1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Me Problems

Discussion in 'Earlier Versions of Windows' started by byrdnsd, Jan 23, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    I have windows Me and it's not starting properly. Sometimes it will start and sometimes it won't, when it does it freezes and when I press alt+ctrl+del it says that Explorer (among other things) are [not responding]. I don't care about anything that I have on it right now, so a complete system recovery would be ok. However, I don't have my recovery discs that Gateway sent, and my computer is no longer under warranty. So really all I want to know is if I can reformat or reinstall windows from somewhere else?
    Any help would be appreciated.
    Thanks
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Boot the computer with a Startup Diskette (Boot Diskette). You can download one from www.bootdisk.com.

    Start the computer with the startup diskette and select either Minimum Boot if the diskette is ME compatible, or Command prompt without CD support if Windows 98 compatible. You can use any of these.

    At the prompt type the following and press Enter after each line:

    C:
    cd\
    dir precopy*.* /s

    If the installation files are present in your computer, these commands will allow you to identify their location. Let us know their location.
     
  3. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    when I typed the commands in, I didn't get anything when i typed the (cd\) prompt. However, when I typed the (dir precopy*.* /s) I got this:

    Volume in drive C has no label
    Volume Serial Number is 3FB6-875E

    Directory of C:\CABS

    PRECOPY1 CAB 3,265,135 27/06/00 17:57
    1 file(s) 3,265,135 bytes

    Directory of C:\WINDOWS

    PRECOPY1 CAB 3,228,864 21/06/00 18:41
    1 file(s) 3,228,864 bytes

    Total files listed :
    2 file(s) 6,493,999 bytes
    0 dir(s) 17,649.63 MB free
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Chances are that the installation files are in C:\CABS.

    Bring the computer to a command prompt as you did before. At the propt typ the following pressing Enter after each line:

    C:
    cd\
    cd CABS
    SETUP

    Let me know the outcome.
     
  5. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    Please wait while Setup initializes.

    Setup is now going to perform a routine check on your system.

    To continue, press ENTER. To quit Setup, press ESC.
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You will need the Certificate of Authenticity. Forgot to tell you that. It is ussually on a sticker in the back of the computer. Is ussually called the Product Key.

    Follow instructions on screen.
     
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I'll be off for the night. Let me know how it goes and I will receive the message tomorow. Best wishes!
     
  8. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    ok I did all the promts and it setup and did all that, but when I restarted, it told me to insert the gateway drivers kit CD and stuff, but thats what i don't have.
    so it loaded windows, but a ton of errors came up and then the after i said OK to each one i couldn't load any programs and it was just all around slow
    so thats what happened up to this point
     
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Ok, you will need to reload all your Drivers.

    Right lick on My Computer icon and select Properties, then the Device Manager tab. Check all devices that appear with an exclamation sign next to them. Reload the software for printers, cameras, scanners, ....etc. All devices connected to the computer. Your Video, Sound and Modem (Internal devices) drivers must also be reloaded if the devices exists. If unavailable, post the type (Brand and Model) of the device that appears in the Device Manager for the device in conflict. These can be dowloaded from the Internet, and some times from the Windows Update site.

    Post the Gateway computer's model and series. With that inormation we may be able to locate those drivers. In most of the occasions, Gateway will provide this drivers kit CD free of charge based on the computer serial number (not related to the series number).

    Post this info and lets see how we may help you.
     
  10. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    I checked the devices under the Device Manager tab (which took forever to wait for everything to respond), but nothing there had an exlimation with it. All the device seemed to be loaded somehow.
    My computer is a Gateway Performance 1400
    If there's anything else you need to know just post a relpy
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I need to see a Hijackhis log.

    http://forums.techguy.org/t110854.html

    After running Hijackthis, save the log. Copy and paste its contents in a reply.

    After producing the Hijackthis log (Not before), try this as to trouble shoot if the main problem may be the cause of your Startup programs:

    Run Msconfig. (Start->Run, type Msconfig, click Ok). Select the Startup tab. Deselect all programs from the list except for the following:

    Systemtray
    Scanregistry
    *Statemgr

    After selecting only these programs, click Apply, then Ok, restart the computer when prompted. At boot, you will be reminded that the computer is booting as a selective startup. Check the box as not to remind you any more and do not allow Windows to run the Configuration utility to that effect. Let me know if any progress.

    Post also the exact error messages being received.
     
  12. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    This is my log that it gave me:


    Logfile of HijackThis v1.99.0
    Scan saved at 7:18:29 PM, on 1/25/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    A:\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
    O2 - BHO: CATLEvents Object - {C69FA570-7FDE-4C49-A7BC-CB1CF24BE66B} - C:\WINDOWS\TEMP\CMEVAW.DAT
    O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\WINDOWS\TEMP\PAKSAT.DAT
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL (file missing)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
    O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
    O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
    O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
    O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
    O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
    O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
    O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
    O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
    O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
    O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
    O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
    O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
    O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
    O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
    O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
    O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
    O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
    O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\JAVA\CONTROLF1\STMeeting25.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://downloads.taxslayer.com/olf2003/netinstall001/disk1/setup.exe
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

    Here is the errors that I've been getting:

    1) In dos befrore windows has loaded it says

    Error: NAV Auto-Protect is unable to start!
    SYMEVNT.386 is not loaded. You may want to reinstall Norton AnitVirus to correct the problem.
    Press any key to continue. . . .

    2)After Windows has loaded it is a RUNDLL Error,

    Error loading C:\PROGRA~1\WIDTA~1\APPS\CDA\CDAENG~1.DLL

    Thats all of it
    Thanks
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Your computer is loaded with Malware. First go to the Control Panel and Uninstall Wild Tangent. Make sure that you delete the folder C:\Program files\Wild Tangent after uninstalling this program throghout the Add/Remove Programs option in the comptrol Panel. Not before.

    There are entries for the Weatherbug in the log. If you have not uninstalled Weatherbug before, also uninstall this program.

    There are also entries associated with the Vundo trojan. Download and run these utilities and eliminate all malware found:

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    CWShredder

    http://www.majorgeeks.com/download4086.html

    Adaware

    http://www.lavasoftusa.com/support/download/

    Spybot Search and Destroy

    http://spybot.eon.net.au/en/download/index.html

    It is possible that the presence of all this malware have affected the Norton Installation. Uninstall Norton.

    To uninstal Norton completely, you may want to run the following utility, if applies based on the software version. Before reinstalling Norton you must make sure is completely removed from the computer. In fact, I do not see norton in your statup programs. It could be due to remains ater uninstallation:

    http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

    Once you do this, and all malware have been removed, make sure all entries in MSconfig->Startup tab are selected and perform another Hijackthis scan and post the new log's contents after saving it in a reply.
     
  14. byrdnsd

    byrdnsd Thread Starter

    Joined:
    Jan 23, 2005
    Messages:
    18
    This is my new log file


    Logfile of HijackThis v1.99.0
    Scan saved at 12:47:26 PM, on 1/26/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\ARES\ARES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
    C:\WINDOWS\IPCONFIG.EXE
    A:\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
    O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL (file missing)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
    O4 - HKLM\..\Run: [bgregjyj] C:\WINDOWS\stpjntud.exe
    O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
    O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\ohbzshfd.exe
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
    O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
    O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
    O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
    O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
    O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
    O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
    O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
    O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
    O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
    O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
    O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
    O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
    O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
    O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
    O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
    O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
    O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
    O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
    O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
    O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\JAVA\CONTROLF1\STMeeting25.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://downloads.taxslayer.com/olf2003/netinstall001/disk1/setup.exe
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    We still have some issues in the log:

    Check the Control Panel's Add/Remove Programs feature for Active Alert, Internet Optimizer, KAZAA, Comet Cursor, PowerSearch toolbar for IE, and KeenValue . Remove the programs if exists.

    Update you VirusScan definitions and run a full virusscan. I would also recommend that you run at least two on-line virusscans. Select any two in the following link:

    http://forums.techguy.org/t110854.htm

    Afterwards, not before, run Hijackthis and fix the following if exist:(Remember, all startup programs must be running during the HJT Scan)

    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
    O4 - HKLM\..\Run: [bgregjyj] C:\WINDOWS\stpjntud.exe
    O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
    O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
    O4 - HKLM\..\Run: [TCPKB] C:\WINDOWS\INF\TCPKB.EXE
    O4 - HKLM\..\Run: [BINMFC] C:\WINDOWS\SYSTEM32\BINMFC.EXE
    O4 - HKLM\..\Run: [*IISMSVC] C:\WINDOWS\SYSTEM32\IISMSVC.EXE
    O4 - HKLM\..\Run: [*DVDDB] C:\WINDOWS\DVDDB.EXE
    O4 - HKLM\..\Run: [*MSPS] C:\WINDOWS\MSAGENT\CHARS\MSPS.EXE
    O4 - HKLM\..\Run: [*SRVWMS] C:\WINDOWS\SYSTEM32\DRIVERS\SRVWMS.EXE
    O4 - HKLM\..\Run: [*INFOREG] C:\WINDOWS\WEB\INFOREG.EXE
    O4 - HKLM\..\Run: [*KEYAS] C:\WINDOWS\APPPATCH\KEYAS.EXE
    O4 - HKLM\..\Run: [*EXPINFO] C:\WINDOWS\SYSTEM32\EXPINFO.EXE
    O4 - HKLM\..\Run: [*KEYBAS] C:\WINDOWS\MSAGENT\CHARS\KEYBAS.EXE
    O4 - HKLM\..\Run: [*SVCINFO] C:\WINDOWS\SYSTEM\DIRECTX\MIGRATE\SVCINFO.EXE
    O4 - HKLM\..\Run: [*DVDFONT] C:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DVDFONT.EXE
    O4 - HKLM\..\Run: [*DOCODBC] C:\WINDOWS\CONFIG\DOCODBC.EXE
    O4 - HKLM\..\Run: [*TASKAP] C:\WINDOWS\SYSTEM\TASKAP.EXE
    O4 - HKLM\..\Run: [*APWAVE] C:\WINDOWS\MSAGENT\CHARS\APWAVE.EXE
    O4 - HKLM\..\Run: [*svcvss] C:\WINDOWS\MSAGENT\SVCVSS.EXE
    O4 - HKLM\..\Run: [*wavemc] C:\WINDOWS\WAVEMC.EXE
    O4 - HKLM\..\Run: [*fontad] C:\WINDOWS\WEB\FONTAD.EXE
    O4 - HKLM\..\Run: [*bakplay] C:\WINDOWS\APPPATCH\BAKPLAY.EXE
    O4 - HKLM\..\Run: [Insert CD] C:\WINDOWS\Temp\Insertcd.exe
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    Once done, restart the computer and post a new HJT log to take a Final look at it.

    Let me know how the computer behaves afterwards.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/322794

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice