [WINLH.EXE] C:\WINDOWS\WINLH.EXE
O4 - HKLM\..\RunServices: [NETAP.EXE] C:\WINDOWS\NETAP.EXE
O4 - HKLM\..\RunServices: [IEMH32.EXE] C:\WINDOWS\IEMH32.EXE
O4 - HKLM\..\RunServices: [MSYN.EXE] C:\WINDOWS\SYSTEM\MSYN.EXE
O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\CRPG.EXE
O4 - HKLM\..\RunServices: [APIER.EXE] C:\WINDOWS\APIER.EXE
O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\IPGD32.EXE
O4 - HKLM\..\RunServices: [APPJW.EXE] C:\WINDOWS\SYSTEM\APPJW.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [CRWX.EXE] C:\WINDOWS\SYSTEM\CRWX.EXE
O4 - HKLM\..\RunServices: [ADDWS.EXE] C:\WINDOWS\SYSTEM\ADDWS.EXE
O4 - HKLM\..\RunServices: [IEOB32.EXE] C:\WINDOWS\SYSTEM\IEOB32.EXE
O4 - HKLM\..\RunServices: [CRUH32.EXE] C:\WINDOWS\CRUH32.EXE
O4 - HKLM\..\RunServices: [IPHP32.EXE] C:\WINDOWS\SYSTEM\IPHP32.EXE
O4 - HKLM\..\RunServices: [CRZY32.EXE] C:\WINDOWS\CRZY32.EXE
O4 - HKLM\..\RunServices: [IERP.EXE] C:\WINDOWS\IERP.EXE
O4 - HKLM\..\RunServices: [NTGU.EXE] C:\WINDOWS\NTGU.EXE
O4 - HKLM\..\RunServices: [JAVAEW32.EXE] C:\WINDOWS\JAVAEW32.EXE
O4 - HKLM\..\RunServices: [D3WE.EXE] C:\WINDOWS\D3WE.EXE
O4 - HKLM\..\RunServices: [WINNE.EXE] C:\WINDOWS\WINNE.EXE
O4 - HKLM\..\RunServices: [JAVAXT.EXE] C:\WINDOWS\SYSTEM\JAVAXT.EXE
O4 - HKLM\..\RunServices: [APIFR32.EXE] C:\WINDOWS\APIFR32.EXE
O4 - HKLM\..\RunServices: [D3XR.EXE] C:\WINDOWS\D3XR.EXE
O4 - HKLM\..\RunServices: [ADDKH.EXE] C:\WINDOWS\SYSTEM\ADDKH.EXE
O4 - HKLM\..\RunServices: [SDKYD.EXE] C:\WINDOWS\SYSTEM\SDKYD.EXE
O4 - HKLM\..\RunServices: [D3KA32.EXE] C:\WINDOWS\SYSTEM\D3KA32.EXE
O4 - HKLM\..\RunServices: [APILD.EXE] C:\WINDOWS\APILD.EXE
O4 - HKLM\..\RunServices: [NETCX32.EXE] C:\WINDOWS\NETCX32.EXE
O4 - HKLM\..\RunServices: [NTLI32.EXE] C:\WINDOWS\SYSTEM\NTLI32.EXE
O4 - HKLM\..\RunServices: [MFCIR32.EXE] C:\WINDOWS\SYSTEM\MFCIR32.EXE
O4 - HKLM\..\RunServices: [IEWJ.EXE] C:\WINDOWS\IEWJ.EXE
O4 - HKLM\..\RunServices: [APIOV.EXE] C:\WINDOWS\APIOV.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
O4 - HKLM\..\RunServices: [ADDCO.EXE] C:\WINDOWS\ADDCO.EXE
O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\NTAV32.EXE
O4 - HKLM\..\RunServices: [APPPC32.EXE] C:\WINDOWS\APPPC32.EXE
O4 - HKLM\..\RunServices: [JAVARQ.EXE] C:\WINDOWS\JAVARQ.EXE
O4 - HKLM\..\RunServices: [D3PD32.EXE] C:\WINDOWS\SYSTEM\D3PD32.EXE
O4 - HKLM\..\RunServices: [JAVAVO32.EXE] C:\WINDOWS\JAVAVO32.EXE
O4 - HKLM\..\RunServices: [JAVATE32.EXE] C:\WINDOWS\JAVATE32.EXE
O4 - HKLM\..\RunServices: [JAVAMM32.EXE] C:\WINDOWS\JAVAMM32.EXE
O4 - HKLM\..\RunServices: [IPFM.EXE] C:\WINDOWS\IPFM.EXE
O4 - HKLM\..\RunServices: [JAVANY.EXE] C:\WINDOWS\SYSTEM\JAVANY.EXE
O4 - HKLM\..\RunServices: [SDKVA.EXE] C:\WINDOWS\SYSTEM\SDKVA.EXE
O4 - HKLM\..\RunServices: [MFCXD.EXE] C:\WINDOWS\MFCXD.EXE
O4 - HKLM\..\RunServices: [WINWO.EXE] C:\WINDOWS\WINWO.EXE
O4 - HKLM\..\RunServices: [NTLJ32.EXE] C:\WINDOWS\NTLJ32.EXE
O4 - HKLM\..\RunServices: [IEFB32.EXE] C:\WINDOWS\SYSTEM\IEFB32.EXE
O4 - HKLM\..\RunServices: [IPSQ32.EXE] C:\WINDOWS\SYSTEM\IPSQ32.EXE
O4 - HKLM\..\RunServices: [IEWD.EXE] C:\WINDOWS\SYSTEM\IEWD.EXE
O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE
O4 - HKLM\..\RunServices: [WINHT32.EXE] C:\WINDOWS\SYSTEM\WINHT32.EXE
O4 - HKLM\..\RunServices: [CRKG.EXE] C:\WINDOWS\CRKG.EXE
O4 - HKLM\..\RunServices: [MFCVL.EXE] C:\WINDOWS\SYSTEM\MFCVL.EXE
O4 - HKLM\..\RunServices: [ATLHR32.EXE] C:\WINDOWS\SYSTEM\ATLHR32.EXE
O4 - HKLM\..\RunServices: [MSPY.EXE] C:\WINDOWS\MSPY.EXE
O4 - HKLM\..\RunServices: [SDKAR32.EXE] C:\WINDOWS\SDKAR32.EXE
O4 - HKLM\..\RunServices: [APPBC32.EXE] C:\WINDOWS\SYSTEM\APPBC32.EXE
O4 - HKLM\..\RunServices: [ADDZA.EXE] C:\WINDOWS\ADDZA.EXE
O4 - HKLM\..\RunServices: [NTOP32.EXE] C:\WINDOWS\NTOP32.EXE
O4 - HKLM\..\RunServices: [ATLRI.EXE] C:\WINDOWS\ATLRI.EXE
O4 - HKLM\..\RunServices: [SDKKU32.EXE] C:\WINDOWS\SDKKU32.EXE
O4 - HKLM\..\RunServices: [D3YF.EXE] C:\WINDOWS\D3YF.EXE
O4 - HKLM\..\RunServices: [MFCBM.EXE] C:\WINDOWS\SYSTEM\MFCBM.EXE
O4 - HKLM\..\RunServices: [MSNM32.EXE] C:\WINDOWS\SYSTEM\MSNM32.EXE
O4 - HKLM\..\RunServices: [NTKE.EXE] C:\WINDOWS\NTKE.EXE
O4 - HKLM\..\RunServices: [JAVAGX.EXE] C:\WINDOWS\SYSTEM\JAVAGX.EXE
O4 - HKLM\..\RunServices: [IEFK32.EXE] C:\WINDOWS\SYSTEM\IEFK32.EXE
O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE
O4 - HKLM\..\RunServices: [IPEN.EXE] C:\WINDOWS\SYSTEM\IPEN.EXE
O4 - HKLM\..\RunServices: [APPTT.EXE] C:\WINDOWS\SYSTEM\APPTT.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bos4RWf7S] DIAAL.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -


That's the entire log. I know how to work Hijack-this, but I don't know what to delete other than the most obvious stuff like the BHOs.
 
Joined
Dec 9, 2000
Messages
45,855
Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.computercops.biz/downloads-cat-14.html

Also download and unzip about:buster ....

http://www.downloads.subratam.org/AboutBuster.zip


Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems.

Run About:buster and save the log it creates


Then run HijackThis and check and "fix" the following entries:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avbse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\avbse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\poisi.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126

O2 - BHO: Class - {2AAD032F-C2DB-6300-2B79-91AEA3EAF236} - C:\WINDOWS\SYSTEM\SDKMI.DLL

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE

O4 - HKLM\..\Run: [NETWY.EXE] C:\WINDOWS\SYSTEM\NETWY.EXE
O4 - HKLM\..\Run: [MSDR.EXE] C:\WINDOWS\SYSTEM\MSDR.EXE
O4 - HKLM\..\Run: [APPTE32.EXE] C:\WINDOWS\SYSTEM\APPTE32.EXE
O4 - HKLM\..\Run: [MFCHG32.EXE] C:\WINDOWS\SYSTEM\MFCHG32.EXE

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c

^^ you are going to install a later version of Ad-Aware as part of this cleanup.

O4 - HKLM\..\Run: [MFCOF32.EXE] C:\WINDOWS\SYSTEM\MFCOF32.EXE

O4 - HKLM\..\RunServices: [APPCX.EXE] C:\WINDOWS\SYSTEM\APPCX.EXE
O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
O4 - HKLM\..\RunServices: [NETUO.EXE] C:\WINDOWS\NETUO.EXE
O4 - HKLM\..\RunServices: [JAVADB.EXE] C:\WINDOWS\JAVADB.EXE
O4 - HKLM\..\RunServices: [MSAM.EXE] C:\WINDOWS\SYSTEM\MSAM.EXE
O4 - HKLM\..\RunServices: [D3OT.EXE] C:\WINDOWS\SYSTEM\D3OT.EXE
O4 - HKLM\..\RunServices: [MSGD.EXE] C:\WINDOWS\SYSTEM\MSGD.EXE
O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE
O4 - HKLM\..\RunServices: [APPLX32.EXE] C:\WINDOWS\APPLX32.EXE
O4 - HKLM\..\RunServices: [NETDI32.EXE] C:\WINDOWS\SYSTEM\NETDI32.EXE
O4 - HKLM\..\RunServices: [ADDEU.EXE] C:\WINDOWS\SYSTEM\ADDEU.EXE
O4 - HKLM\..\RunServices: [IPII32.EXE] C:\WINDOWS\SYSTEM\IPII32.EXE
O4 - HKLM\..\RunServices: [MFCCP.EXE] C:\WINDOWS\SYSTEM\MFCCP.EXE
O4 - HKLM\..\RunServices: [ADDPU32.EXE] C:\WINDOWS\ADDPU32.EXE
O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\JAVAOU.EXE
O4 - HKLM\..\RunServices: [WINTX32.EXE] C:\WINDOWS\WINTX32.EXE
O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\CRWD.EXE
O4 - HKLM\..\RunServices: [IERY.EXE] C:\WINDOWS\SYSTEM\IERY.EXE
O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\SYSTEM\WINWX.EXE
O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [ADDTV32.EXE] C:\WINDOWS\ADDTV32.EXE
O4 - HKLM\..\RunServices: [NETFN.EXE] C:\WINDOWS\NETFN.EXE
O4 - HKLM\..\RunServices: [NETPE32.EXE] C:\WINDOWS\SYSTEM\NETPE32.EXE
O4 - HKLM\..\RunServices: [WINHG32.EXE] C:\WINDOWS\SYSTEM\WINHG32.EXE
O4 - HKLM\..\RunServices: [NTBP.EXE] C:\WINDOWS\SYSTEM\NTBP.EXE
O4 - HKLM\..\RunServices: [ATLDQ32.EXE] C:\WINDOWS\ATLDQ32.EXE
O4 - HKLM\..\RunServices: [APIZI32.EXE] C:\WINDOWS\SYSTEM\APIZI32.EXE
O4 - HKLM\..\RunServices: [APIZT.EXE] C:\WINDOWS\SYSTEM\APIZT.EXE
O4 - HKLM\..\RunServices: [IEDA32.EXE] C:\WINDOWS\SYSTEM\IEDA32.EXE
O4 - HKLM\..\RunServices: [WINLH.EXE] C:\WINDOWS\WINLH.EXE
O4 - HKLM\..\RunServices: [NETAP.EXE] C:\WINDOWS\NETAP.EXE
O4 - HKLM\..\RunServices: [IEMH32.EXE] C:\WINDOWS\IEMH32.EXE
O4 - HKLM\..\RunServices: [MSYN.EXE] C:\WINDOWS\SYSTEM\MSYN.EXE
O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\CRPG.EXE
O4 - HKLM\..\RunServices: [APIER.EXE] C:\WINDOWS\APIER.EXE
O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\IPGD32.EXE
O4 - HKLM\..\RunServices: [APPJW.EXE] C:\WINDOWS\SYSTEM\APPJW.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [CRWX.EXE] C:\WINDOWS\SYSTEM\CRWX.EXE
O4 - HKLM\..\RunServices: [ADDWS.EXE] C:\WINDOWS\SYSTEM\ADDWS.EXE
O4 - HKLM\..\RunServices: [IEOB32.EXE] C:\WINDOWS\SYSTEM\IEOB32.EXE
O4 - HKLM\..\RunServices: [CRUH32.EXE] C:\WINDOWS\CRUH32.EXE
O4 - HKLM\..\RunServices: [IPHP32.EXE] C:\WINDOWS\SYSTEM\IPHP32.EXE
O4 - HKLM\..\RunServices: [CRZY32.EXE] C:\WINDOWS\CRZY32.EXE
O4 - HKLM\..\RunServices: [IERP.EXE] C:\WINDOWS\IERP.EXE
O4 - HKLM\..\RunServices: [NTGU.EXE] C:\WINDOWS\NTGU.EXE
O4 - HKLM\..\RunServices: [JAVAEW32.EXE] C:\WINDOWS\JAVAEW32.EXE
O4 - HKLM\..\RunServices: [D3WE.EXE] C:\WINDOWS\D3WE.EXE
O4 - HKLM\..\RunServices: [WINNE.EXE] C:\WINDOWS\WINNE.EXE
O4 - HKLM\..\RunServices: [JAVAXT.EXE] C:\WINDOWS\SYSTEM\JAVAXT.EXE
O4 - HKLM\..\RunServices: [APIFR32.EXE] C:\WINDOWS\APIFR32.EXE
O4 - HKLM\..\RunServices: [D3XR.EXE] C:\WINDOWS\D3XR.EXE
O4 - HKLM\..\RunServices: [ADDKH.EXE] C:\WINDOWS\SYSTEM\ADDKH.EXE
O4 - HKLM\..\RunServices: [SDKYD.EXE] C:\WINDOWS\SYSTEM\SDKYD.EXE
O4 - HKLM\..\RunServices: [D3KA32.EXE] C:\WINDOWS\SYSTEM\D3KA32.EXE
O4 - HKLM\..\RunServices: [APILD.EXE] C:\WINDOWS\APILD.EXE
O4 - HKLM\..\RunServices: [NETCX32.EXE] C:\WINDOWS\NETCX32.EXE
O4 - HKLM\..\RunServices: [NTLI32.EXE] C:\WINDOWS\SYSTEM\NTLI32.EXE
O4 - HKLM\..\RunServices: [MFCIR32.EXE] C:\WINDOWS\SYSTEM\MFCIR32.EXE
O4 - HKLM\..\RunServices: [IEWJ.EXE] C:\WINDOWS\IEWJ.EXE
O4 - HKLM\..\RunServices: [APIOV.EXE] C:\WINDOWS\APIOV.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
O4 - HKLM\..\RunServices: [ADDCO.EXE] C:\WINDOWS\ADDCO.EXE
O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\NTAV32.EXE
O4 - HKLM\..\RunServices: [APPPC32.EXE] C:\WINDOWS\APPPC32.EXE
O4 - HKLM\..\RunServices: [JAVARQ.EXE] C:\WINDOWS\JAVARQ.EXE
O4 - HKLM\..\RunServices: [D3PD32.EXE] C:\WINDOWS\SYSTEM\D3PD32.EXE
O4 - HKLM\..\RunServices: [JAVAVO32.EXE] C:\WINDOWS\JAVAVO32.EXE
O4 - HKLM\..\RunServices: [JAVATE32.EXE] C:\WINDOWS\JAVATE32.EXE
O4 - HKLM\..\RunServices: [JAVAMM32.EXE] C:\WINDOWS\JAVAMM32.EXE
O4 - HKLM\..\RunServices: [IPFM.EXE] C:\WINDOWS\IPFM.EXE
O4 - HKLM\..\RunServices: [JAVANY.EXE] C:\WINDOWS\SYSTEM\JAVANY.EXE
O4 - HKLM\..\RunServices: [SDKVA.EXE] C:\WINDOWS\SYSTEM\SDKVA.EXE
O4 - HKLM\..\RunServices: [MFCXD.EXE] C:\WINDOWS\MFCXD.EXE
O4 - HKLM\..\RunServices: [WINWO.EXE] C:\WINDOWS\WINWO.EXE
O4 - HKLM\..\RunServices: [NTLJ32.EXE] C:\WINDOWS\NTLJ32.EXE
O4 - HKLM\..\RunServices: [IEFB32.EXE] C:\WINDOWS\SYSTEM\IEFB32.EXE
O4 - HKLM\..\RunServices: [IPSQ32.EXE] C:\WINDOWS\SYSTEM\IPSQ32.EXE
O4 - HKLM\..\RunServices: [IEWD.EXE] C:\WINDOWS\SYSTEM\IEWD.EXE
O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE
O4 - HKLM\..\RunServices: [WINHT32.EXE] C:\WINDOWS\SYSTEM\WINHT32.EXE
O4 - HKLM\..\RunServices: [CRKG.EXE] C:\WINDOWS\CRKG.EXE
O4 - HKLM\..\RunServices: [MFCVL.EXE] C:\WINDOWS\SYSTEM\MFCVL.EXE
O4 - HKLM\..\RunServices: [ATLHR32.EXE] C:\WINDOWS\SYSTEM\ATLHR32.EXE
O4 - HKLM\..\RunServices: [MSPY.EXE] C:\WINDOWS\MSPY.EXE
O4 - HKLM\..\RunServices: [SDKAR32.EXE] C:\WINDOWS\SDKAR32.EXE
O4 - HKLM\..\RunServices: [APPBC32.EXE] C:\WINDOWS\SYSTEM\APPBC32.EXE
O4 - HKLM\..\RunServices: [ADDZA.EXE] C:\WINDOWS\ADDZA.EXE
O4 - HKLM\..\RunServices: [NTOP32.EXE] C:\WINDOWS\NTOP32.EXE
O4 - HKLM\..\RunServices: [ATLRI.EXE] C:\WINDOWS\ATLRI.EXE
O4 - HKLM\..\RunServices: [SDKKU32.EXE] C:\WINDOWS\SDKKU32.EXE
O4 - HKLM\..\RunServices: [D3YF.EXE] C:\WINDOWS\D3YF.EXE
O4 - HKLM\..\RunServices: [MFCBM.EXE] C:\WINDOWS\SYSTEM\MFCBM.EXE
O4 - HKLM\..\RunServices: [MSNM32.EXE] C:\WINDOWS\SYSTEM\MSNM32.EXE
O4 - HKLM\..\RunServices: [NTKE.EXE] C:\WINDOWS\NTKE.EXE
O4 - HKLM\..\RunServices: [JAVAGX.EXE] C:\WINDOWS\SYSTEM\JAVAGX.EXE
O4 - HKLM\..\RunServices: [IEFK32.EXE] C:\WINDOWS\SYSTEM\IEFK32.EXE
O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE
O4 - HKLM\..\RunServices: [IPEN.EXE] C:\WINDOWS\SYSTEM\IPEN.EXE
O4 - HKLM\..\RunServices: [APPTT.EXE] C:\WINDOWS\SYSTEM\APPTT.EXE

O4 - HKCU\..\Run: [bos4RWf7S] DIAAL.EXE



Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them


>>> Reboot and install, UPDATE, and run a full drive Ad-aware SE scan, including the VX2 Plugin. Have Ad-aware remove all it targets, reboot and post a new Scanlog.

Ad-Aware Home Page


http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe
The VX2 plugin will be available in the "add-ons" window once installed and is run from there.
 

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
Thanks, I'm printing the instructions out now and I'll have the log up soon.
 
Joined
Dec 9, 2000
Messages
45,855
You may see additional runservices "random" name exe's in the Scan that will have appeared after your last Scanlog. Check and fix those as well.

In fact, these are the only legitimate ones, keep these, delete the rest:

O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
 

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
Here's the latest log. Sorry I took so long.
I had problems running CW Shredder in safe mode, and I don't think it works anymore, but I scanned several times before with it and it never detected anything.
Logfile of HijackThis v1.98.2
Scan saved at 3:29:53 PM, on 9/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\PICASA\PICASAMEDIADETECTOR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\MFCCA.EXE
C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\JAVAXV.EXE
C:\WINDOWS\SYSTEM\JAVAXV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

O2 - BHO: (no name) - {802CD9A8-8767-5201-029C-9B4DA81F6BE1} - (no file)
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [APIWE32.EXE] C:\WINDOWS\APIWE32.EXE
O4 - HKLM\..\RunServices: [CRAN32.EXE] C:\WINDOWS\CRAN32.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
 

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
My computer is runnning a lot smoother and isn't crashing anymore. Thanks for all the help!!!
 
Joined
Dec 9, 2000
Messages
45,855
Great, but still a little more to do (one of which I should have caught).

Reboot in Safe Mode again and check and "fix" these items:

O2 - BHO: (no name) - {802CD9A8-8767-5201-029C-9B4DA81F6BE1} - (no file)

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE


O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
O4 - HKLM\..\RunServices: [APIWE32.EXE] C:\WINDOWS\APIWE32.EXE
O4 - HKLM\..\RunServices: [CRAN32.EXE] C:\WINDOWS\CRAN32.EXE

C:\WINDOWS\SYSTEM\JAVAXV.EXE >> (you won't see in this in HijackThis, but you still need to manually delete it.)


^^ make sure ALL these files are deleted!!

And run About:buster one more time.

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

^^ delete the TV Media folder in c:\Program Files

more info here: http://pestpatrol.com/pestinfo/t/tv_media_display.asp

After rebooting post another HijackThis Scanlog to confirm all is clean.
 

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
OK, I've been gone for a couple days, and now it seems like about:blank has made a resurgence. I'll follow your instructions, but I probably won't be able to post a log today, as about:buster looks through some 37,000 objects at a painstakingly slow rate.
Is there anyway to speed it up?
 
Joined
Dec 9, 2000
Messages
45,855
No, not really -- though you should probably be running it in Safe Mode. Then run it again on reboot.

Since this type of Hijack morphs readily we are probably not going to be able to fix it unless you post a current hijackthis scanlog and act promptly on the instructions -- not rebooting until you have completed the cleaning.
 

GI Joke

Thread Starter
Joined
Sep 12, 2004
Messages
9
About:buster just finished, however I only ran it once.
Here's my new log:

Logfile of HijackThis v1.98.2
Scan saved at 1:34:49 AM, on 9/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\PICASA\PICASAMEDIADETECTOR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -


I was looking around in my c drive and found a lot of crap that I tried to delete, but I think I accidentally installed the Neotoolbar.
The computer also says that I'm running two programs, "Shopping Wizard and Search Extender" but when I try to unistall them I get an error message claiming they can't be found.
The computer runs much smoother now, but it still takes an extremely long time to boot up. Is this a security issue or something else?

Thanks for all the help, I'm trying to keep up.
 
Joined
Dec 9, 2000
Messages
45,855
Go ahead and check and fix these:

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

They are incomplete, damaged or otherwise suspicious.

Other than that the scanlog looks fine, although I see you have added "neotoolbar" in the interim. I'm not sure what it does, but this is their homepage:

http://www.neocomptech.com/Pages/neohome.html

You can check Add/Remove for it. Or just use HijackThis if you don't want it. (the browser must be closed for "fixes" to work on these)

The other Add/Remove problems may be because you have deleted the unininstall file for the programs. If there are no Program Files folders associated with them, just do this to remove the entries from Add/Remove programs.


Run regedit and navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Scroll down under the "uninstall" key and look for references to those programs in the left pane. You can right click on and delete them. If you don't see them by "name" you will have to select each "CLSID" (the long numbered values) and look in the RIGHT pane for a reference. Don't remove any of these unless you are sure you have the right one. Although you can back up by selecting File > Export and save the key first if you are adventurous. It can be restored with a double click
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top