Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Would anyone be able to assist me with my log?


  • Please log in to reply

#1
krazycid

krazycid

    Member

  • Member
  • PipPip
  • 14 posts
Would anyone be able to help me?

Logfile of HijackThis v1.97.7
Scan saved at 7:31:20 PM, on 10/27/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\TCDPLAY.DRV
C:\WINDOWS\SYSTEM\TWBROWSE.DRV
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\TOSHIBA\MOUSE\TMOUSE.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\PSPCCARD.EXE
C:\WINDOWS\SYSTEM\PWRTRAY.EXE
C:\WINDOWS\SYSTEM\TESCKEY.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\N32RMD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 99\QSHELF99.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {0E3FB361-EFE3-11D8-B195-000CF33D523E} - C:\WINDOWS\SYSTEM\PCMA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
O4 - HKLM\..\Run: [TEscKey] TESCKEY.EXE
O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.EXE
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [Norton AntiVirus Reminder] C:\PROGRA~1\NORTON~1\N32RMD.EXE /RES
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [THotkey] !NULL!
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.Drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.Drv
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickShelf 99.lnk = C:\Program Files\Microsoft Reference\Bookshelf 99\qshelf99.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {C2583908-FD48-11D2-822E-00600805A87F} (ToshUtil Control) - file://c:\Toshiba\ActDesk\toshutil.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB

Thanks in advance if anyone can. <_<
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download the latest version of hijack this by clicking the Hijack This guide in my signature and post new log. Please do not post it in a quote box.

-=jonnyrotten=- <_<
  • 0

#3
krazycid

krazycid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.98.2
Scan saved at 8:20:04 PM, on 10/27/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\TCDPLAY.DRV
C:\WINDOWS\SYSTEM\TWBROWSE.DRV
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\TOSHIBA\MOUSE\TMOUSE.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\PSPCCARD.EXE
C:\WINDOWS\SYSTEM\PWRTRAY.EXE
C:\WINDOWS\SYSTEM\TESCKEY.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\N32RMD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 99\QSHELF99.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {0E3FB361-EFE3-11D8-B195-000CF33D523E} - C:\WINDOWS\SYSTEM\PCMA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
O4 - HKLM\..\Run: [TEscKey] TESCKEY.EXE
O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.EXE
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [Norton AntiVirus Reminder] C:\PROGRA~1\NORTON~1\N32RMD.EXE /RES
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [THotkey] !NULL!
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.Drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.Drv
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickShelf 99.lnk = C:\Program Files\Microsoft Reference\Bookshelf 99\qshelf99.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {C2583908-FD48-11D2-822E-00600805A87F} (ToshUtil Control) - file://c:\Toshiba\ActDesk\toshutil.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O18 - Filter: text/html - {BB84C45F-10AC-11D9-B195-000C512361C9} - C:\WINDOWS\SYSTEM\PCMA.DLL
O18 - Filter: text/plain - {BB84C45F-10AC-11D9-B195-000C512361C9} - C:\WINDOWS\SYSTEM\PCMA.DLL
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0E3FB361-EFE3-11D8-B195-000CF33D523E} - C:\WINDOWS\SYSTEM\PCMA.DLL
O18 - Filter: text/html - {BB84C45F-10AC-11D9-B195-000C512361C9} - C:\WINDOWS\SYSTEM\PCMA.DLL
O18 - Filter: text/plain - {BB84C45F-10AC-11D9-B195-000C512361C9} - C:\WINDOWS\SYSTEM\PCMA.DLL

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\SYSTEM\PCMA.DLL

Reboot normally and post new log. Any details on what exactly the problem is that you are trying to fix? And did this work?

-=jonnyrotten=- <_<
  • 0

#5
krazycid

krazycid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.98.2
Scan saved at 6:30:04 PM, on 10/28/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\TCDPLAY.DRV
C:\WINDOWS\SYSTEM\TWBROWSE.DRV
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\TOSHIBA\MOUSE\TMOUSE.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\PSPCCARD.EXE
C:\WINDOWS\SYSTEM\PWRTRAY.EXE
C:\WINDOWS\SYSTEM\TESCKEY.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\N32RMD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 99\QSHELF99.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
O4 - HKLM\..\Run: [TEscKey] TESCKEY.EXE
O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.EXE
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [Norton AntiVirus Reminder] C:\PROGRA~1\NORTON~1\N32RMD.EXE /RES
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [THotkey] !NULL!
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.Drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.Drv
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickShelf 99.lnk = C:\Program Files\Microsoft Reference\Bookshelf 99\qshelf99.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {C2583908-FD48-11D2-822E-00600805A87F} (ToshUtil Control) - file://c:\Toshiba\ActDesk\toshutil.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab

Hey, thank you very much Mr. Rotten. Everything seems to be fixed, but I still have something that resets my desktop backround all the time. Any suggestions for that? Thanks again for the help. You rock!!!Posted Image
  • 0

#6
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Reboot into safe mode and run hijack this and delete these entries

O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab

Reboot and run hijack this again and see if these lines are gone. If not then Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

Also make sure your Norton is updated all the way and run that too. You have a known virus. c:\windows\svchost.exe tells me this. svchost is a valid file, but not in that directory. I would also navigate to c:\windows and look for svchost.exe and delete it. You might need to do this in safe mode. I'm not sure if this has to do with your desktop but I bet it does.

Post a new log with any new info.

-=jonnyrotten=- <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP