Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT Log


  • Please log in to reply

#31
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
-- Scan 1 --------
About:Buster Version 1.32
Removed! : C:\WINDOWS\wgiyis.dat
Removed! : C:\WINDOWS\jqwfcu.dat
Removed! : C:\WINDOWS\lluehe.dat
Removed! : C:\WINDOWS\wtohjl.dat
Removed! : C:\WINDOWS\zmeosk.dat
Removed! : C:\WINDOWS\xqqira.dat
Error Removing! : C:\WINDOWS\sycmct.dat
Removed! : C:\WINDOWS\clfaod.dat
Error Removing! : C:\WINDOWS\ihjxom.dat
Removed! : C:\WINDOWS\kxsrev.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 1.32
Removed! : C:\WINDOWS\sycmct.dat
Error Removing! : C:\WINDOWS\ihjxom.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 3 --------
About:Buster Version 1.32
Removed! : C:\WINDOWS\ihjxom.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!


Logfile of HijackThis v1.98.0
Scan saved at 12:16:28 AM, on 7/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\btjss.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (file missing)
O2 - BHO: EspIEObj Class - {2F4F8CC3-FF89-11D1-9F63-0020182D7E20} - C:\PROGRAM FILES\ESAFE\PROTECT\espie.dll (file missing)
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\SPEECH\DRAGON\WEB_IE.DLL (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (file missing)
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .doc: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pog...n-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo12.pogo....1-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo...l-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo....h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pog...2-ob-assets.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116...2/View22RTE.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks07....d-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_2us.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo...2-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com...e-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play05.pogo.c...l-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.c...e-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser...r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.c...o-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements


#32
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, it's just me again. I was wondering if anyone has had a chance to check my latest log.
  • 0

#33
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
One of the most stubborn we've seen <_<

The fix for this hijack is still a work in progress. There's a couple other fixes, but I think about:buster is still our best option. Now up to version 2.0.

Please download About:Buster (v 2.0) and unzip it to your desktop. Start it, hit update, when finished click Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

Download About:Buster here: http://www.geekstogo...=download&id=25
  • 0

#34
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
-- Scan 1 --------
About:Buster Version 2.0
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Attempted Clean Of Temp folder.
Pages Reset... Done!



Logfile of HijackThis v1.98.0
Scan saved at 1:00:09 AM, on 8/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2F4F8CC3-FF89-11D1-9F63-0020182D7E20} - (no file)
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .doc: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pog...n-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo12.pogo....1-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo...l-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo....h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pog...2-ob-assets.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116...2/View22RTE.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks07....d-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_2us.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo...2-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com...e-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play05.pogo.c...l-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.c...e-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser...r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.c...o-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O20 - AppInit_DLLs: C:\PROGRAM FILES\ANTI TROJAN ELITE\TESysDll.DLL
  • 0

#35
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Hey that did it <_<

Just a little cleaning up to do. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2F4F8CC3-FF89-11D1-9F63-0020182D7E20} - (no file)
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. :D
  • 0

#36
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I'll do that, shortly. But, I've got another question. (The system is running better.)I've run AVG Anti-virus and Avast. They both display THOUSANDS of files infected with some sort of Trojan. Niether program has been able to remove them. The majority of these files are found in C:\_RESTORE\TEMP\............. and most all end with .CPY. Is there anything I can do with these. Would I be able to delete them myself by deleting the whole folder? Or, would that do harm to my system.
  • 0

#37
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Clearing your restore points should remove these files.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(This is for Windows XP, ME should be similar)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Also, it's not a good idea to have more than one anti-virus program on your system at the same time. They will weaken, not strengthen your protection.
  • 0

#38
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I was unable to locate System Restore the way you posted, but I'll keep trying. I wanted to also point out that I'm having problems with Shutdown, Restart and Start. I keep getting "An error has ocurred" alert. Also, I'm only running one of the anti-virus programs at a time. I was hoping that Avast would be able to remove those files, but, to no avail. If I need to remove one let me know.

Here's the latest HJT Log:

Logfile of HijackThis v1.98.0
Scan saved at 11:56:40 AM, on 8/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .doc: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pog...n-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo12.pogo....1-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo...l-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo....h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pog...2-ob-assets.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116...2/View22RTE.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks07....d-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_2us.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo...2-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com...e-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play05.pogo.c...l-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.c...e-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser...r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.c...o-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O20 - AppInit_DLLs: C:\PROGRAM FILES\ANTI TROJAN ELITE\TESysDll.DLL
  • 0

#39
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
No antivirus will remove an infection from restore files. This article explains how to enable and disable the System Restore feature in Windows Millennium Edition (Me).
http://support.micro...spx?kbid=264887

Are there any other details on the error at startup and shutdown?

I'd recommend uninstalling Avast and keeping AVG.
  • 0

#40
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yes, here's the rest:

FileName: SYS3344(01) + 00000D2A Error : OE : 0028 : C00753DA
  • 0

Advertisements


#41
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I found the system restore, finally. There was already a check mark next to disable when I opened that box. Shouldn't it have been unchecked? I checked it again anyway and was not prompted to restart. What a mess, huh?
  • 0

#42
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Check it, restart. Uncheck it, restart. Check it, restart. <_<

FileName: SYS3344(01) + 00000D2A Error : OE : 0028 : C00753DA

Try updating your motherboard drivers:
http://downloads.via...04IN1_V451v.zip

Driver Installation Guide
  • 0

#43
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
System restore won't remain unchecked. I'll uncheck disable and click apply, then close the box. Then, I'll immediately re-open it and the check mark is back. No matter what I do or how I do it, the check mark always comes back. I even tried to uncheck it in safe mode, but it always returned.

Also, I installed the drivers. I still have the same re-start problems, if anything, they're worse now.

This has become quite the headache. <_<
  • 0

#44
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I would normally have you run system file checker to restore any changed or deleted system files. However, Microsoft choose to leave this out of Windows ME. <_<

Do you have a system restore point available from before the problem began. You could try restoring to the previous date and see if that cures the problems.

If not, you may have operating system corruption that requires reinstalling Windows ME.

If this is the case, I would seriously consider changing to another version of Windows. Even Microsoft admits Windows ME was a mistake. Windows XP, or even 98 would be a much better choice.

This article may help: http://www.geekstogo...p?showtopic=479

However, you're best option when changing OS's is to backup, reformat, and install. :D
  • 0

#45
Archie

Archie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I'm not sure how, but, something happened. AVG anti-virus was able to remove all those trojans. After they were removed I attempted a re-start and had no problems.

Everything seems to be working, now. Although, I still can't disable System Restore. I think I can live with that. If there's anything else I should be looking at let me know.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP