windows ME unstable; Ads; Exc. Exc.....

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

abcdef

Thread Starter
Banned
Joined
Jan 23, 2004
Messages
11
ya ive got Windows ME and i JUST like one week ago had to delte my whole hardrive and reinstall ME... so now im havin probs AGAIN. i have these weird Ads that come up after nowhere and i also have this gay old lycos sidesearch crap and stuff adaware freezes up wen i run it about half why thro and i have to delete jus the ones ive found so far...... its not a big deal its not very stable but its dealable i guess
 
Joined
Apr 26, 2003
Messages
5,837
We need to see what is going on with your computer. A scan by HiJackThis will tell us a lot and allow us to advise you. Please do the following:

Create a folder in C:\Program Files and label it HiJackThis. This is where you will download the executable file. This is also the folder where your HJT backups will be stored. Click Here to download the file.

Close all windows, including this and any other browser windows. Launch HJT and click the Scan button. When the scan is finished, the Scan button will have changed to Save Log. Click that and save the log to your HJT folder. DO NOT CHANGE ANYTHING YET. Most of the listed items are harmless or even essential. Wait for recommendations from someone trained in HJT log file interpretation.

Now open the saved log file... In the toolbar at the top of the window under Edit, select Select All. Copy (Ctrl+C) the text and paste (Ctrl+V) it into a reply in this thread.
 

abcdef

Thread Starter
Banned
Joined
Jan 23, 2004
Messages
11
Logfile of HijackThis v1.97.7
Scan saved at 5:11:19 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\YJ0W9I31.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HGL9Z9P3\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?s=searchicon&c=2C01&lc=0409
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (file missing)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
O4 - HKLM\..\RunServices: [Compaq_RBA] C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 5RYGELY3.lnk = C:\WINDOWS\5rygely3.exe
O4 - Startup: KOX0W6A3.lnk = C:\WINDOWS\kox0w6a3.exe
O4 - Startup: WBP6LLNU.lnk = C:\WINDOWS\wbp6llnu.exe
O4 - Startup: RL80ZF46.lnk = C:\WINDOWS\rl80zf46.exe
O4 - Startup: NQWR7E09.lnk = C:\WINDOWS\nqwr7e09.exe
O4 - Startup: YJ0W9I31.lnk = C:\WINDOWS\yj0w9i31.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38071.8488078704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

Couriant

James
Trusted Advisor
Spam Fighter
Joined
Mar 26, 2002
Messages
36,205
run HJT again and delete:

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (file missing)

O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
Related to SmartCard readers and sometimes uses lots of system resources

O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 5RYGELY3.lnk = C:\WINDOWS\5rygely3.exe
O4 - Startup: KOX0W6A3.lnk = C:\WINDOWS\kox0w6a3.exe
O4 - Startup: WBP6LLNU.lnk = C:\WINDOWS\wbp6llnu.exe
O4 - Startup: RL80ZF46.lnk = C:\WINDOWS\rl80zf46.exe
O4 - Startup: NQWR7E09.lnk = C:\WINDOWS\nqwr7e09.exe
O4 - Startup: YJ0W9I31.lnk = C:\WINDOWS\yj0w9i31.exe

These alphanumerical file, search for them and delete the ones you find.

Also run Spybot S&D, Lavasoft Ad-Aware (if it can go the distance) and CWShredder. See if they can find anything. To stop pop-ups, try using PopUp Stopper. Also install Spyware Blaster. I have all the links below for you.
 

Triple6

Rob
Moderator
Joined
Dec 26, 2002
Messages
52,933
These aren't legit files:
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 5RYGELY3.lnk = C:\WINDOWS\5rygely3.exe
O4 - Startup: KOX0W6A3.lnk = C:\WINDOWS\kox0w6a3.exe
O4 - Startup: WBP6LLNU.lnk = C:\WINDOWS\wbp6llnu.exe
O4 - Startup: RL80ZF46.lnk = C:\WINDOWS\rl80zf46.exe
O4 - Startup: NQWR7E09.lnk = C:\WINDOWS\nqwr7e09.exe
O4 - Startup: YJ0W9I31.lnk = C:\WINDOWS\yj0w9i31.exe

Do an online Virus scan to double check that you don't have a virus.

Symantec:
http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=TBOWYHGBYNCJEIMXQKC

Trend Micro:
http://housecall.trendmicro.com


In IE go to Tools -> Internet Options -> and delete Files and Cookies.

To remove any Spyware or Adware that may be installed on your machine, download and install Adaware and Spybot. Then update each program before scanning. Fix ALL problems found by either of the programs. You may need to reboot and have the scan run at startup. Run it again to make sure all components have been removed. There is also an Immunize in feature in Spybot that should be enabled to protect against some installations of Adware/Spyware.

Ad-aware and Spybot:
http://spywareinfo.com/downloads.php?cat=sp#det

Then post a new Hijack This Log to have someone analysis it for further cleaning/recommendations.
 

Couriant

James
Trusted Advisor
Spam Fighter
Joined
Mar 26, 2002
Messages
36,205
Also do yo have a Windows Servcices Protected Storage program open? (as in at the time you did the log?
 
Joined
Apr 26, 2003
Messages
5,837
First, move the HJT executable file out of the TEMP folder and into it's own permanent folder. This is needed because that is where the backups for what you remove with HJT will be stored.

Turn off ME's System restore.

Disabling or enabling Windows ME System Restore.

Run the virus scans (2) recommended by Triple6.

Restart your computer

These files (in bold type) should be deleted in Safe Mode.

How to start your computer in Safe mode

O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe <--- this file
O4 - Startup: 5RYGELY3.lnk = C:\WINDOWS\5rygely3.exe <--- this file
O4 - Startup: KOX0W6A3.lnk = C:\WINDOWS\kox0w6a3.exe <--- this file
O4 - Startup: WBP6LLNU.lnk = C:\WINDOWS\wbp6llnu.exe <--- this file
O4 - Startup: RL80ZF46.lnk = C:\WINDOWS\rl80zf46.exe <--- this file
O4 - Startup: NQWR7E09.lnk = C:\WINDOWS\nqwr7e09.exe <--- this file
O4 - Startup: YJ0W9I31.lnk = C:\WINDOWS\yj0w9i31.exe <--- this file

Restart your computer, run a new HJT scan and post it here
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top