Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Dr Watson , unable to open folder

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts
I know you members must be gettin sick of this , but i really need your help

its the same problem , i've done the ad-adware, and all them little virus debugger things
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
forgot to add the htf , sorry , i really do need you help

Logfile of HijackThis v1.99.1
Scan saved at 23:53:18, on 05/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Anthony Formela\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BD9F01E8-BBEC-4791-99A6-0B3141961A1C} - C:\WINDOWS\system32\mfcfu32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32info] c:\windows\system32\win32info.exe /noconnect
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [33939760.exe] C:\WINDOWS\System32\33939760.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /nocomm
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [pmcqt] c:\windows\system32\pmcqt.exe /nocomm
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [netci32.exe] C:\WINDOWS\system32\netci32.exe
O4 - HKLM\..\Run: [crrf32.exe] C:\WINDOWS\system32\crrf32.exe
O4 - HKLM\..\Run: [addmu.exe] C:\WINDOWS\system32\addmu.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [apidu32.exe] C:\WINDOWS\system32\apidu32.exe
O4 - HKLM\..\Run: [apirv32.exe] C:\WINDOWS\system32\apirv32.exe
O4 - HKLM\..\Run: [mfcur32.exe] C:\WINDOWS\system32\mfcur32.exe
O4 - HKLM\..\Run: [croa32.exe] C:\WINDOWS\system32\croa32.exe
O4 - HKLM\..\Run: [mfchk32.exe] C:\WINDOWS\system32\mfchk32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mskh32.exe] C:\WINDOWS\system32\mskh32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [msdo.exe] C:\WINDOWS\system32\msdo.exe
O4 - HKLM\..\Run: [addcn32.exe] C:\WINDOWS\system32\addcn32.exe
O4 - HKLM\..\Run: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\system32\javawz.exe
O4 - HKLM\..\Run: [apixd.exe] C:\WINDOWS\system32\apixd.exe
O4 - HKLM\..\Run: [apihm32.exe] C:\WINDOWS\system32\apihm32.exe
O4 - HKLM\..\Run: [Chin Mags Glue Title] C:\Documents and Settings\All Users\Application Data\BALL DATA CHIN MAGS\GLUE PING.exe
O4 - HKLM\..\Run: [ntom.exe] C:\WINDOWS\system32\ntom.exe
O4 - HKLM\..\Run: [ntel32.exe] C:\WINDOWS\system32\ntel32.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\pfbgxw.dll,_mainRD
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DoesLiteSurfMulti] C:\Documents and Settings\All Users\Application Data\phone thunk does lite\meal aim.exe
O4 - HKLM\..\Run: [netji.exe] C:\WINDOWS\system32\netji.exe
O4 - HKLM\..\Run: [javahg.exe] C:\WINDOWS\system32\javahg.exe
O4 - HKLM\..\Run: [sysuu.exe] C:\WINDOWS\system32\sysuu.exe
O4 - HKLM\..\Run: [roqzyik] c:\windows\system32\roqzyik.exe -start
O4 - HKLM\..\Run: [VBEPVQWR] c:\windows\system32\vbepvqwr.exe /install
O4 - HKLM\..\Run: [sysdxvid] c:\windows\system32\sysdxvid.exe /nocomm
O4 - HKLM\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Main32] c:\windows\system32\main32.exe
O4 - HKCU\..\Run: [Main16] c:\windows\system32\main16.exe
O4 - HKCU\..\Run: [Pwr32ctrl] c:\windows\system32\pwr32ctrl.exe
O4 - HKCU\..\Run: [Sysint16] c:\windows\system32\sysint16.exe
O4 - HKCU\..\Run: [Cmx32] c:\windows\system32\cmx32.exe
O4 - HKCU\..\Run: [Diskinf] c:\windows\system32\diskinf.exe
O4 - HKCU\..\Run: [Mousecntl] c:\windows\system32\mousecntl.exe
O4 - HKCU\..\Run: [real about] C:\DOCUME~1\ANTHON~1\APPLIC~1\BINVCL~1\type mode phone.exe
O4 - HKCU\..\Run: [Kbddrv32] c:\windows\system32\kbddrv32.exe
O4 - HKCU\..\Run: [Dllreg] c:\windows\system32\dllreg.exe
O4 - HKCU\..\Run: [Infdisk] c:\windows\system32\infdisk.exe
O4 - HKCU\..\Run: [Sd32info] c:\windows\system32\sd32info.exe
O4 - HKCU\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - HKCU\..\Run: [Unldr32] c:\windows\system32\unldr32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKCU\..\Run: [Videocntl] c:\windows\system32\videocntl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...dtc32_EN_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://www.sexprovid...S04/install.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F69F1E4E-49CF-11D7-8240-00024402D8D1} (LofRa Control) - file://C:\Documents and Settings\Anthony Formela\Desktop\LofR.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\System32\Wt32exe.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) ( 6Q'8) - Unknown owner - C:\WINDOWS\system32\winis.exe
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
PLEASE , I REALLY DO NEED ANY ONES HELP , i wouldnt bother you , if i havnt tryed everything else already
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP