Windows Me Problems

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
I have windows Me and it's not starting properly. Sometimes it will start and sometimes it won't, when it does it freezes and when I press alt+ctrl+del it says that Explorer (among other things) are [not responding]. I don't care about anything that I have on it right now, so a complete system recovery would be ok. However, I don't have my recovery discs that Gateway sent, and my computer is no longer under warranty. So really all I want to know is if I can reformat or reinstall windows from somewhere else?
Any help would be appreciated.
Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Boot the computer with a Startup Diskette (Boot Diskette). You can download one from www.bootdisk.com.

Start the computer with the startup diskette and select either Minimum Boot if the diskette is ME compatible, or Command prompt without CD support if Windows 98 compatible. You can use any of these.

At the prompt type the following and press Enter after each line:

C:
cd\
dir precopy*.* /s

If the installation files are present in your computer, these commands will allow you to identify their location. Let us know their location.
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
when I typed the commands in, I didn't get anything when i typed the (cd\) prompt. However, when I typed the (dir precopy*.* /s) I got this:

Volume in drive C has no label
Volume Serial Number is 3FB6-875E

Directory of C:\CABS

PRECOPY1 CAB 3,265,135 27/06/00 17:57
1 file(s) 3,265,135 bytes

Directory of C:\WINDOWS

PRECOPY1 CAB 3,228,864 21/06/00 18:41
1 file(s) 3,228,864 bytes

Total files listed :
2 file(s) 6,493,999 bytes
0 dir(s) 17,649.63 MB free
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Chances are that the installation files are in C:\CABS.

Bring the computer to a command prompt as you did before. At the propt typ the following pressing Enter after each line:

C:
cd\
cd CABS
SETUP

Let me know the outcome.
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
Please wait while Setup initializes.

Setup is now going to perform a routine check on your system.

To continue, press ENTER. To quit Setup, press ESC.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
You will need the Certificate of Authenticity. Forgot to tell you that. It is ussually on a sticker in the back of the computer. Is ussually called the Product Key.

Follow instructions on screen.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I'll be off for the night. Let me know how it goes and I will receive the message tomorow. Best wishes!
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
ok I did all the promts and it setup and did all that, but when I restarted, it told me to insert the gateway drivers kit CD and stuff, but thats what i don't have.
so it loaded windows, but a ton of errors came up and then the after i said OK to each one i couldn't load any programs and it was just all around slow
so thats what happened up to this point
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Ok, you will need to reload all your Drivers.

Right lick on My Computer icon and select Properties, then the Device Manager tab. Check all devices that appear with an exclamation sign next to them. Reload the software for printers, cameras, scanners, ....etc. All devices connected to the computer. Your Video, Sound and Modem (Internal devices) drivers must also be reloaded if the devices exists. If unavailable, post the type (Brand and Model) of the device that appears in the Device Manager for the device in conflict. These can be dowloaded from the Internet, and some times from the Windows Update site.

Post the Gateway computer's model and series. With that inormation we may be able to locate those drivers. In most of the occasions, Gateway will provide this drivers kit CD free of charge based on the computer serial number (not related to the series number).

Post this info and lets see how we may help you.
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
I checked the devices under the Device Manager tab (which took forever to wait for everything to respond), but nothing there had an exlimation with it. All the device seemed to be loaded somehow.
My computer is a Gateway Performance 1400
If there's anything else you need to know just post a relpy
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I need to see a Hijackhis log.

http://forums.techguy.org/t110854.html

After running Hijackthis, save the log. Copy and paste its contents in a reply.

After producing the Hijackthis log (Not before), try this as to trouble shoot if the main problem may be the cause of your Startup programs:

Run Msconfig. (Start->Run, type Msconfig, click Ok). Select the Startup tab. Deselect all programs from the list except for the following:

Systemtray
Scanregistry
*Statemgr

After selecting only these programs, click Apply, then Ok, restart the computer when prompted. At boot, you will be reminded that the computer is booting as a selective startup. Check the box as not to remind you any more and do not allow Windows to run the Configuration utility to that effect. Let me know if any progress.

Post also the exact error messages being received.
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
This is my log that it gave me:


Logfile of HijackThis v1.99.0
Scan saved at 7:18:29 PM, on 1/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
A:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
O2 - BHO: CATLEvents Object - {C69FA570-7FDE-4C49-A7BC-CB1CF24BE66B} - C:\WINDOWS\TEMP\CMEVAW.DAT
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\WINDOWS\TEMP\PAKSAT.DAT
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\JAVA\CONTROLF1\STMeeting25.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://downloads.taxslayer.com/olf2003/netinstall001/disk1/setup.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

Here is the errors that I've been getting:

1) In dos befrore windows has loaded it says

Error: NAV Auto-Protect is unable to start!
SYMEVNT.386 is not loaded. You may want to reinstall Norton AnitVirus to correct the problem.
Press any key to continue. . . .

2)After Windows has loaded it is a RUNDLL Error,

Error loading C:\PROGRA~1\WIDTA~1\APPS\CDA\CDAENG~1.DLL

Thats all of it
Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Your computer is loaded with Malware. First go to the Control Panel and Uninstall Wild Tangent. Make sure that you delete the folder C:\Program files\Wild Tangent after uninstalling this program throghout the Add/Remove Programs option in the comptrol Panel. Not before.

There are entries for the Weatherbug in the log. If you have not uninstalled Weatherbug before, also uninstall this program.

There are also entries associated with the Vundo trojan. Download and run these utilities and eliminate all malware found:

http://securityresponse.symantec.com/avcenter/FixVundo.exe

CWShredder

http://www.majorgeeks.com/download4086.html

Adaware

http://www.lavasoftusa.com/support/download/

Spybot Search and Destroy

http://spybot.eon.net.au/en/download/index.html

It is possible that the presence of all this malware have affected the Norton Installation. Uninstall Norton.

To uninstal Norton completely, you may want to run the following utility, if applies based on the software version. Before reinstalling Norton you must make sure is completely removed from the computer. In fact, I do not see norton in your statup programs. It could be due to remains ater uninstallation:

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

Once you do this, and all malware have been removed, make sure all entries in MSconfig->Startup tab are selected and perform another Hijackthis scan and post the new log's contents after saving it in a reply.
 

byrdnsd

Thread Starter
Joined
Jan 23, 2005
Messages
18
This is my new log file


Logfile of HijackThis v1.99.0
Scan saved at 12:47:26 PM, on 1/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\IPCONFIG.EXE
A:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
O4 - HKLM\..\Run: [bgregjyj] C:\WINDOWS\stpjntud.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\ohbzshfd.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\JAVA\CONTROLF1\STMeeting25.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://downloads.taxslayer.com/olf2003/netinstall001/disk1/setup.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
We still have some issues in the log:

Check the Control Panel's Add/Remove Programs feature for Active Alert, Internet Optimizer, KAZAA, Comet Cursor, PowerSearch toolbar for IE, and KeenValue . Remove the programs if exists.

Update you VirusScan definitions and run a full virusscan. I would also recommend that you run at least two on-line virusscans. Select any two in the following link:

http://forums.techguy.org/t110854.htm

Afterwards, not before, run Hijackthis and fix the following if exist:(Remember, all startup programs must be running during the HJT Scan)

O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
O4 - HKLM\..\Run: [bgregjyj] C:\WINDOWS\stpjntud.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Once done, restart the computer and post a new HJT log to take a Final look at it.

Let me know how the computer behaves afterwards.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top