Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE Home page [RESOLVED]


  • This topic is locked This topic is locked

#1
ppt

ppt

    Member

  • Member
  • PipPip
  • 14 posts
Hello,
I have a Windows ME OS. My machine has been attacked by spyware......My Internet explorer browser homepage has serach extender. i also have shopping wizard & home search assistant in the control panel. However cannot remove them from Ad remove programs. I have also tried running adaware-se programs but no luck so far. My machine has become quite slow. I have also installed Spybot serach & detsroy but it is taking very long to run through......

1.Pls...Pls.. help removing this spyware :tazz:
2.& also suggest how I can avoiid getting spyware in my machine
3.what is the best firewall which i can install???


Many Thanks in advance!!

I have attached Hijackthis log file here...........

Logfile of HijackThis v1.99.1
Scan saved at 12:59:32 PM, on 6/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSAH32.EXE
C:\WINDOWS\SYSTEM\MFCEZ.EXE
C:\WINDOWS\JAVAQZ.EXE
C:\WINDOWS\SYSTEM\MFCDT.EXE
C:\WINDOWS\SYSTEM\APPSC.EXE
C:\WINDOWS\SYSTEM\APIHM.EXE
C:\WINDOWS\SYSTEM\APPMV32.EXE
C:\WINDOWS\SYSTEM\CRCX.EXE
C:\WINDOWS\SYSFP.EXE
C:\WINDOWS\SYSTEM\NTGT.EXE
C:\WINDOWS\SYSTEM\MSKR.EXE
C:\WINDOWS\APIHK32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\MFCKB.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\APIRD32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\JAVAUZ.EXE
C:\WINDOWS\SDKWW.EXE
C:\WINDOWS\SYSTEM\SDKJD32.EXE
C:\WINDOWS\ATLXG.EXE
C:\WINDOWS\SYSTEM\APPTN.EXE
C:\WINDOWS\APIPY32.EXE
C:\WINDOWS\SYSSQ.EXE
C:\WINDOWS\SYSTEM\MFCYU.EXE
C:\WINDOWS\ADDFV.EXE
C:\WINDOWS\SYSTEM\NTYV32.EXE
C:\WINDOWS\WINAF32.EXE
C:\WINDOWS\SYSTEM\MFCTO.EXE
C:\WINDOWS\SYSTEM\IPYA.EXE
C:\WINDOWS\APPXU.EXE
C:\WINDOWS\NETZU.EXE
C:\WINDOWS\CRYO.EXE
C:\WINDOWS\SYSTEM\APPSZ.EXE
C:\WINDOWS\SYSTEM\JAVAJF.EXE
C:\WINDOWS\SYSTEM\MFCGE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\IPDA.EXE
C:\WINDOWS\APIZU.EXE
C:\WINDOWS\SYSTEM\JAVAFX.EXE
C:\WINDOWS\SYSTEM\APIZB32.EXE
C:\WINDOWS\JAVAFN32.EXE
C:\WINDOWS\CRPW.EXE
C:\WINDOWS\APIZG32.EXE
C:\WINDOWS\NTLC.EXE
C:\WINDOWS\SYSTEM\NETOE.EXE
C:\WINDOWS\SYSTEM\NETBD32.EXE
C:\WINDOWS\SYSTEM\NETNL.EXE
C:\WINDOWS\APPDK32.EXE
C:\WINDOWS\SYSTEM\JAVAXF.EXE
C:\WINDOWS\SDKHB32.EXE
C:\WINDOWS\MSMD32.EXE
C:\WINDOWS\SYSTEM\MSSP.EXE
C:\WINDOWS\SYSTEM\IPHM.EXE
C:\WINDOWS\SYSTEM\IPUO32.EXE
C:\WINDOWS\ATLHY.EXE
C:\WINDOWS\CRBD.EXE
C:\WINDOWS\CRXI.EXE
C:\WINDOWS\CRVY.EXE
C:\WINDOWS\SYSTEM\IPDA32.EXE
C:\WINDOWS\SYSTEM\NETSH32.EXE
C:\WINDOWS\SYSTEM\D3LJ32.EXE
C:\WINDOWS\ADDQH32.EXE
C:\WINDOWS\APPQR.EXE
C:\WINDOWS\MFCOT.EXE
C:\WINDOWS\SYSTEM\MFCLK.EXE
C:\WINDOWS\SYSTEM\ADDZI32.EXE
C:\WINDOWS\SYSTEM\SYSBB32.EXE
C:\WINDOWS\SYSTEM\ADDOX.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\MFCRA32.EXE
C:\WINDOWS\WINQM.EXE
C:\WINDOWS\APPNS32.EXE
C:\WINDOWS\D3JE32.EXE
C:\WINDOWS\SYSTEM\MSEH.EXE
C:\WINDOWS\SYSTEM\IEMN32.EXE
C:\WINDOWS\SYSTEM\IPKO.EXE
C:\WINDOWS\MFCWN.EXE
C:\WINDOWS\MFCRF32.EXE
C:\WINDOWS\JAVACV32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\MFCKD32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\MFCEZ.EXE
C:\WINDOWS\MFCWN.EXE
C:\WINDOWS\JAVACV32.EXE
C:\WINDOWS\CRVY.EXE
C:\WINDOWS\CRVY.EXE
C:\WINDOWS\WINLY32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\CRVY.EXE
C:\WINDOWS\CRVY.EXE
C:\WINDOWS\JAVANG32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vopin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {A1A5FDC6-2A40-1A25-7BB6-11463E35B30F} - C:\WINDOWS\SYSTEM\APIFP32.DLL
O2 - BHO: Class - {7572E089-B1FF-8266-C5C3-33B8232C7FF7} - C:\WINDOWS\ATLTU32.DLL
O2 - BHO: Class - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEFF.DLL
O2 - BHO: Class - {6AA092A7-509F-0125-3521-4319AB07EE2B} - C:\WINDOWS\SYSTEM\D3AS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_6_2_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MFCKD32.EXE] C:\WINDOWS\MFCKD32.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SYSAH32.EXE] C:\WINDOWS\SYSTEM\SYSAH32.EXE /s
O4 - HKLM\..\RunServices: [MFCEZ.EXE] C:\WINDOWS\SYSTEM\MFCEZ.EXE /s
O4 - HKLM\..\RunServices: [JAVAQZ.EXE] C:\WINDOWS\JAVAQZ.EXE /s
O4 - HKLM\..\RunServices: [MFCDT.EXE] C:\WINDOWS\SYSTEM\MFCDT.EXE /s
O4 - HKLM\..\RunServices: [APPSC.EXE] C:\WINDOWS\SYSTEM\APPSC.EXE /s
O4 - HKLM\..\RunServices: [APIHM.EXE] C:\WINDOWS\SYSTEM\APIHM.EXE /s
O4 - HKLM\..\RunServices: [APPMV32.EXE] C:\WINDOWS\SYSTEM\APPMV32.EXE /s
O4 - HKLM\..\RunServices: [CRCX.EXE] C:\WINDOWS\SYSTEM\CRCX.EXE /s
O4 - HKLM\..\RunServices: [SYSFP.EXE] C:\WINDOWS\SYSFP.EXE /s
O4 - HKLM\..\RunServices: [NTGT.EXE] C:\WINDOWS\SYSTEM\NTGT.EXE /s
O4 - HKLM\..\RunServices: [MSKR.EXE] C:\WINDOWS\SYSTEM\MSKR.EXE /s
O4 - HKLM\..\RunServices: [APIHK32.EXE] C:\WINDOWS\APIHK32.EXE /s
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [MFCKB.EXE] C:\WINDOWS\SYSTEM\MFCKB.EXE /s
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [APIRD32.EXE] C:\WINDOWS\APIRD32.EXE /s
O4 - HKLM\..\RunServices: [JAVAUZ.EXE] C:\WINDOWS\JAVAUZ.EXE /s
O4 - HKLM\..\RunServices: [SDKWW.EXE] C:\WINDOWS\SDKWW.EXE /s
O4 - HKLM\..\RunServices: [SDKJD32.EXE] C:\WINDOWS\SYSTEM\SDKJD32.EXE /s
O4 - HKLM\..\RunServices: [ATLXG.EXE] C:\WINDOWS\ATLXG.EXE /s
O4 - HKLM\..\RunServices: [APPTN.EXE] C:\WINDOWS\SYSTEM\APPTN.EXE /s
O4 - HKLM\..\RunServices: [APIPY32.EXE] C:\WINDOWS\APIPY32.EXE /s
O4 - HKLM\..\RunServices: [SYSSQ.EXE] C:\WINDOWS\SYSSQ.EXE /s
O4 - HKLM\..\RunServices: [MFCYU.EXE] C:\WINDOWS\SYSTEM\MFCYU.EXE /s
O4 - HKLM\..\RunServices: [ADDFV.EXE] C:\WINDOWS\ADDFV.EXE /s
O4 - HKLM\..\RunServices: [NTYV32.EXE] C:\WINDOWS\SYSTEM\NTYV32.EXE /s
O4 - HKLM\..\RunServices: [WINAF32.EXE] C:\WINDOWS\WINAF32.EXE /s
O4 - HKLM\..\RunServices: [MFCTO.EXE] C:\WINDOWS\SYSTEM\MFCTO.EXE /s
O4 - HKLM\..\RunServices: [IPYA.EXE] C:\WINDOWS\SYSTEM\IPYA.EXE /s
O4 - HKLM\..\RunServices: [APPXU.EXE] C:\WINDOWS\APPXU.EXE /s
O4 - HKLM\..\RunServices: [NETZU.EXE] C:\WINDOWS\NETZU.EXE /s
O4 - HKLM\..\RunServices: [CRYO.EXE] C:\WINDOWS\CRYO.EXE /s
O4 - HKLM\..\RunServices: [APPSZ.EXE] C:\WINDOWS\SYSTEM\APPSZ.EXE /s
O4 - HKLM\..\RunServices: [JAVAJF.EXE] C:\WINDOWS\SYSTEM\JAVAJF.EXE /s
O4 - HKLM\..\RunServices: [MFCGE.EXE] C:\WINDOWS\SYSTEM\MFCGE.EXE /s
O4 - HKLM\..\RunServices: [IPDA.EXE] C:\WINDOWS\SYSTEM\IPDA.EXE /s
O4 - HKLM\..\RunServices: [APIZU.EXE] C:\WINDOWS\APIZU.EXE /s
O4 - HKLM\..\RunServices: [JAVAFX.EXE] C:\WINDOWS\SYSTEM\JAVAFX.EXE /s
O4 - HKLM\..\RunServices: [APIZB32.EXE] C:\WINDOWS\SYSTEM\APIZB32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFN32.EXE] C:\WINDOWS\JAVAFN32.EXE /s
O4 - HKLM\..\RunServices: [CRPW.EXE] C:\WINDOWS\CRPW.EXE /s
O4 - HKLM\..\RunServices: [APIZG32.EXE] C:\WINDOWS\APIZG32.EXE /s
O4 - HKLM\..\RunServices: [NTLC.EXE] C:\WINDOWS\NTLC.EXE /s
O4 - HKLM\..\RunServices: [NETOE.EXE] C:\WINDOWS\SYSTEM\NETOE.EXE /s
O4 - HKLM\..\RunServices: [NETBD32.EXE] C:\WINDOWS\SYSTEM\NETBD32.EXE /s
O4 - HKLM\..\RunServices: [NETNL.EXE] C:\WINDOWS\SYSTEM\NETNL.EXE /s
O4 - HKLM\..\RunServices: [APPDK32.EXE] C:\WINDOWS\APPDK32.EXE /s
O4 - HKLM\..\RunServices: [JAVAXF.EXE] C:\WINDOWS\SYSTEM\JAVAXF.EXE /s
O4 - HKLM\..\RunServices: [SDKHB32.EXE] C:\WINDOWS\SDKHB32.EXE /s
O4 - HKLM\..\RunServices: [MSMD32.EXE] C:\WINDOWS\MSMD32.EXE /s
O4 - HKLM\..\RunServices: [MSSP.EXE] C:\WINDOWS\SYSTEM\MSSP.EXE /s
O4 - HKLM\..\RunServices: [IPHM.EXE] C:\WINDOWS\SYSTEM\IPHM.EXE /s
O4 - HKLM\..\RunServices: [IPUO32.EXE] C:\WINDOWS\SYSTEM\IPUO32.EXE /s
O4 - HKLM\..\RunServices: [ATLHY.EXE] C:\WINDOWS\ATLHY.EXE /s
O4 - HKLM\..\RunServices: [CRBD.EXE] C:\WINDOWS\CRBD.EXE /s
O4 - HKLM\..\RunServices: [CRXI.EXE] C:\WINDOWS\CRXI.EXE /s
O4 - HKLM\..\RunServices: [CRVY.EXE] C:\WINDOWS\CRVY.EXE /s
O4 - HKLM\..\RunServices: [IPDA32.EXE] C:\WINDOWS\SYSTEM\IPDA32.EXE /s
O4 - HKLM\..\RunServices: [NETSH32.EXE] C:\WINDOWS\SYSTEM\NETSH32.EXE /s
O4 - HKLM\..\RunServices: [D3LJ32.EXE] C:\WINDOWS\SYSTEM\D3LJ32.EXE /s
O4 - HKLM\..\RunServices: [ADDQH32.EXE] C:\WINDOWS\ADDQH32.EXE /s
O4 - HKLM\..\RunServices: [APPQR.EXE] C:\WINDOWS\APPQR.EXE /s
O4 - HKLM\..\RunServices: [MFCOT.EXE] C:\WINDOWS\MFCOT.EXE /s
O4 - HKLM\..\RunServices: [MFCLK.EXE] C:\WINDOWS\SYSTEM\MFCLK.EXE /s
O4 - HKLM\..\RunServices: [ADDZI32.EXE] C:\WINDOWS\SYSTEM\ADDZI32.EXE /s
O4 - HKLM\..\RunServices: [SYSBB32.EXE] C:\WINDOWS\SYSTEM\SYSBB32.EXE /s
O4 - HKLM\..\RunServices: [ADDOX.EXE] C:\WINDOWS\SYSTEM\ADDOX.EXE /s
O4 - HKLM\..\RunServices: [MFCRA32.EXE] C:\WINDOWS\SYSTEM\MFCRA32.EXE /s
O4 - HKLM\..\RunServices: [WINQM.EXE] C:\WINDOWS\WINQM.EXE /s
O4 - HKLM\..\RunServices: [APPNS32.EXE] C:\WINDOWS\APPNS32.EXE /s
O4 - HKLM\..\RunServices: [D3JE32.EXE] C:\WINDOWS\D3JE32.EXE /s
O4 - HKLM\..\RunServices: [MSEH.EXE] C:\WINDOWS\SYSTEM\MSEH.EXE /s
O4 - HKLM\..\RunServices: [IEMN32.EXE] C:\WINDOWS\SYSTEM\IEMN32.EXE /s
O4 - HKLM\..\RunServices: [IPKO.EXE] C:\WINDOWS\SYSTEM\IPKO.EXE /s
O4 - HKLM\..\RunServices: [MFCWN.EXE] C:\WINDOWS\MFCWN.EXE /s
O4 - HKLM\..\RunServices: [MFCRF32.EXE] C:\WINDOWS\MFCRF32.EXE /s
O4 - HKLM\..\RunServices: [JAVACV32.EXE] C:\WINDOWS\JAVACV32.EXE /s
O4 - HKLM\..\RunServices: [WINLY32.EXE] C:\WINDOWS\WINLY32.EXE /s
O4 - HKLM\..\RunServices: [JAVANG32.EXE] C:\WINDOWS\JAVANG32.EXE /s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AOL DOWNLOADS\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {30E16E43-4DA2-4D2E-BFDA-F84911F3BB21} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {30E16E43-4DA2-4D2E-BFDA-F84911F3BB21} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adorons.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.6.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409

Edited by ppt, 06 June 2005 - 09:41 AM.

  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello ppt and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which may not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans that need to be eradicated. You have the Extra Service CWS variant. What a mess! This could take a long time.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CWShredder
CCleaner
Ad-Aware
cwsserviceemove.reg file

Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Install Ad-Aware and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vopin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vopin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vopin.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A1A5FDC6-2A40-1A25-7BB6-11463E35B30F} - C:\WINDOWS\SYSTEM\APIFP32.DLL
O2 - BHO: Class - {7572E089-B1FF-8266-C5C3-33B8232C7FF7} - C:\WINDOWS\ATLTU32.DLL
O2 - BHO: Class - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEFF.DLL
O2 - BHO: Class - {6AA092A7-509F-0125-3521-4319AB07EE2B} - C:\WINDOWS\SYSTEM\D3AS.DLL
O4 - HKLM\..\Run: [MFCKD32.EXE] C:\WINDOWS\MFCKD32.EXE
O4 - HKLM\..\RunServices: [SYSAH32.EXE] C:\WINDOWS\SYSTEM\SYSAH32.EXE /s
O4 - HKLM\..\RunServices: [MFCEZ.EXE] C:\WINDOWS\SYSTEM\MFCEZ.EXE /s
O4 - HKLM\..\RunServices: [JAVAQZ.EXE] C:\WINDOWS\JAVAQZ.EXE /s
O4 - HKLM\..\RunServices: [MFCDT.EXE] C:\WINDOWS\SYSTEM\MFCDT.EXE /s
O4 - HKLM\..\RunServices: [APPSC.EXE] C:\WINDOWS\SYSTEM\APPSC.EXE /s
O4 - HKLM\..\RunServices: [APIHM.EXE] C:\WINDOWS\SYSTEM\APIHM.EXE /s
O4 - HKLM\..\RunServices: [APPMV32.EXE] C:\WINDOWS\SYSTEM\APPMV32.EXE /s
O4 - HKLM\..\RunServices: [CRCX.EXE] C:\WINDOWS\SYSTEM\CRCX.EXE /s
O4 - HKLM\..\RunServices: [SYSFP.EXE] C:\WINDOWS\SYSFP.EXE /s
O4 - HKLM\..\RunServices: [NTGT.EXE] C:\WINDOWS\SYSTEM\NTGT.EXE /s
O4 - HKLM\..\RunServices: [MSKR.EXE] C:\WINDOWS\SYSTEM\MSKR.EXE /s
O4 - HKLM\..\RunServices: [APIHK32.EXE] C:\WINDOWS\APIHK32.EXE /s
O4 - HKLM\..\RunServices: [MFCKB.EXE] C:\WINDOWS\SYSTEM\MFCKB.EXE /s
O4 - HKLM\..\RunServices: [APIRD32.EXE] C:\WINDOWS\APIRD32.EXE /s
O4 - HKLM\..\RunServices: [JAVAUZ.EXE] C:\WINDOWS\JAVAUZ.EXE /s
O4 - HKLM\..\RunServices: [SDKWW.EXE] C:\WINDOWS\SDKWW.EXE /s
O4 - HKLM\..\RunServices: [SDKJD32.EXE] C:\WINDOWS\SYSTEM\SDKJD32.EXE /s
O4 - HKLM\..\RunServices: [ATLXG.EXE] C:\WINDOWS\ATLXG.EXE /s
O4 - HKLM\..\RunServices: [APPTN.EXE] C:\WINDOWS\SYSTEM\APPTN.EXE /s
O4 - HKLM\..\RunServices: [APIPY32.EXE] C:\WINDOWS\APIPY32.EXE /s
O4 - HKLM\..\RunServices: [SYSSQ.EXE] C:\WINDOWS\SYSSQ.EXE /s
O4 - HKLM\..\RunServices: [MFCYU.EXE] C:\WINDOWS\SYSTEM\MFCYU.EXE /s
O4 - HKLM\..\RunServices: [ADDFV.EXE] C:\WINDOWS\ADDFV.EXE /s
O4 - HKLM\..\RunServices: [NTYV32.EXE] C:\WINDOWS\SYSTEM\NTYV32.EXE /s
O4 - HKLM\..\RunServices: [WINAF32.EXE] C:\WINDOWS\WINAF32.EXE /s
O4 - HKLM\..\RunServices: [MFCTO.EXE] C:\WINDOWS\SYSTEM\MFCTO.EXE /s
O4 - HKLM\..\RunServices: [IPYA.EXE] C:\WINDOWS\SYSTEM\IPYA.EXE /s
O4 - HKLM\..\RunServices: [APPXU.EXE] C:\WINDOWS\APPXU.EXE /s
O4 - HKLM\..\RunServices: [NETZU.EXE] C:\WINDOWS\NETZU.EXE /s
O4 - HKLM\..\RunServices: [CRYO.EXE] C:\WINDOWS\CRYO.EXE /s
O4 - HKLM\..\RunServices: [APPSZ.EXE] C:\WINDOWS\SYSTEM\APPSZ.EXE /s
O4 - HKLM\..\RunServices: [JAVAJF.EXE] C:\WINDOWS\SYSTEM\JAVAJF.EXE /s
O4 - HKLM\..\RunServices: [MFCGE.EXE] C:\WINDOWS\SYSTEM\MFCGE.EXE /s
O4 - HKLM\..\RunServices: [IPDA.EXE] C:\WINDOWS\SYSTEM\IPDA.EXE /s
O4 - HKLM\..\RunServices: [APIZU.EXE] C:\WINDOWS\APIZU.EXE /s
O4 - HKLM\..\RunServices: [JAVAFX.EXE] C:\WINDOWS\SYSTEM\JAVAFX.EXE /s
O4 - HKLM\..\RunServices: [APIZB32.EXE] C:\WINDOWS\SYSTEM\APIZB32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFN32.EXE] C:\WINDOWS\JAVAFN32.EXE /s
O4 - HKLM\..\RunServices: [CRPW.EXE] C:\WINDOWS\CRPW.EXE /s
O4 - HKLM\..\RunServices: [APIZG32.EXE] C:\WINDOWS\APIZG32.EXE /s
O4 - HKLM\..\RunServices: [NTLC.EXE] C:\WINDOWS\NTLC.EXE /s
O4 - HKLM\..\RunServices: [NETOE.EXE] C:\WINDOWS\SYSTEM\NETOE.EXE /s
O4 - HKLM\..\RunServices: [NETBD32.EXE] C:\WINDOWS\SYSTEM\NETBD32.EXE /s
O4 - HKLM\..\RunServices: [NETNL.EXE] C:\WINDOWS\SYSTEM\NETNL.EXE /s
O4 - HKLM\..\RunServices: [APPDK32.EXE] C:\WINDOWS\APPDK32.EXE /s
O4 - HKLM\..\RunServices: [JAVAXF.EXE] C:\WINDOWS\SYSTEM\JAVAXF.EXE /s
O4 - HKLM\..\RunServices: [SDKHB32.EXE] C:\WINDOWS\SDKHB32.EXE /s
O4 - HKLM\..\RunServices: [MSMD32.EXE] C:\WINDOWS\MSMD32.EXE /s
O4 - HKLM\..\RunServices: [MSSP.EXE] C:\WINDOWS\SYSTEM\MSSP.EXE /s
O4 - HKLM\..\RunServices: [IPHM.EXE] C:\WINDOWS\SYSTEM\IPHM.EXE /s
O4 - HKLM\..\RunServices: [IPUO32.EXE] C:\WINDOWS\SYSTEM\IPUO32.EXE /s
O4 - HKLM\..\RunServices: [ATLHY.EXE] C:\WINDOWS\ATLHY.EXE /s
O4 - HKLM\..\RunServices: [CRBD.EXE] C:\WINDOWS\CRBD.EXE /s
O4 - HKLM\..\RunServices: [CRXI.EXE] C:\WINDOWS\CRXI.EXE /s
O4 - HKLM\..\RunServices: [CRVY.EXE] C:\WINDOWS\CRVY.EXE /s
O4 - HKLM\..\RunServices: [IPDA32.EXE] C:\WINDOWS\SYSTEM\IPDA32.EXE /s
O4 - HKLM\..\RunServices: [NETSH32.EXE] C:\WINDOWS\SYSTEM\NETSH32.EXE /s
O4 - HKLM\..\RunServices: [D3LJ32.EXE] C:\WINDOWS\SYSTEM\D3LJ32.EXE /s
O4 - HKLM\..\RunServices: [ADDQH32.EXE] C:\WINDOWS\ADDQH32.EXE /s
O4 - HKLM\..\RunServices: [APPQR.EXE] C:\WINDOWS\APPQR.EXE /s
O4 - HKLM\..\RunServices: [MFCOT.EXE] C:\WINDOWS\MFCOT.EXE /s
O4 - HKLM\..\RunServices: [MFCLK.EXE] C:\WINDOWS\SYSTEM\MFCLK.EXE /s
O4 - HKLM\..\RunServices: [ADDZI32.EXE] C:\WINDOWS\SYSTEM\ADDZI32.EXE /s
O4 - HKLM\..\RunServices: [SYSBB32.EXE] C:\WINDOWS\SYSTEM\SYSBB32.EXE /s
O4 - HKLM\..\RunServices: [ADDOX.EXE] C:\WINDOWS\SYSTEM\ADDOX.EXE /s
O4 - HKLM\..\RunServices: [MFCRA32.EXE] C:\WINDOWS\SYSTEM\MFCRA32.EXE /s
O4 - HKLM\..\RunServices: [WINQM.EXE] C:\WINDOWS\WINQM.EXE /s
O4 - HKLM\..\RunServices: [APPNS32.EXE] C:\WINDOWS\APPNS32.EXE /s
O4 - HKLM\..\RunServices: [D3JE32.EXE] C:\WINDOWS\D3JE32.EXE /s
O4 - HKLM\..\RunServices: [MSEH.EXE] C:\WINDOWS\SYSTEM\MSEH.EXE /s
O4 - HKLM\..\RunServices: [IEMN32.EXE] C:\WINDOWS\SYSTEM\IEMN32.EXE /s
O4 - HKLM\..\RunServices: [IPKO.EXE] C:\WINDOWS\SYSTEM\IPKO.EXE /s
O4 - HKLM\..\RunServices: [MFCWN.EXE] C:\WINDOWS\MFCWN.EXE /s
O4 - HKLM\..\RunServices: [MFCRF32.EXE] C:\WINDOWS\MFCRF32.EXE /s
O4 - HKLM\..\RunServices: [JAVACV32.EXE] C:\WINDOWS\JAVACV32.EXE /s
O4 - HKLM\..\RunServices: [WINLY32.EXE] C:\WINDOWS\WINLY32.EXE /s
O4 - HKLM\..\RunServices: [JAVANG32.EXE] C:\WINDOWS\JAVANG32.EXE /s
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {30E16E43-4DA2-4D2E-BFDA-F84911F3BB21} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {30E16E43-4DA2-4D2E-BFDA-F84911F3BB21} - (no file) (HKCU)
O15 - Trusted Zone: *.adorons.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.6.cab

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\SYSAH32.EXE
C:\WINDOWS\SYSTEM\MFCEZ.EXE
C:\WINDOWS\JAVAQZ.EXE
C:\WINDOWS\SYSTEM\MFCDT.EXE
C:\WINDOWS\SYSTEM\APPSC.EXE
C:\WINDOWS\SYSTEM\APIHM.EXE
C:\WINDOWS\SYSTEM\APPMV32.EXE
C:\WINDOWS\SYSTEM\CRCX.EXE
C:\WINDOWS\SYSFP.EXE
C:\WINDOWS\SYSTEM\NTGT.EXE
C:\WINDOWS\SYSTEM\MSKR.EXE
C:\WINDOWS\APIHK32.EXE
C:\WINDOWS\SYSTEM\MFCKB.EXE
C:\WINDOWS\APIRD32.EXE
C:\WINDOWS\JAVAUZ.EXE
C:\WINDOWS\SDKWW.EXE
C:\WINDOWS\SYSTEM\SDKJD32.EXE
C:\WINDOWS\ATLXG.EXE
C:\WINDOWS\SYSTEM\APPTN.EXE
C:\WINDOWS\APIPY32.EXE
C:\WINDOWS\SYSSQ.EXE
C:\WINDOWS\SYSTEM\MFCYU.EXE
C:\WINDOWS\ADDFV.EXE
C:\WINDOWS\SYSTEM\NTYV32.EXE
C:\WINDOWS\WINAF32.EXE
C:\WINDOWS\SYSTEM\MFCTO.EXE
C:\WINDOWS\SYSTEM\IPYA.EXE
C:\WINDOWS\APPXU.EXE
C:\WINDOWS\NETZU.EXE
C:\WINDOWS\CRYO.EXE
C:\WINDOWS\SYSTEM\APPSZ.EXE
C:\WINDOWS\SYSTEM\JAVAJF.EXE
C:\WINDOWS\SYSTEM\MFCGE.EXE
C:\WINDOWS\SYSTEM\IPDA.EXE
C:\WINDOWS\APIZU.EXE
C:\WINDOWS\SYSTEM\JAVAFX.EXE
C:\WINDOWS\SYSTEM\APIZB32.EXE
C:\WINDOWS\JAVAFN32.EXE
C:\WINDOWS\CRPW.EXE
C:\WINDOWS\APIZG32.EXE
C:\WINDOWS\NTLC.EXE
C:\WINDOWS\SYSTEM\NETOE.EXE
C:\WINDOWS\SYSTEM\NETBD32.EXE
C:\WINDOWS\SYSTEM\NETNL.EXE
C:\WINDOWS\APPDK32.EXE
C:\WINDOWS\SYSTEM\JAVAXF.EXE
C:\WINDOWS\SDKHB32.EXE
C:\WINDOWS\MSMD32.EXE
C:\WINDOWS\vopin.dll/sp.html#28129
C:\WINDOWS\SYSTEM\APIFP32.DLL
C:\WINDOWS\ATLTU32.DLL
C:\WINDOWS\SYSTEM\IEFF.DLL
C:\WINDOWS\SYSTEM\D3AS.DLL
C:\WINDOWS\MFCKD32.EXE
C:\WINDOWS\SYSTEM\MSSP.EXE /s
C:\WINDOWS\SYSTEM\IPHM.EXE /s
C:\WINDOWS\SYSTEM\IPUO32.EXE /s
C:\WINDOWS\ATLHY.EXE /s
C:\WINDOWS\CRBD.EXE /s
C:\WINDOWS\CRXI.EXE /s
C:\WINDOWS\CRVY.EXE /s
C:\WINDOWS\SYSTEM\IPDA32.EXE /s
C:\WINDOWS\SYSTEM\NETSH32.EXE /s
C:\WINDOWS\SYSTEM\D3LJ32.EXE /s
C:\WINDOWS\ADDQH32.EXE /s
C:\WINDOWS\APPQR.EXE /s
C:\WINDOWS\MFCOT.EXE /s
C:\WINDOWS\SYSTEM\MFCLK.EXE /s
C:\WINDOWS\SYSTEM\ADDZI32.EXE /s
C:\WINDOWS\SYSTEM\SYSBB32.EXE /s
C:\WINDOWS\SYSTEM\ADDOX.EXE /s
C:\WINDOWS\SYSTEM\MFCRA32.EXE /s
C:\WINDOWS\WINQM.EXE /s
C:\WINDOWS\APPNS32.EXE /s
C:\WINDOWS\D3JE32.EXE /s
C:\WINDOWS\SYSTEM\MSEH.EXE /s
C:\WINDOWS\SYSTEM\IEMN32.EXE /s
C:\WINDOWS\SYSTEM\IPKO.EXE /s
C:\WINDOWS\MFCWN.EXE /s
C:\WINDOWS\MFCRF32.EXE /s
C:\WINDOWS\JAVACV32.EXE /s
C:\WINDOWS\WINLY32.EXE /s
C:\WINDOWS\JAVANG32.EXE /s
C:\WINDOWS\web\related.htm


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and I will take another look.

BTW, I hope I get this right because it has taken me 2 hours to analyse and compile
  • 0

#3
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Phil,
Many many Thanks for your response!!! I have started the process as advised by you. However...the link to the cwsserviceemove.reg file shows page not available. Can you provide me any other link to download.

Many Thanks again for your support.

Best regards,
PPT
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Yes dead link for me too. Try here: http://ralphcaddell....rviceremove.zip
  • 0

#5
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello...
Your hours of analysis has helped a lot!!!
I followed through all your steps. However....now when i reboot my machine....I am not able to connect to the internet at all. I can ping an Ip adddress from the DOS prompt but cannot go to the website itself.
Hence....I am not able to post the Hijack this message. I am replying to this message from another computer. Pls. advise.

Many Thanks......PPT
  • 0

#6
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello...
In the Control panel....Network folder is misisng itself. Pls. help!!!!
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

I am very confused. You seem to have 4 threads all being answered by different people doing different fixes.IE Home page
Explorer has caused an error in JSCRIPT.DLL
WIN ME unable to boot up
Control Panel Missing Icons
I feel this is very unfair as no single person can give advice if you are doing something else to the PC also.

Your HJT log showed a real mess to clear up. I was very careful not to include (knowingly) any important system files, but I wasn't aware of the other probelms your PC also had.

I am going to suggest that you do a system restore to a point before I became involved.
  • 0

#8
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Phil....
Sorry for the confusion.........But these problems are related....After doing all the fixes my machine has been creating these issues.

I appreciate & I know you have really spent hours debugging this issue....I guess could not see you in the forum so I had to put the messages out.....

I sincerely apologize for any confusion this may have caused. The Network folder still does not seem to show up in the control panel. This happened after I ran all the utilities as suggested to clean up spyware & rebooted the machine. Pls. Pls. advise.

I have attached the latest version of Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 1:36:14 PM, on 6/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ciric.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {AB093479-21C9-42A9-D886-4FA99281A681} - C:\WINDOWS\SYSTEM\NTNV.DLL
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [XFILTER] C:\PROGRAM FILES\ADORONS\ADORONS FIREWALL\ESPFSDK.DLL
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Personal Firewall\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKCU\..\Run: [D3DPMESH] C:\WINDOWS\SYSTEM\D3DPMESH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AOL DOWNLOADS\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = QWERTY
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.29.99.22,24.29.99.21
  • 0

#9
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
I am willing to continue helping you on the condition that you do nothing more than I tell you to do, and that you close the other threads.

It would be an impossible task for anyone to give good advice only to find someone else giving differing advice and altering the registry with fixes.

Oh, and before I forget, your issue is a known Windows ME problem (I know about it and now so do you) and I am told that running SFC won't fix it.

To fix it here's what to do ...

1. Go to ADD/Remove Programs, then select Add/Remove Windows Components (or something like that).
2. Uninstall Dial Up Networking and Internet Connection Sharing.
3. Reboot
4. Reinstall Dial Up Networking.
5. Reboot.

Everything should now work!

You can also try SFC.(if you want to). Go To START>RUN type in SFC /SCANNOW and have your Windows CD to hand to reinstall any missing or corrupt system files.

You can also open HJT and go back to a former time clicking on VIEW A LIST OF BACKUPS, choose a date and click RESTORE.
  • 0

#10
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Phil...
I assure you...I will close all the other threads. I followed your instructions:

1. Go to ADD/Remove Programs, then select Add/Remove Windows Components (or something like that).
2. Uninstall Dial Up Networking and Internet Connection Sharing.
3. Reboot
4. Reinstall Dial Up Networking.
5. Reboot.

I selected the communications box & then clicked on details. It shows the following:

Dial-Up Networking 0.0 MB
Dial-Up Server 0.0 MB
Direct Cable Connection 0.0 MB
Hyper Terminal 0.8 MB
MSN Messenger Service 0.9 MB
Net Meeting 4.2 MB
Phone Dialer 0.2 MB
Universal Plug & Play 0.4 MB
Virtual Private Networking 0.0 MB

When I select Internet Connection sharing......I get the following message...
"Your network configuration is not complete. Please install your network hardware before installing Internet Connection sharing".

Do these numbers look right??? I am still not able to connect to the internet & the Network icon is still missing from the control panel.

SFC /SCANNOW is not available.....I have Windows ME as my OS & I am using a broadband cable connection & a router.

Pls. advise what to do next!!!

Many Thanks for your support!!

PPT

Edited by ppt, 07 June 2005 - 03:11 PM.

  • 0

Advertisements


#11
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Phil...
I have closed all the threads.......I have put in a message "Pls. Close this thread"....Is there any other way of closing threads??? I am new to this site!!

I am awaiting your further instructions....Pls. help!!!!

Appreciate your help!!
  • 0

#12
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again ppt

You have quite a mixture of malware and Trojans that need to be eradicated.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ciric.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AB093479-21C9-42A9-D886-4FA99281A681} - C:\WINDOWS\SYSTEM\NTNV.DLL
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [D3DPMESH] C:\WINDOWS\SYSTEM\D3DPMESH.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these files (if present) using Windows Explorer:

C:\WINDOWS\ciric.dll
C:\WINDOWS\SYSTEM\NTNV.DLL
C:\WINDOWS\SYSTEM\D3DPMESH.EXE

Close Windows Explorer and Reboot normally

Post back a fresh HijackThis log and I will take another look.

Also, do you know this name:

OrgName: Road Runner
OrgID: RRMA
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US

Or why there should be restrictions on your Internet Explorer and your control panel?

I am still looking for a fix to your Network problem; it is difficult since WinME was not a big seller and very few people still have it. Do you have a recovery CD or floppies?
  • 0

#13
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Phil,

Road runner is Time Warner's cable internet service provider. My cable service provider is Time Warner.

I will follow your instructions & post it back. Yes...I do have a recovery CD from Compaq. Also I have a Netgear FA311 Fast Ethernet PCI Adapetr disk with me...if that will help at all....

Thanks,
PPT
  • 0

#14
ppt

ppt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Phil,

I followed your instructions. However, I could not find C:\WINDOWS\ciric.dll...Is it by any chance spelled cric.dll???

Pls. have a look at the new Hijackthis log :
Thanks, PPT

Logfile of HijackThis v1.99.1
Scan saved at 11:52:07 AM, on 6/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [XFILTER] C:\PROGRAM FILES\ADORONS\ADORONS FIREWALL\ESPFSDK.DLL
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AOL DOWNLOADS\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = QWERTY
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.29.99.22,24.29.99.21
  • 0

#15
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again ppt

That last log is clean.

I take it there is no sign of an improvement in your internet ability.

have a look again at the Add/Remove in the control panel and see if there is another that you could try to uninstall and then reinstall. Perhaps something with Networking, although I think back in 2000, it really meant linking 2 or more PC's, rather than network interfacing for broadband.

Those four 06 entries in HJT remain as something of a mystery to me, and i can't help but wonder if they are anything to do with the current situation.

I fear that the recovery option may have to be used.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP