1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log - please help, the computer is impossible to use

Discussion in 'Virus & Other Malware Removal' started by GI Joke, Sep 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    I have windows ME; p4 1.5ghz, 640RAM, comcast cable
    Recently my computer started running extremely slow, taking about 8 minutes to boot up. Now it only works for about 10 minutes before it crashes.
    I've run spybot and it finds no problems, and ad-aware will stop scanning and crash half way through. They are both fully updated. The computer is virtually unusable. Here's my Hijack-This log, I could really use some help on this. Thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 5:17:00 PM, on 9/12/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\NETUO.EXE
    C:\WINDOWS\SYSTEM\APPCX.EXE
    C:\WINDOWS\SYSTEM\IPKK32.EXE
    C:\WINDOWS\JAVADB.EXE
    C:\WINDOWS\SYSTEM\D3OT.EXE
    C:\WINDOWS\SYSTEM\MSAM.EXE
    C:\WINDOWS\SYSTEM\MSGD.EXE
    C:\WINDOWS\APPLX32.EXE
    C:\WINDOWS\WINOR.EXE
    C:\WINDOWS\SYSTEM\NETDI32.EXE
    C:\WINDOWS\SYSTEM\ADDEU.EXE
    C:\WINDOWS\SYSTEM\MFCCP.EXE
    C:\WINDOWS\ADDPU32.EXE
    C:\WINDOWS\SYSTEM\IPII32.EXE
    C:\WINDOWS\JAVAOU.EXE
    C:\WINDOWS\CRWD.EXE
    C:\WINDOWS\SYSTEM\IERY.EXE
    C:\WINDOWS\WINTX32.EXE
    C:\WINDOWS\SYSTEM\WINWX.EXE
    C:\WINDOWS\CRMP.EXE
    C:\WINDOWS\JAVAXG32.EXE
    C:\WINDOWS\ADDTV32.EXE
    C:\WINDOWS\NETFN.EXE
    C:\WINDOWS\SYSTEM\NETPE32.EXE
    C:\WINDOWS\SYSTEM\NTBP.EXE
    C:\WINDOWS\SYSTEM\WINHG32.EXE
    C:\WINDOWS\ATLDQ32.EXE
    C:\WINDOWS\WINLH.EXE
    C:\WINDOWS\SYSTEM\IEDA32.EXE
    C:\WINDOWS\SYSTEM\APIZT.EXE
    C:\WINDOWS\SYSTEM\APIZI32.EXE
    C:\WINDOWS\NETAP.EXE
    C:\WINDOWS\IEMH32.EXE
    C:\WINDOWS\CRPG.EXE
    C:\WINDOWS\SYSTEM\MSYN.EXE
    C:\WINDOWS\SYSTEM\APPJW.EXE
    C:\WINDOWS\NETLB32.EXE
    C:\WINDOWS\IPGD32.EXE
    C:\WINDOWS\SYSTEM\CRWX.EXE
    C:\WINDOWS\SYSTEM\IEOB32.EXE
    C:\WINDOWS\SYSTEM\ADDWS.EXE
    C:\WINDOWS\APIER.EXE
    C:\WINDOWS\CRUH32.EXE
    C:\WINDOWS\CRZY32.EXE
    C:\WINDOWS\SYSTEM\IPHP32.EXE
    C:\WINDOWS\NTGU.EXE
    C:\WINDOWS\IERP.EXE
    C:\WINDOWS\D3WE.EXE
    C:\WINDOWS\JAVAEW32.EXE
    C:\WINDOWS\WINNE.EXE
    C:\WINDOWS\SYSTEM\JAVAXT.EXE
    C:\WINDOWS\D3XR.EXE
    C:\WINDOWS\SYSTEM\ADDKH.EXE
    C:\WINDOWS\APIFR32.EXE
    C:\WINDOWS\SYSTEM\SDKYD.EXE
    C:\WINDOWS\SYSTEM\D3KA32.EXE
    C:\WINDOWS\APILD.EXE
    C:\WINDOWS\SYSTEM\NTLI32.EXE
    C:\WINDOWS\NETCX32.EXE
    C:\WINDOWS\SYSTEM\MFCIR32.EXE
    C:\WINDOWS\SYSTEM\ATLDY.EXE
    C:\WINDOWS\APIOV.EXE
    C:\WINDOWS\IEWJ.EXE
    C:\WINDOWS\ADDCO.EXE
    C:\WINDOWS\NTAV32.EXE
    C:\WINDOWS\APPPC32.EXE
    C:\WINDOWS\JAVARQ.EXE
    C:\WINDOWS\JAVAVO32.EXE
    C:\WINDOWS\SYSTEM\D3PD32.EXE
    C:\WINDOWS\JAVAMM32.EXE
    C:\WINDOWS\IPFM.EXE
    C:\WINDOWS\JAVATE32.EXE
    C:\WINDOWS\SYSTEM\JAVANY.EXE
    C:\WINDOWS\MFCXD.EXE
    C:\WINDOWS\WINWO.EXE
    C:\WINDOWS\SYSTEM\SDKVA.EXE
    C:\WINDOWS\NTLJ32.EXE
    C:\WINDOWS\SYSTEM\IEFB32.EXE
    C:\WINDOWS\SYSTEM\IEWD.EXE
    C:\WINDOWS\SYSTEM\IPSQ32.EXE
    C:\WINDOWS\SYSTEM\D3ZP32.EXE
    C:\WINDOWS\SYSTEM\MFCWI32.EXE
    C:\WINDOWS\SYSTEM\WINHT32.EXE
    C:\WINDOWS\CRKG.EXE
    C:\WINDOWS\SYSTEM\MFCVL.EXE
    C:\WINDOWS\SYSTEM\ATLHR32.EXE
    C:\WINDOWS\MSPY.EXE
    C:\WINDOWS\SYSTEM\APPBC32.EXE
    C:\WINDOWS\SDKAR32.EXE
    C:\WINDOWS\ADDZA.EXE
    C:\WINDOWS\NTOP32.EXE
    C:\WINDOWS\SDKKU32.EXE
    C:\WINDOWS\D3YF.EXE
    C:\WINDOWS\ATLRI.EXE
    C:\WINDOWS\SYSTEM\MSNM32.EXE
    C:\WINDOWS\NTKE.EXE
    C:\WINDOWS\SYSTEM\MFCBM.EXE
    C:\WINDOWS\SYSTEM\JAVAGX.EXE
    C:\WINDOWS\SYSTEM\D3JT32.EXE
    C:\WINDOWS\SYSTEM\APPTT.EXE
    C:\WINDOWS\SYSTEM\IEFK32.EXE
    C:\WINDOWS\SYSTEM\IPEN.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\APPCX.EXE
    C:\WINDOWS\ADDZA.EXE
    C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avbse.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\avbse.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {2AAD032F-C2DB-6300-2B79-91AEA3EAF236} - C:\WINDOWS\SYSTEM\SDKMI.DLL
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
    O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
    O4 - HKLM\..\Run: [NETWY.EXE] C:\WINDOWS\SYSTEM\NETWY.EXE
    O4 - HKLM\..\Run: [MSDR.EXE] C:\WINDOWS\SYSTEM\MSDR.EXE
    O4 - HKLM\..\Run: [APPTE32.EXE] C:\WINDOWS\SYSTEM\APPTE32.EXE
    O4 - HKLM\..\Run: [MFCHG32.EXE] C:\WINDOWS\SYSTEM\MFCHG32.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
    O4 - HKLM\..\Run: [MFCOF32.EXE] C:\WINDOWS\SYSTEM\MFCOF32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [APPCX.EXE] C:\WINDOWS\SYSTEM\APPCX.EXE
    O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
    O4 - HKLM\..\RunServices: [NETUO.EXE] C:\WINDOWS\NETUO.EXE
    O4 - HKLM\..\RunServices: [JAVADB.EXE] C:\WINDOWS\JAVADB.EXE
    O4 - HKLM\..\RunServices: [MSAM.EXE] C:\WINDOWS\SYSTEM\MSAM.EXE
    O4 - HKLM\..\RunServices: [D3OT.EXE] C:\WINDOWS\SYSTEM\D3OT.EXE
    O4 - HKLM\..\RunServices: [MSGD.EXE] C:\WINDOWS\SYSTEM\MSGD.EXE
    O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE
    O4 - HKLM\..\RunServices: [APPLX32.EXE] C:\WINDOWS\APPLX32.EXE
    O4 - HKLM\..\RunServices: [NETDI32.EXE] C:\WINDOWS\SYSTEM\NETDI32.EXE
    O4 - HKLM\..\RunServices: [ADDEU.EXE] C:\WINDOWS\SYSTEM\ADDEU.EXE
    O4 - HKLM\..\RunServices: [IPII32.EXE] C:\WINDOWS\SYSTEM\IPII32.EXE
    O4 - HKLM\..\RunServices: [MFCCP.EXE] C:\WINDOWS\SYSTEM\MFCCP.EXE
    O4 - HKLM\..\RunServices: [ADDPU32.EXE] C:\WINDOWS\ADDPU32.EXE
    O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\JAVAOU.EXE
    O4 - HKLM\..\RunServices: [WINTX32.EXE] C:\WINDOWS\WINTX32.EXE
    O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\CRWD.EXE
    O4 - HKLM\..\RunServices: [IERY.EXE] C:\WINDOWS\SYSTEM\IERY.EXE
    O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\SYSTEM\WINWX.EXE
    O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
    O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
    O4 - HKLM\..\RunServices: [ADDTV32.EXE] C:\WINDOWS\ADDTV32.EXE
    O4 - HKLM\..\RunServices: [NETFN.EXE] C:\WINDOWS\NETFN.EXE
    O4 - HKLM\..\RunServices: [NETPE32.EXE] C:\WINDOWS\SYSTEM\NETPE32.EXE
    O4 - HKLM\..\RunServices: [WINHG32.EXE] C:\WINDOWS\SYSTEM\WINHG32.EXE
    O4 - HKLM\..\RunServices: [NTBP.EXE] C:\WINDOWS\SYSTEM\NTBP.EXE
    O4 - HKLM\..\RunServices: [ATLDQ32.EXE] C:\WINDOWS\ATLDQ32.EXE
    O4 - HKLM\..\RunServices: [APIZI32.EXE] C:\WINDOWS\SYSTEM\APIZI32.EXE
    O4 - HKLM\..\RunServices: [APIZT.EXE] C:\WINDOWS\SYSTEM\APIZT.EXE
    O4 - HKLM\..\RunServices: [IEDA32.EXE] C:\WINDOWS\SYSTEM\IEDA32.EXE
    O4 - HKLM\..\RunServices: [WINLH.EXE] C:\WINDOWS\WINLH.EXE
    O4 - HKLM\..\RunServices: [NETAP.EXE] C:\WINDOWS\NETAP.EXE
    O4 - HKLM\..\RunServices: [IEMH32.EXE] C:\WINDOWS\IEMH32.EXE
    O4 - HKLM\..\RunServices: [MSYN.EXE] C:\WINDOWS\SYSTEM\MSYN.EXE
    O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\CRPG.EXE
    O4 - HKLM\..\RunServices: [APIER.EXE] C:\WINDOWS\APIER.EXE
    O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\IPGD32.EXE
    O4 - HKLM\..\RunServices: [APPJW.EXE] C:\WINDOWS\SYSTEM\APPJW.EXE
    O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
    O4 - HKLM\..\RunServices: [CRWX.EXE] C:\WINDOWS\SYSTEM\CRWX.EXE
    O4 - HKLM\..\RunServices: [ADDWS.EXE] C:\WINDOWS\SYSTEM\ADDWS.EXE
    O4 - HKLM\..\RunServices: [IEOB32.EXE] C:\WINDOWS\SYSTEM\IEOB32.EXE
    O4 - HKLM\..\RunServices: [CRUH32.EXE] C:\WINDOWS\CRUH32.EXE
    O4 - HKLM\..\RunServices: [IPHP32.EXE] C:\WINDOWS\SYSTEM\IPHP32.EXE
    O4 - HKLM\..\RunServices: [CRZY32.EXE] C:\WINDOWS\CRZY32.EXE
    O4 - HKLM\..\RunServices: [IERP.EXE] C:\WINDOWS\IERP.EXE
    O4 - HKLM\..\RunServices: [NTGU.EXE] C:\WINDOWS\NTGU.EXE
    O4 - HKLM\..\RunServices: [JAVAEW32.EXE] C:\WINDOWS\JAVAEW32.EXE
    O4 - HKLM\..\RunServices: [D3WE.EXE] C:\WINDOWS\D3WE.EXE
    O4 - HKLM\..\RunServices: [WINNE.EXE] C:\WINDOWS\WINNE.EXE
    O4 - HKLM\..\RunServices: [JAVAXT.EXE] C:\WINDOWS\SYSTEM\JAVAXT.EXE
    O4 - HKLM\..\RunServices: [APIFR32.EXE] C:\WINDOWS\APIFR32.EXE
    O4 - HKLM\..\RunServices: [D3XR.EXE] C:\WINDOWS\D3XR.EXE
    O4 - HKLM\..\RunServices: [ADDKH.EXE] C:\WINDOWS\SYSTEM\ADDKH.EXE
    O4 - HKLM\..\RunServices: [SDKYD.EXE] C:\WINDOWS\SYSTEM\SDKYD.EXE
    O4 - HKLM\..\RunServices: [D3KA32.EXE] C:\WINDOWS\SYSTEM\D3KA32.EXE
    O4 - HKLM\..\RunServices: [APILD.EXE] C:\WINDOWS\APILD.EXE
    O4 - HKLM\..\RunServices: [NETCX32.EXE] C:\WINDOWS\NETCX32.EXE
    O4 - HKLM\..\RunServices: [NTLI32.EXE] C:\WINDOWS\SYSTEM\NTLI32.EXE
    O4 - HKLM\..\RunServices: [MFCIR32.EXE] C:\WINDOWS\SYSTEM\MFCIR32.EXE
    O4 - HKLM\..\RunServices: [IEWJ.EXE] C:\WINDOWS\IEWJ.EXE
    O4 - HKLM\..\RunServices: [APIOV.EXE] C:\WINDOWS\APIOV.EXE
    O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
    O4 - HKLM\..\RunServices: [ADDCO.EXE] C:\WINDOWS\ADDCO.EXE
    O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\NTAV32.EXE
    O4 - HKLM\..\RunServices: [APPPC32.EXE] C:\WINDOWS\APPPC32.EXE
    O4 - HKLM\..\RunServices: [JAVARQ.EXE] C:\WINDOWS\JAVARQ.EXE
    O4 - HKLM\..\RunServices: [D3PD32.EXE] C:\WINDOWS\SYSTEM\D3PD32.EXE
    O4 - HKLM\..\RunServices: [JAVAVO32.EXE] C:\WINDOWS\JAVAVO32.EXE
    O4 - HKLM\..\RunServices: [JAVATE32.EXE] C:\WINDOWS\JAVATE32.EXE
    O4 - HKLM\..\RunServices: [JAVAMM32.EXE] C:\WINDOWS\JAVAMM32.EXE
    O4 - HKLM\..\RunServices: [IPFM.EXE] C:\WINDOWS\IPFM.EXE
    O4 - HKLM\..\RunServices: [JAVANY.EXE] C:\WINDOWS\SYSTEM\JAVANY.EXE
    O4 - HKLM\..\RunServices: [SDKVA.EXE] C:\WINDOWS\SYSTEM\SDKVA.EXE
    O4 - HKLM\..\RunServices: [MFCXD.EXE] C:\WINDOWS\MFCXD.EXE
    O4 - HKLM\..\RunServices: [WINWO.EXE] C:\WINDOWS\WINWO.EXE
    O4 - HKLM\..\RunServices: [NTLJ32.EXE] C:\WINDOWS\NTLJ32.EXE
    O4 - HKLM\..\RunServices: [IEFB32.EXE] C:\WINDOWS\SYSTEM\IEFB32.EXE
    O4 - HKLM\..\RunServices: [IPSQ32.EXE] C:\WINDOWS\SYSTEM\IPSQ32.EXE
    O4 - HKLM\..\RunServices: [IEWD.EXE] C:\WINDOWS\SYSTEM\IEWD.EXE
    O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
    O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE
    O4 - HKLM\..\RunServices: [WINHT32.EXE] C:\WINDOWS\SYSTEM\WINHT32.EXE
    O4 - HKLM\..\RunServices: [CRKG.EXE] C:\WINDOWS\CRKG.EXE
    O4 - HKLM\..\RunServices: [MFCVL.EXE] C:\WINDOWS\SYSTEM\MFCVL.EXE
    O4 - HKLM\..\RunServices: [ATLHR32.EXE] C:\WINDOWS\SYSTEM\ATLHR32.EXE
    O4 - HKLM\..\RunServices: [MSPY.EXE] C:\WINDOWS\MSPY.EXE
    O4 - HKLM\..\RunServices: [SDKAR32.EXE] C:\WINDOWS\SDKAR32.EXE
    O4 - HKLM\..\RunServices: [APPBC32.EXE] C:\WINDOWS\SYSTEM\APPBC32.EXE
    O4 - HKLM\..\RunServices: [ADDZA.EXE] C:\WINDOWS\ADDZA.EXE
    O4 - HKLM\..\RunServices: [NTOP32.EXE] C:\WINDOWS\NTOP32.EXE
    O4 - HKLM\..\RunServices: [ATLRI.EXE] C:\WINDOWS\ATLRI.EXE
    O4 - HKLM\..\RunServices: [SDKKU32.EXE] C:\WINDOWS\SDKKU32.EXE
    O4 - HKLM\..\RunServices: [D3YF.EXE] C:\WINDOWS\D3YF.EXE
    O4 - HKLM\..\RunServices: [MFCBM.EXE] C:\WINDOWS\SYSTEM\MFCBM.EXE
    O4 - HKLM\..\RunServices: [MSNM32.EXE] C:\WINDOWS\SYSTEM\MSNM32.EXE
    O4 - HKLM\..\RunServices: [NTKE.EXE] C:\WINDOWS\NTKE.EXE
    O4 - HKLM\..\RunServices: [JAVAGX.EXE] C:\WINDOWS\SYSTEM\JAVAGX.EXE
    O4 - HKLM\..\RunServices: [IEFK32.EXE] C:\WINDOWS\SYSTEM\IEFK32.EXE
    O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE
    O4 - HKLM\..\RunServices: [IPEN.EXE] C:\WINDOWS\SYSTEM\IPEN.EXE
    O4 - HKLM\..\RunServices: [APPTT.EXE] C:\WINDOWS\SYSTEM\APPTT.EXE
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [bos4RWf7S] DIAAL.EXE
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

    That's the entire log. I know how to work Hijack-this, but I don't know what to delete other than the most obvious stuff like the BHOs.
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    You've got a CoolWebSearch hijack. I'll get a security mod to help you further. (y)
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    [​IMG] Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

    Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.computercops.biz/downloads-cat-14.html

    Also download and unzip about:buster ....

    http://www.downloads.subratam.org/AboutBuster.zip


    Then:

    1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems.

    Run About:buster and save the log it creates


    Then run HijackThis and check and "fix" the following entries:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avbse.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\avbse.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\poisi.dll/sp.html#29126

    O2 - BHO: Class - {2AAD032F-C2DB-6300-2B79-91AEA3EAF236} - C:\WINDOWS\SYSTEM\SDKMI.DLL

    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE

    O4 - HKLM\..\Run: [NETWY.EXE] C:\WINDOWS\SYSTEM\NETWY.EXE
    O4 - HKLM\..\Run: [MSDR.EXE] C:\WINDOWS\SYSTEM\MSDR.EXE
    O4 - HKLM\..\Run: [APPTE32.EXE] C:\WINDOWS\SYSTEM\APPTE32.EXE
    O4 - HKLM\..\Run: [MFCHG32.EXE] C:\WINDOWS\SYSTEM\MFCHG32.EXE

    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c

    ^^ you are going to install a later version of Ad-Aware as part of this cleanup.

    O4 - HKLM\..\Run: [MFCOF32.EXE] C:\WINDOWS\SYSTEM\MFCOF32.EXE

    O4 - HKLM\..\RunServices: [APPCX.EXE] C:\WINDOWS\SYSTEM\APPCX.EXE
    O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
    O4 - HKLM\..\RunServices: [NETUO.EXE] C:\WINDOWS\NETUO.EXE
    O4 - HKLM\..\RunServices: [JAVADB.EXE] C:\WINDOWS\JAVADB.EXE
    O4 - HKLM\..\RunServices: [MSAM.EXE] C:\WINDOWS\SYSTEM\MSAM.EXE
    O4 - HKLM\..\RunServices: [D3OT.EXE] C:\WINDOWS\SYSTEM\D3OT.EXE
    O4 - HKLM\..\RunServices: [MSGD.EXE] C:\WINDOWS\SYSTEM\MSGD.EXE
    O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE
    O4 - HKLM\..\RunServices: [APPLX32.EXE] C:\WINDOWS\APPLX32.EXE
    O4 - HKLM\..\RunServices: [NETDI32.EXE] C:\WINDOWS\SYSTEM\NETDI32.EXE
    O4 - HKLM\..\RunServices: [ADDEU.EXE] C:\WINDOWS\SYSTEM\ADDEU.EXE
    O4 - HKLM\..\RunServices: [IPII32.EXE] C:\WINDOWS\SYSTEM\IPII32.EXE
    O4 - HKLM\..\RunServices: [MFCCP.EXE] C:\WINDOWS\SYSTEM\MFCCP.EXE
    O4 - HKLM\..\RunServices: [ADDPU32.EXE] C:\WINDOWS\ADDPU32.EXE
    O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\JAVAOU.EXE
    O4 - HKLM\..\RunServices: [WINTX32.EXE] C:\WINDOWS\WINTX32.EXE
    O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\CRWD.EXE
    O4 - HKLM\..\RunServices: [IERY.EXE] C:\WINDOWS\SYSTEM\IERY.EXE
    O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\SYSTEM\WINWX.EXE
    O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
    O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
    O4 - HKLM\..\RunServices: [ADDTV32.EXE] C:\WINDOWS\ADDTV32.EXE
    O4 - HKLM\..\RunServices: [NETFN.EXE] C:\WINDOWS\NETFN.EXE
    O4 - HKLM\..\RunServices: [NETPE32.EXE] C:\WINDOWS\SYSTEM\NETPE32.EXE
    O4 - HKLM\..\RunServices: [WINHG32.EXE] C:\WINDOWS\SYSTEM\WINHG32.EXE
    O4 - HKLM\..\RunServices: [NTBP.EXE] C:\WINDOWS\SYSTEM\NTBP.EXE
    O4 - HKLM\..\RunServices: [ATLDQ32.EXE] C:\WINDOWS\ATLDQ32.EXE
    O4 - HKLM\..\RunServices: [APIZI32.EXE] C:\WINDOWS\SYSTEM\APIZI32.EXE
    O4 - HKLM\..\RunServices: [APIZT.EXE] C:\WINDOWS\SYSTEM\APIZT.EXE
    O4 - HKLM\..\RunServices: [IEDA32.EXE] C:\WINDOWS\SYSTEM\IEDA32.EXE
    O4 - HKLM\..\RunServices: [WINLH.EXE] C:\WINDOWS\WINLH.EXE
    O4 - HKLM\..\RunServices: [NETAP.EXE] C:\WINDOWS\NETAP.EXE
    O4 - HKLM\..\RunServices: [IEMH32.EXE] C:\WINDOWS\IEMH32.EXE
    O4 - HKLM\..\RunServices: [MSYN.EXE] C:\WINDOWS\SYSTEM\MSYN.EXE
    O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\CRPG.EXE
    O4 - HKLM\..\RunServices: [APIER.EXE] C:\WINDOWS\APIER.EXE
    O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\IPGD32.EXE
    O4 - HKLM\..\RunServices: [APPJW.EXE] C:\WINDOWS\SYSTEM\APPJW.EXE
    O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
    O4 - HKLM\..\RunServices: [CRWX.EXE] C:\WINDOWS\SYSTEM\CRWX.EXE
    O4 - HKLM\..\RunServices: [ADDWS.EXE] C:\WINDOWS\SYSTEM\ADDWS.EXE
    O4 - HKLM\..\RunServices: [IEOB32.EXE] C:\WINDOWS\SYSTEM\IEOB32.EXE
    O4 - HKLM\..\RunServices: [CRUH32.EXE] C:\WINDOWS\CRUH32.EXE
    O4 - HKLM\..\RunServices: [IPHP32.EXE] C:\WINDOWS\SYSTEM\IPHP32.EXE
    O4 - HKLM\..\RunServices: [CRZY32.EXE] C:\WINDOWS\CRZY32.EXE
    O4 - HKLM\..\RunServices: [IERP.EXE] C:\WINDOWS\IERP.EXE
    O4 - HKLM\..\RunServices: [NTGU.EXE] C:\WINDOWS\NTGU.EXE
    O4 - HKLM\..\RunServices: [JAVAEW32.EXE] C:\WINDOWS\JAVAEW32.EXE
    O4 - HKLM\..\RunServices: [D3WE.EXE] C:\WINDOWS\D3WE.EXE
    O4 - HKLM\..\RunServices: [WINNE.EXE] C:\WINDOWS\WINNE.EXE
    O4 - HKLM\..\RunServices: [JAVAXT.EXE] C:\WINDOWS\SYSTEM\JAVAXT.EXE
    O4 - HKLM\..\RunServices: [APIFR32.EXE] C:\WINDOWS\APIFR32.EXE
    O4 - HKLM\..\RunServices: [D3XR.EXE] C:\WINDOWS\D3XR.EXE
    O4 - HKLM\..\RunServices: [ADDKH.EXE] C:\WINDOWS\SYSTEM\ADDKH.EXE
    O4 - HKLM\..\RunServices: [SDKYD.EXE] C:\WINDOWS\SYSTEM\SDKYD.EXE
    O4 - HKLM\..\RunServices: [D3KA32.EXE] C:\WINDOWS\SYSTEM\D3KA32.EXE
    O4 - HKLM\..\RunServices: [APILD.EXE] C:\WINDOWS\APILD.EXE
    O4 - HKLM\..\RunServices: [NETCX32.EXE] C:\WINDOWS\NETCX32.EXE
    O4 - HKLM\..\RunServices: [NTLI32.EXE] C:\WINDOWS\SYSTEM\NTLI32.EXE
    O4 - HKLM\..\RunServices: [MFCIR32.EXE] C:\WINDOWS\SYSTEM\MFCIR32.EXE
    O4 - HKLM\..\RunServices: [IEWJ.EXE] C:\WINDOWS\IEWJ.EXE
    O4 - HKLM\..\RunServices: [APIOV.EXE] C:\WINDOWS\APIOV.EXE
    O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
    O4 - HKLM\..\RunServices: [ADDCO.EXE] C:\WINDOWS\ADDCO.EXE
    O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\NTAV32.EXE
    O4 - HKLM\..\RunServices: [APPPC32.EXE] C:\WINDOWS\APPPC32.EXE
    O4 - HKLM\..\RunServices: [JAVARQ.EXE] C:\WINDOWS\JAVARQ.EXE
    O4 - HKLM\..\RunServices: [D3PD32.EXE] C:\WINDOWS\SYSTEM\D3PD32.EXE
    O4 - HKLM\..\RunServices: [JAVAVO32.EXE] C:\WINDOWS\JAVAVO32.EXE
    O4 - HKLM\..\RunServices: [JAVATE32.EXE] C:\WINDOWS\JAVATE32.EXE
    O4 - HKLM\..\RunServices: [JAVAMM32.EXE] C:\WINDOWS\JAVAMM32.EXE
    O4 - HKLM\..\RunServices: [IPFM.EXE] C:\WINDOWS\IPFM.EXE
    O4 - HKLM\..\RunServices: [JAVANY.EXE] C:\WINDOWS\SYSTEM\JAVANY.EXE
    O4 - HKLM\..\RunServices: [SDKVA.EXE] C:\WINDOWS\SYSTEM\SDKVA.EXE
    O4 - HKLM\..\RunServices: [MFCXD.EXE] C:\WINDOWS\MFCXD.EXE
    O4 - HKLM\..\RunServices: [WINWO.EXE] C:\WINDOWS\WINWO.EXE
    O4 - HKLM\..\RunServices: [NTLJ32.EXE] C:\WINDOWS\NTLJ32.EXE
    O4 - HKLM\..\RunServices: [IEFB32.EXE] C:\WINDOWS\SYSTEM\IEFB32.EXE
    O4 - HKLM\..\RunServices: [IPSQ32.EXE] C:\WINDOWS\SYSTEM\IPSQ32.EXE
    O4 - HKLM\..\RunServices: [IEWD.EXE] C:\WINDOWS\SYSTEM\IEWD.EXE
    O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
    O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE
    O4 - HKLM\..\RunServices: [WINHT32.EXE] C:\WINDOWS\SYSTEM\WINHT32.EXE
    O4 - HKLM\..\RunServices: [CRKG.EXE] C:\WINDOWS\CRKG.EXE
    O4 - HKLM\..\RunServices: [MFCVL.EXE] C:\WINDOWS\SYSTEM\MFCVL.EXE
    O4 - HKLM\..\RunServices: [ATLHR32.EXE] C:\WINDOWS\SYSTEM\ATLHR32.EXE
    O4 - HKLM\..\RunServices: [MSPY.EXE] C:\WINDOWS\MSPY.EXE
    O4 - HKLM\..\RunServices: [SDKAR32.EXE] C:\WINDOWS\SDKAR32.EXE
    O4 - HKLM\..\RunServices: [APPBC32.EXE] C:\WINDOWS\SYSTEM\APPBC32.EXE
    O4 - HKLM\..\RunServices: [ADDZA.EXE] C:\WINDOWS\ADDZA.EXE
    O4 - HKLM\..\RunServices: [NTOP32.EXE] C:\WINDOWS\NTOP32.EXE
    O4 - HKLM\..\RunServices: [ATLRI.EXE] C:\WINDOWS\ATLRI.EXE
    O4 - HKLM\..\RunServices: [SDKKU32.EXE] C:\WINDOWS\SDKKU32.EXE
    O4 - HKLM\..\RunServices: [D3YF.EXE] C:\WINDOWS\D3YF.EXE
    O4 - HKLM\..\RunServices: [MFCBM.EXE] C:\WINDOWS\SYSTEM\MFCBM.EXE
    O4 - HKLM\..\RunServices: [MSNM32.EXE] C:\WINDOWS\SYSTEM\MSNM32.EXE
    O4 - HKLM\..\RunServices: [NTKE.EXE] C:\WINDOWS\NTKE.EXE
    O4 - HKLM\..\RunServices: [JAVAGX.EXE] C:\WINDOWS\SYSTEM\JAVAGX.EXE
    O4 - HKLM\..\RunServices: [IEFK32.EXE] C:\WINDOWS\SYSTEM\IEFK32.EXE
    O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE
    O4 - HKLM\..\RunServices: [IPEN.EXE] C:\WINDOWS\SYSTEM\IPEN.EXE
    O4 - HKLM\..\RunServices: [APPTT.EXE] C:\WINDOWS\SYSTEM\APPTT.EXE

    O4 - HKCU\..\Run: [bos4RWf7S] DIAAL.EXE



    Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

    Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them


    >>> Reboot and install, UPDATE, and run a full drive Ad-aware SE scan, including the VX2 Plugin. Have Ad-aware remove all it targets, reboot and post a new Scanlog.

    Ad-Aware Home Page


    http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe
    The VX2 plugin will be available in the "add-ons" window once installed and is run from there.
     
  4. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    Thanks, I'm printing the instructions out now and I'll have the log up soon.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You may see additional runservices "random" name exe's in the Scan that will have appeared after your last Scanlog. Check and fix those as well.

    In fact, these are the only legitimate ones, keep these, delete the rest:

    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
     
  6. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    Here's the latest log. Sorry I took so long.
    I had problems running CW Shredder in safe mode, and I don't think it works anymore, but I scanned several times before with it and it never detected anything.
    Logfile of HijackThis v1.98.2
    Scan saved at 3:29:53 PM, on 9/14/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\PROGRAM FILES\PICASA\PICASAMEDIADETECTOR.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\MFCCA.EXE
    C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\JAVAXV.EXE
    C:\WINDOWS\SYSTEM\JAVAXV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {802CD9A8-8767-5201-029C-9B4DA81F6BE1} - (no file)
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
    O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
    O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [APIWE32.EXE] C:\WINDOWS\APIWE32.EXE
    O4 - HKLM\..\RunServices: [CRAN32.EXE] C:\WINDOWS\CRAN32.EXE
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
     
  7. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    My computer is runnning a lot smoother and isn't crashing anymore. Thanks for all the help!!!
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Great, but still a little more to do (one of which I should have caught).

    Reboot in Safe Mode again and check and "fix" these items:

    O2 - BHO: (no name) - {802CD9A8-8767-5201-029C-9B4DA81F6BE1} - (no file)

    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE


    O4 - HKLM\..\Run: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
    O4 - HKLM\..\Run: [D3FP32.EXE] C:\WINDOWS\SYSTEM\D3FP32.EXE
    O4 - HKLM\..\RunServices: [APIWE32.EXE] C:\WINDOWS\APIWE32.EXE
    O4 - HKLM\..\RunServices: [CRAN32.EXE] C:\WINDOWS\CRAN32.EXE

    C:\WINDOWS\SYSTEM\JAVAXV.EXE >> (you won't see in this in HijackThis, but you still need to manually delete it.)


    [​IMG] ^^ make sure ALL these files are deleted!!

    And run About:buster one more time.

    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

    ^^ delete the TV Media folder in c:\Program Files

    more info here: http://pestpatrol.com/pestinfo/t/tv_media_display.asp

    After rebooting post another HijackThis Scanlog to confirm all is clean.
     
  9. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    OK, I've been gone for a couple days, and now it seems like about:blank has made a resurgence. I'll follow your instructions, but I probably won't be able to post a log today, as about:buster looks through some 37,000 objects at a painstakingly slow rate.
    Is there anyway to speed it up?
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    No, not really -- though you should probably be running it in Safe Mode. Then run it again on reboot.

    Since this type of Hijack morphs readily we are probably not going to be able to fix it unless you post a current hijackthis scanlog and act promptly on the instructions -- not rebooting until you have completed the cleaning.
     
  11. GI Joke

    GI Joke Thread Starter

    Joined:
    Sep 12, 2004
    Messages:
    9
    About:buster just finished, however I only ran it once.
    Here's my new log:

    Logfile of HijackThis v1.98.2
    Scan saved at 1:34:49 AM, on 9/18/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\PROGRAM FILES\PICASA\PICASAMEDIADETECTOR.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\GAMES\HIJACKTHIS.EXE

    O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
    O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\PROGRAM FILES\PICASA\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck /autofix /autoclose
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

    I was looking around in my c drive and found a lot of crap that I tried to delete, but I think I accidentally installed the Neotoolbar.
    The computer also says that I'm running two programs, "Shopping Wizard and Search Extender" but when I try to unistall them I get an error message claiming they can't be found.
    The computer runs much smoother now, but it still takes an extremely long time to boot up. Is this a security issue or something else?

    Thanks for all the help, I'm trying to keep up.
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Go ahead and check and fix these:

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {0519F3C1-0ED3-4EF1-98F5-CC3FB10218C7} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

    They are incomplete, damaged or otherwise suspicious.

    Other than that the scanlog looks fine, although I see you have added "neotoolbar" in the interim. I'm not sure what it does, but this is their homepage:

    http://www.neocomptech.com/Pages/neohome.html

    You can check Add/Remove for it. Or just use HijackThis if you don't want it. (the browser must be closed for "fixes" to work on these)

    The other Add/Remove problems may be because you have deleted the unininstall file for the programs. If there are no Program Files folders associated with them, just do this to remove the entries from Add/Remove programs.


    Run regedit and navigate to this key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    Scroll down under the "uninstall" key and look for references to those programs in the left pane. You can right click on and delete them. If you don't see them by "name" you will have to select each "CLSID" (the long numbered values) and look in the RIGHT pane for a reference. Don't remove any of these unless you are sure you have the right one. Although you can back up by selecting File > Export and save the key first if you are adventurous. It can be restored with a double click
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273199

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice