Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can You Help ?


  • Please log in to reply

#1
dadolphin

dadolphin

    New Member

  • Member
  • Pip
  • 1 posts
I just got this puter from a m8,its slow,crashes,gives me ill operations occasionaly..but is really slow to boot up,
if anyone could help i would be gratefull,i ran the hijack and these were the results,
ty
Logfile of HijackThis v1.98.2
Scan saved at 2:54:07 AM, on 11/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\RPCSS.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.ws/122/?sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS.000\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS.000\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokervoyeurs.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS.000\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...www.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Proxy Nurb Meet - {D0CEC939-4E09-899D-AB44-6958E3EEBCB1} - C:\PROGRAM FILES\MEMO DEBUG BOOB\ACIDAUDIO.DLL
O2 - BHO: (no name) - {106BA600-8204-11D8-8DEF-000AE62691C9} - C:\WINDOWS.000\SYSTEM\WINNKET16.DLL (file missing)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {7645C240-AE8B-11D8-8DEF-000AE62691C9} - (no file)
O3 - Toolbar: FACESAFEOOZE - {1D6C7428-D7AA-D5C3-932A-DC8F8D005098} - C:\PROGRAM FILES\MEMO DEBUG BOOB\ACIDAUDIO.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [HKRBE] C:\WINDOWS\HKRBE.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [yfad] C:\WINDOWS\yfad.exe
O4 - HKLM\..\Run: [wtojst] C:\WINDOWS\wtojst.exe
O4 - HKLM\..\Run: [ezoh] C:\WINDOWS\ezoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: DLHelperEXE.exe
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O15 - Trusted Zone: http://register-tesc...usiness.ntl.com
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.../global/msc.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbro...kes/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://chat-c2.frees...va/cfs31229.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsour...html/UDConn.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.righ...l/java/RntX.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.ida...g/ie/SecMgr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.kscasino....asino/setup.exe
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.e2chamele...bitdefender.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {E0E1BB66-8C50-4B2B-9101-891EF98F16AE} (WHVHR Big Control) - file://C:\WilliamHillInstallation\WHVHRBig.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.10...sCamControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet...s/ybrequest.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O19 - User stylesheet: (file missing)
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Hi dadolphin, welcome to Geeks to Go! :D If it were me, I'd probably reformat and start fresh. <_<

First, get rid of NewDotNet. Go to Control Panel:Add/Remove Programs and remove it. If it is not there, go here and follow Procedure 4: http://www.newdotnet.com/removal.html

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.ws/122/?sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS.000\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS.000\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokervoyeurs.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS.000\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dzjdsl.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Proxy Nurb Meet - {D0CEC939-4E09-899D-AB44-6958E3EEBCB1} - C:\PROGRAM FILES\MEMO DEBUG BOOB\ACIDAUDIO.DLL
O2 - BHO: (no name) - {106BA600-8204-11D8-8DEF-000AE62691C9} - C:\WINDOWS.000\SYSTEM\WINNKET16.DLL (file missing)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {7645C240-AE8B-11D8-8DEF-000AE62691C9} - (no file)
O3 - Toolbar: FACESAFEOOZE - {1D6C7428-D7AA-D5C3-932A-DC8F8D005098} - C:\PROGRAM FILES\MEMO DEBUG BOOB\ACIDAUDIO.DLL
O4 - HKLM\..\Run: [HKRBE] C:\WINDOWS\HKRBE.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [yfad] C:\WINDOWS\yfad.exe
O4 - HKLM\..\Run: [wtojst] C:\WINDOWS\wtojst.exe
O4 - HKLM\..\Run: [ezoh] C:\WINDOWS\ezoh.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O15 - Trusted Zone: http://register-tesc...usiness.ntl.com
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.kscasino....asino/setup.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet...s/ybrequest.cab
O19 - User stylesheet: (file missing)

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):C:\PROGRAM FILES\MEMO DEBUG BOOB <- this folder
C:\WINDOWS\HKRBE.exe
C:\WINDOWS.000\SYSTEM\autoclk.exe
C:\WINDOWS\yfad.exe
C:\WINDOWS\wtojst.exe
C:\WINDOWS\ezoh.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D
  • 0

#3
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Hiya dadolphin :P

WELCOME TO GEEKSTOGO !


Well, sense you have gotten help from our Man Admin :D I will give you some input about something I do know about (which aint much) and will help out allot. :D

http://www.winpatrol.com/

I downloaded and bought for $19.95, and it was a VERY SMART thing that I have done..

I also bought some memory, but which you have more than I do, but with winpatrol, "if you dont already have it" it will tell you what is all running in the background, as well as explains to you what they are when hitting the (Plus) button.

But need to buy it to see the Plus features... <_<

But it will tell you if it is a item not needed or you can also deside for yourself once you see the plus features... You can disable the item so that it wont run at start up (Ctrl/Alt/Delete) area..

Well, good luck with your issues, you have came to the right place for getting help.


Good Luck!

Have a good day! :o
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP