Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about:blank can't download adaware or spybot [CLOSED]


  • This topic is locked This topic is locked

#16
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Gah sorry, I didnt take that part out.

Just look for programs in Add/Remove programs that you do not recognize.

Dont remove anything from there yet.

Sorry for the confusion, thanks for asking =)
  • 0

Advertisements


#17
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Okay - here are the programs I don't recognize

BackWeb
eHelp
HomeSearch Assistent
Search Extender
Shopping Wizard
PC-Doctor for Windows
Tellix Web


Here is the latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 3:16:41 PM, on 6/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\IEJM32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\MSFB32.EXE
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBSERVER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {F2059101-A0B5-E7E4-66E2-7F036D7A0E72} - C:\WINDOWS\WINHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\Program Files\Borland\InterBase\bin\ibguard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSFB32.EXE] C:\WINDOWS\SYSTEM\MSFB32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IEJM32.EXE] C:\WINDOWS\IEJM32.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = capital
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.64.201,151.164.1.8
  • 0

#18
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
We are going to do things a bit differently this time. Boot your computer into safe mode. restart your computer and press F8 until a menu comes up asking you where you want to boot.

Once in safemode.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\krrdj.dll/sp.html#69589
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F2059101-A0B5-E7E4-66E2-7F036D7A0E72} - C:\WINDOWS\WINHO.DLL


[/b]Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

BackWeb
HomeSearch Assistent
Search Extender
Shopping Wizard

Please note any other programs that you dont recognize in that list in your next response

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\WINHO.DLL

After that, Reboot.

Then post a new HiJackThis log for me to look at
  • 0

#19
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Was not able to remove Home Search Assistant, Search Extender or Shopping Wizard. Got message stating - unable to open "http://looking-for.c...Assistent.html" and the same message different program name on the other two.

Latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:09:30 PM, on 6/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\IEJM32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MSFB32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBSERVER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\Program Files\Borland\InterBase\bin\ibguard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSFB32.EXE] C:\WINDOWS\SYSTEM\MSFB32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IEJM32.EXE] C:\WINDOWS\IEJM32.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = capital
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.64.201,151.164.1.8

You must be the most patient person in the world. I would have given up long ago. I keep thinking it might have been easier to do a system recovery but this thing is starting to make me mad. I don't want to give in - I want to win! I sure hope you can beat it!
  • 0

#20
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Well, the nasty infection should be gone. Are you still seeing any problems?
  • 0

#21
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I can't get anywhere on the internet. For example if I try to go to google I see it searching google.com, google.net, google.org, google.com.com etc. I am on a different computer right now because I can't get on the internet.
  • 0

#22
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Some of my friends and geekstogo pointed out a few more things that need to be fixed.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [MSFB32.EXE] C:\WINDOWS\SYSTEM\MSFB32.EXE
O4 - HKLM\..\RunServices: [IEJM32.EXE] C:\WINDOWS\IEJM32.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\SYSTEM\MSFB32.EXE
C:\WINDOWS\IEJM32.EXE

After that, Reboot.

Do you know what this file is?
c:\hp\djregfix.reg

Then post a new HiJackThis log for me to look at
  • 0

#23
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I don't know what that file is - I do know we have an HP printer attached to the computer. The last 2 times I have rebooted I have had a spooler error.
  • 0

#24
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Ok,

Go ahead and open this file:
c:\hp\djregfix.reg
and copy the contents of the file into a reply for me.

Also could you post a new HiJackThis log for me?
  • 0

#25
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:06:42 PM, on 6/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\BORLAND\INTERBASE\BIN\IBSERVER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\Program Files\Borland\InterBase\bin\ibguard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = capital
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.64.201,151.164.1.8

Still can't get anywhere on the internet. Going home for the day. Thanks for sticking with me on this.

Deanna
  • 0

Advertisements


#26
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry, didn't see your reply before I finish my post.

Here is the hp file

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPZ\Glue\hp deskjet 630c series]
"registrycleanup"=""
  • 0

#27
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello :tazz:

Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

Let me know if that fixes your internet problem.
  • 0

#28
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
When trying to run hoster program I get the following message as soon as I open the program.

HOSTER has caused an error in KERNEL32.DLL.

Deanna
  • 0

#29
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello,

Lets run AboutBuster5 again.

Please run about:buster by RubbeRDuckY:

* Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
* Click Yes to allow it to shutdown explorer.exe.
* It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
* When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
* Reboot your computer into safe mode again


Run about:buster again following the same instructions as above, this time without the restart at the end

Then please post the AboutBuster Log.
  • 0

#30
dhig3903

dhig3903

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
AboutBuster 5.0 reference file 28
Scan started on [6/3/2005] at [2:42:32 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\gwgabj.dat
Removed File! : C:\Windows\winfd32.dll
Removed File! : C:\Windows\hlhixz.dat
Removed File! : C:\Windows\pkoddp.dat
Removed File! : C:\Windows\iyqrp.dll
Removed File! : C:\Windows\hzjul.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:42:42 PM


AboutBuster 5.0 reference file 28
Scan started on [6/3/2005] at [2:46:02 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:46:04 PM
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP