Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
Hi, I can make my way around a computer pretty easily, and I've worked out how to fix other problems on my PC but this one has me completely stumped! :tazz:

Yesterday, I downloaded a program called smartstamp from the Royal Mail website, which required me to re-boot my PC. After it re-booted, I started to get error messages saying:
""C:\WINNT\system32\tqd32.dll"Umonitor" or ""C:\WINNT\system32\mrhtmled.dll"Umonitor"...

the .dll file changes every time but the error is the same.

I was also getting an error message EVERY time I logged on saying:
Could not find the main class. Program will exit - about JAVA RUNTIME.

I know this may have been a dumb move) but I uninstalled JAVA VM from my PC. :thumbsup:

I found a post with a similar issue and downloaded l2mfix and have run options 1 & 2. That seemed to fix the above .dll error msg - which isn't appearing anymore, but my PC is still all messed up.


Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 14:47:55, on 26/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Bcpc\bcpc.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\xp1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {1FF4CDD1-E870-2587-FBFB-323419255B74} - C:\WINNT\apiow32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINNT\System32\IEDriver\IExplore.exe /U
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System Update] C:\WINNT\System32\hgpuupab.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bxndsc] C:\WINNT\System32\bxndsc.exe
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [winar32.exe] C:\WINNT\winar32.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [OSS] C:\WINNT\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [BCPC] "C:\Program Files\Bcpc\bcpc.exe"
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\xp1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [Dvx] C:\WINNT\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINNT\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\Run: [PPPOEO] pingppac.exe
O4 - HKLM\..\RunServices: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Dns Resolver] dnsrslve.exe
O4 - Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Musica - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\default-musica\entrar.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} -
O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/12wfwr1d.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://www.xzoomy.co...over/060585.exe
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymen...ild/vbiewer.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...b554534b5ddf9bd
O16 - DPF: {191FAC4F-28DA-0F40-89E9-632B0C8C5789} -
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...19/payload2.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} -
O16 - DPF: {368F9E58-6422-6704-C2DC-5B305E69D789} -
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://connect.onlin...LiveContent.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} -
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.chicasmar.../ruboskizo2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093443095581
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://ocx2.advnt01....ionale_ver3.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....bc14/games1.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} -
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} -
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FE} -
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) -
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.host...ler/1025962.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.zestyfind...app/DS4/DS4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusear.../WUInstSEWC.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} -
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC66084-8F9D-4DA7-920C-F17B8920657A}: NameServer =
O20 - Winlogon Notify: draw32 - C:\WINNT\SYSTEM32\draw32.dll
O21 - SSODL: System - {FCE746D3-CBBD-4928-AFD7-C6E55C0CC2E7} - sysw.dll (file missing)
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINNT\System32\winpnp32.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe
O23 - Service: Network Security Service (%AF) - Unknown owner - C:\WINNT\atlty.exe


ConfusedTwin... ;)
  • 0




    New Member

  • Member
  • Pip
  • 1 posts
I think that you're infected with a worm:



  • 0



    New Member

  • Member
  • Pip
  • 2 posts
Thanks 'Dinglehart'

Your thread to- http://www.trendmicr...BOT.AQM&VSect=T

sorted my 'pingppac.exe' problem.

It was doing my head in! A real nasty little beasty that would NOT go away until I found your pointer to 'trendmicro'.


  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks so much for the reply. :tazz:

I tried getting rid of the worm and I think I may have - but my PC is still all messed up.

The main problem now is that Word, all my office programs and email attachments won't work at all. They just open and then then sit with an egg timer forever and you can't do anything - open a file or edit a file or anything.

When I first turn on my PC, it seems to work fine but then after a few minutes, it's not working anymore!

At first the internet wouldn't work either - but that's working okay for now.

It's doing my head in! :thumbsup: really annoying and making my PC life really difficult.

If anyone can help - please PLEASE hep!


ConfusedTwin... ;)
  • 0


  • Guest
Hi confusedtwin

I f you are still in need off help Please post a new HijackThis.log

Thank You

Kc :tazz:
  • 0



    New Member

  • Member
  • Pip
  • 2 posts
Hi Confused Twin

Try installing and running (don't forget to update first) Ad-aware and Spybot.
After I'd followed the 'Trendmicro' process I ran these 2 and they picked up loads of crap the worm had left behind, once got rid of my machine returned to normal.
Full download, installation and running info for Ad-aware & Spybot can be found at www.pc-cyberdok.co.uk

Also when you have installed Spybot go to advanced mode/tools/system start up and check what is running at start up, if you find anything that looks malicious disable it, but be careful, if your not sure what an item is leave it alone or do a web search to find out exactly what it does.

Good luck

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP