Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! My RUNDLL file is messed up


  • Please log in to reply

#1
imaworkthis

imaworkthis

    New Member

  • Member
  • Pip
  • 4 posts
Hi,
When I start my computer the RUNDLL file will pop and says C:\PROGRA~1WILDTA~1\APPS\CDA\CDAENG~1.DLL

I will hit okay and then go on I will load my AIM but now I can't recieve messages or send messages on it and I think it is something to do with that because I noticed before everytime I used AIM a RUNDLL file was always on but now there isn't ummm I'm not really sure how to fix the situation please help ASAP thank you ever so much

-ryan
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
imaworkthis

imaworkthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.98.2
Scan saved at 11:00:16 AM, on 11/27/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\APPZV32.EXE
C:\WINDOWS\D3CI32.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\SYSTEM\WINON.EXE
C:\WINDOWS\ADDER32.EXE
C:\WINDOWS\SYSTEM\JAVARG32.EXE
C:\WINDOWS\SYSTEM\IPGX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\JAVAJX.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\SYSAQ.EXE
C:\WINDOWS\SYSTEM\ADDKX32.EXE
C:\WINDOWS\SYSTEM\D3FM.EXE
C:\WINDOWS\IEKW.EXE
C:\WINDOWS\ATLWJ.EXE
C:\WINDOWS\WINKN.EXE
C:\WINDOWS\SDKUV.EXE
C:\WINDOWS\APPQJ.EXE
C:\WINDOWS\D3FL.EXE
C:\WINDOWS\WINBL32.EXE
C:\WINDOWS\CRAU.EXE
C:\WINDOWS\SYSTEM\WINMT.EXE
C:\WINDOWS\SYSTEM\SDKGN32.EXE
C:\WINDOWS\ATLTC32.EXE
C:\WINDOWS\JAVAAW32.EXE
C:\WINDOWS\IEDL32.EXE
C:\WINDOWS\MSHA.EXE
C:\WINDOWS\SYSTEM\WINZE32.EXE
C:\WINDOWS\D3BY32.EXE
C:\WINDOWS\SYSTEM\MSGL32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\ADDRI.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\SYSTEM\IPVW.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\ATLXI.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\WINMP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\ADDRI.EXE
C:\WINDOWS\SYSTEM\APPGE32.EXE
C:\WINDOWS\SYSTEM\APPGE32.EXE
C:\WINDOWS\SYSTEM\ATLOC.EXE
C:\WINDOWS\SYSTEM\IPVW.EXE
C:\WINDOWS\APPAJ.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\SYSTEM\ADDRI.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EWPVSDXA\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {566C8C73-F477-6D31-70C1-67B7AE679108} - C:\WINDOWS\ADDTQ32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe -r
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [APPZV32.EXE] C:\WINDOWS\APPZV32.EXE
O4 - HKLM\..\RunServices: [D3CI32.EXE] C:\WINDOWS\D3CI32.EXE
O4 - HKLM\..\RunServices: [WINQO.EXE] C:\WINDOWS\SYSTEM\WINQO.EXE
O4 - HKLM\..\RunServices: [ADDER32.EXE] C:\WINDOWS\ADDER32.EXE
O4 - HKLM\..\RunServices: [WINON.EXE] C:\WINDOWS\SYSTEM\WINON.EXE
O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\SYSTEM\JAVARG32.EXE
O4 - HKLM\..\RunServices: [CRZM32.EXE] C:\WINDOWS\CRZM32.EXE
O4 - HKLM\..\RunServices: [IPGX.EXE] C:\WINDOWS\SYSTEM\IPGX.EXE
O4 - HKLM\..\RunServices: [JAVAJX.EXE] C:\WINDOWS\SYSTEM\JAVAJX.EXE
O4 - HKLM\..\RunServices: [SYSAQ.EXE] C:\WINDOWS\SYSAQ.EXE
O4 - HKLM\..\RunServices: [ADDKX32.EXE] C:\WINDOWS\SYSTEM\ADDKX32.EXE
O4 - HKLM\..\RunServices: [IEKW.EXE] C:\WINDOWS\IEKW.EXE
O4 - HKLM\..\RunServices: [ATLWJ.EXE] C:\WINDOWS\ATLWJ.EXE
O4 - HKLM\..\RunServices: [D3FM.EXE] C:\WINDOWS\SYSTEM\D3FM.EXE
O4 - HKLM\..\RunServices: [D3FL.EXE] C:\WINDOWS\D3FL.EXE
O4 - HKLM\..\RunServices: [WINKN.EXE] C:\WINDOWS\WINKN.EXE
O4 - HKLM\..\RunServices: [CRAU.EXE] C:\WINDOWS\CRAU.EXE
O4 - HKLM\..\RunServices: [SDKUV.EXE] C:\WINDOWS\SDKUV.EXE
O4 - HKLM\..\RunServices: [WINBL32.EXE] C:\WINDOWS\WINBL32.EXE
O4 - HKLM\..\RunServices: [APPQJ.EXE] C:\WINDOWS\APPQJ.EXE
O4 - HKLM\..\RunServices: [WINMT.EXE] C:\WINDOWS\SYSTEM\WINMT.EXE
O4 - HKLM\..\RunServices: [JAVAAW32.EXE] C:\WINDOWS\JAVAAW32.EXE
O4 - HKLM\..\RunServices: [SDKGN32.EXE] C:\WINDOWS\SYSTEM\SDKGN32.EXE
O4 - HKLM\..\RunServices: [ATLTC32.EXE] C:\WINDOWS\ATLTC32.EXE
O4 - HKLM\..\RunServices: [IEDL32.EXE] C:\WINDOWS\IEDL32.EXE
O4 - HKLM\..\RunServices: [MSHA.EXE] C:\WINDOWS\MSHA.EXE
O4 - HKLM\..\RunServices: [D3BY32.EXE] C:\WINDOWS\D3BY32.EXE
O4 - HKLM\..\RunServices: [WINZE32.EXE] C:\WINDOWS\SYSTEM\WINZE32.EXE
O4 - HKLM\..\RunServices: [MSGL32.EXE] C:\WINDOWS\SYSTEM\MSGL32.EXE
O4 - HKLM\..\RunServices: [CRTT32.EXE] C:\WINDOWS\CRTT32.EXE
O4 - HKLM\..\RunServices: [ADDRI.EXE] C:\WINDOWS\SYSTEM\ADDRI.EXE
O4 - HKLM\..\RunServices: [IPVW.EXE] C:\WINDOWS\SYSTEM\IPVW.EXE
O4 - HKLM\..\RunServices: [APPFR.EXE] C:\WINDOWS\SYSTEM\APPFR.EXE
O4 - HKLM\..\RunServices: [ATLXI.EXE] C:\WINDOWS\ATLXI.EXE
O4 - HKLM\..\RunServices: [WINMP.EXE] C:\WINDOWS\WINMP.EXE
O4 - HKLM\..\RunServices: [APPGE32.EXE] C:\WINDOWS\SYSTEM\APPGE32.EXE
O4 - HKLM\..\RunServices: [ATLOC.EXE] C:\WINDOWS\SYSTEM\ATLOC.EXE
O4 - HKLM\..\RunServices: [APPAJ.EXE] C:\WINDOWS\APPAJ.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
This will take several steps, but we'll get through it. You have a lot of bad stuff on there.

Go to add/remove programs and remove:

weatherbug
webrebates
wild tangent

You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/


Download Ad-aware from: http://www.geekstogo...n=download&id=5
Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.


-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#5
imaworkthis

imaworkthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OKay, I tried to delete the weather bug thing and It wouldnt allow me to...I also tried to run the scans that you gave in the reply. Thoes did not work. I did manage to do the Ad-aware things and after I did that and re-started my computer the same RUNDLL file error came up again. Also after doing these things you asked my computer is wicked slow, worse than before. Anyway...here is the hijackthis logs:
Logfile of HijackThis v1.98.2
Scan saved at 11:46:54 PM, on 11/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINON.EXE
C:\WINDOWS\SYSTEM\JAVARG32.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\ADDER32.EXE
C:\WINDOWS\SYSTEM\ADDKX32.EXE
C:\WINDOWS\D3CI32.EXE
C:\WINDOWS\SYSTEM\JAVAJX.EXE
C:\WINDOWS\APPZV32.EXE
C:\WINDOWS\SYSTEM\IPGX.EXE
C:\WINDOWS\SYSTEM\D3FM.EXE
C:\WINDOWS\ATLWJ.EXE
C:\WINDOWS\D3FL.EXE
C:\WINDOWS\IEKW.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\SYSAQ.EXE
C:\WINDOWS\WINKN.EXE
C:\WINDOWS\CRAU.EXE
C:\WINDOWS\WINBL32.EXE
C:\WINDOWS\SDKUV.EXE
C:\WINDOWS\SYSTEM\WINMT.EXE
C:\WINDOWS\APPQJ.EXE
C:\WINDOWS\JAVAAW32.EXE
C:\WINDOWS\ATLTC32.EXE
C:\WINDOWS\SYSTEM\SDKGN32.EXE
C:\WINDOWS\D3BY32.EXE
C:\WINDOWS\IEDL32.EXE
C:\WINDOWS\SYSTEM\WINZE32.EXE
C:\WINDOWS\SYSTEM\MSGL32.EXE
C:\WINDOWS\MSHA.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\IPVW.EXE
C:\WINDOWS\SYSTEM\ADDRI.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\ATLXI.EXE
C:\WINDOWS\WINMP.EXE
C:\WINDOWS\SYSTEM\APPGE32.EXE
C:\WINDOWS\SYSTEM\ATLOC.EXE
C:\WINDOWS\SYSTEM\APPVJ32.EXE
C:\WINDOWS\MFCUT32.EXE
C:\WINDOWS\SYSTEM\WINXJ32.EXE
C:\WINDOWS\APPAJ.EXE
C:\WINDOWS\SYSTEM\ATLFA32.EXE
C:\WINDOWS\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\APPAJ.EXE
C:\WINDOWS\SYSZC.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\JAVAXE.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\WINOC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\APPAJ.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\WINMP.EXE
C:\WINDOWS\APPZV32.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\ATLXI.EXE
C:\WINDOWS\APIEW.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EWPVSDXA\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {566C8C73-F477-6D31-70C1-67B7AE679108} - C:\WINDOWS\ADDTQ32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe -r
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [APPZV32.EXE] C:\WINDOWS\APPZV32.EXE
O4 - HKLM\..\RunServices: [D3CI32.EXE] C:\WINDOWS\D3CI32.EXE
O4 - HKLM\..\RunServices: [WINQO.EXE] C:\WINDOWS\SYSTEM\WINQO.EXE
O4 - HKLM\..\RunServices: [ADDER32.EXE] C:\WINDOWS\ADDER32.EXE
O4 - HKLM\..\RunServices: [WINON.EXE] C:\WINDOWS\SYSTEM\WINON.EXE
O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\SYSTEM\JAVARG32.EXE
O4 - HKLM\..\RunServices: [CRZM32.EXE] C:\WINDOWS\CRZM32.EXE
O4 - HKLM\..\RunServices: [IPGX.EXE] C:\WINDOWS\SYSTEM\IPGX.EXE
O4 - HKLM\..\RunServices: [JAVAJX.EXE] C:\WINDOWS\SYSTEM\JAVAJX.EXE
O4 - HKLM\..\RunServices: [SYSAQ.EXE] C:\WINDOWS\SYSAQ.EXE
O4 - HKLM\..\RunServices: [ADDKX32.EXE] C:\WINDOWS\SYSTEM\ADDKX32.EXE
O4 - HKLM\..\RunServices: [IEKW.EXE] C:\WINDOWS\IEKW.EXE
O4 - HKLM\..\RunServices: [ATLWJ.EXE] C:\WINDOWS\ATLWJ.EXE
O4 - HKLM\..\RunServices: [D3FM.EXE] C:\WINDOWS\SYSTEM\D3FM.EXE
O4 - HKLM\..\RunServices: [D3FL.EXE] C:\WINDOWS\D3FL.EXE
O4 - HKLM\..\RunServices: [WINKN.EXE] C:\WINDOWS\WINKN.EXE
O4 - HKLM\..\RunServices: [CRAU.EXE] C:\WINDOWS\CRAU.EXE
O4 - HKLM\..\RunServices: [SDKUV.EXE] C:\WINDOWS\SDKUV.EXE
O4 - HKLM\..\RunServices: [WINBL32.EXE] C:\WINDOWS\WINBL32.EXE
O4 - HKLM\..\RunServices: [APPQJ.EXE] C:\WINDOWS\APPQJ.EXE
O4 - HKLM\..\RunServices: [WINMT.EXE] C:\WINDOWS\SYSTEM\WINMT.EXE
O4 - HKLM\..\RunServices: [JAVAAW32.EXE] C:\WINDOWS\JAVAAW32.EXE
O4 - HKLM\..\RunServices: [SDKGN32.EXE] C:\WINDOWS\SYSTEM\SDKGN32.EXE
O4 - HKLM\..\RunServices: [ATLTC32.EXE] C:\WINDOWS\ATLTC32.EXE
O4 - HKLM\..\RunServices: [IEDL32.EXE] C:\WINDOWS\IEDL32.EXE
O4 - HKLM\..\RunServices: [MSHA.EXE] C:\WINDOWS\MSHA.EXE
O4 - HKLM\..\RunServices: [D3BY32.EXE] C:\WINDOWS\D3BY32.EXE
O4 - HKLM\..\RunServices: [WINZE32.EXE] C:\WINDOWS\SYSTEM\WINZE32.EXE
O4 - HKLM\..\RunServices: [MSGL32.EXE] C:\WINDOWS\SYSTEM\MSGL32.EXE
O4 - HKLM\..\RunServices: [CRTT32.EXE] C:\WINDOWS\CRTT32.EXE
O4 - HKLM\..\RunServices: [ADDRI.EXE] C:\WINDOWS\SYSTEM\ADDRI.EXE
O4 - HKLM\..\RunServices: [IPVW.EXE] C:\WINDOWS\SYSTEM\IPVW.EXE
O4 - HKLM\..\RunServices: [APPFR.EXE] C:\WINDOWS\SYSTEM\APPFR.EXE
O4 - HKLM\..\RunServices: [ATLXI.EXE] C:\WINDOWS\ATLXI.EXE
O4 - HKLM\..\RunServices: [WINMP.EXE] C:\WINDOWS\WINMP.EXE
O4 - HKLM\..\RunServices: [APPGE32.EXE] C:\WINDOWS\SYSTEM\APPGE32.EXE
O4 - HKLM\..\RunServices: [ATLOC.EXE] C:\WINDOWS\SYSTEM\ATLOC.EXE
O4 - HKLM\..\RunServices: [APPAJ.EXE] C:\WINDOWS\APPAJ.EXE
O4 - HKLM\..\RunServices: [APPVJ32.EXE] C:\WINDOWS\SYSTEM\APPVJ32.EXE
O4 - HKLM\..\RunServices: [WINXJ32.EXE] C:\WINDOWS\SYSTEM\WINXJ32.EXE
O4 - HKLM\..\RunServices: [MFCUT32.EXE] C:\WINDOWS\MFCUT32.EXE
O4 - HKLM\..\RunServices: [ATLFA32.EXE] C:\WINDOWS\SYSTEM\ATLFA32.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\MFCKZ32.EXE
O4 - HKLM\..\RunServices: [SYSZC.EXE] C:\WINDOWS\SYSZC.EXE
O4 - HKLM\..\RunServices: [JAVAXE.EXE] C:\WINDOWS\SYSTEM\JAVAXE.EXE
O4 - HKLM\..\RunServices: [WINOC.EXE] C:\WINDOWS\WINOC.EXE
O4 - HKLM\..\RunServices: [APIEW.EXE] C:\WINDOWS\APIEW.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I need you to try doing those actions again. Sometimes the second time it will work. Try again and then post another log.
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I started fixing this anyway - and realized you don't have any anti-viral programs installed. Check the site out, there are several free ones available. Also, IE is out of date. That needs to be updated.

Please try to do those items right now. If you can't, do it immediately after fixing this log. I hesitated even trying to fix it because it will be reinfected immediately. This is a rather messed up machine and will take a lot of work, so I need you to do this or we're both wasting our time.


You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hdpex.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {566C8C73-F477-6D31-70C1-67B7AE679108} - C:\WINDOWS\ADDTQ32.DLL


O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [APPZV32.EXE] C:\WINDOWS\APPZV32.EXE
O4 - HKLM\..\RunServices: [D3CI32.EXE] C:\WINDOWS\D3CI32.EXE
O4 - HKLM\..\RunServices: [WINQO.EXE] C:\WINDOWS\SYSTEM\WINQO.EXE
O4 - HKLM\..\RunServices: [ADDER32.EXE] C:\WINDOWS\ADDER32.EXE
O4 - HKLM\..\RunServices: [WINON.EXE] C:\WINDOWS\SYSTEM\WINON.EXE
O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\SYSTEM\JAVARG32.EXE
O4 - HKLM\..\RunServices: [CRZM32.EXE] C:\WINDOWS\CRZM32.EXE
O4 - HKLM\..\RunServices: [IPGX.EXE] C:\WINDOWS\SYSTEM\IPGX.EXE
O4 - HKLM\..\RunServices: [JAVAJX.EXE] C:\WINDOWS\SYSTEM\JAVAJX.EXE
O4 - HKLM\..\RunServices: [SYSAQ.EXE] C:\WINDOWS\SYSAQ.EXE
O4 - HKLM\..\RunServices: [ADDKX32.EXE] C:\WINDOWS\SYSTEM\ADDKX32.EXE
O4 - HKLM\..\RunServices: [IEKW.EXE] C:\WINDOWS\IEKW.EXE
O4 - HKLM\..\RunServices: [ATLWJ.EXE] C:\WINDOWS\ATLWJ.EXE
O4 - HKLM\..\RunServices: [D3FM.EXE] C:\WINDOWS\SYSTEM\D3FM.EXE
O4 - HKLM\..\RunServices: [D3FL.EXE] C:\WINDOWS\D3FL.EXE
O4 - HKLM\..\RunServices: [WINKN.EXE] C:\WINDOWS\WINKN.EXE
O4 - HKLM\..\RunServices: [CRAU.EXE] C:\WINDOWS\CRAU.EXE
O4 - HKLM\..\RunServices: [SDKUV.EXE] C:\WINDOWS\SDKUV.EXE
O4 - HKLM\..\RunServices: [WINBL32.EXE] C:\WINDOWS\WINBL32.EXE
O4 - HKLM\..\RunServices: [APPQJ.EXE] C:\WINDOWS\APPQJ.EXE
O4 - HKLM\..\RunServices: [WINMT.EXE] C:\WINDOWS\SYSTEM\WINMT.EXE
O4 - HKLM\..\RunServices: [JAVAAW32.EXE] C:\WINDOWS\JAVAAW32.EXE
O4 - HKLM\..\RunServices: [SDKGN32.EXE] C:\WINDOWS\SYSTEM\SDKGN32.EXE
O4 - HKLM\..\RunServices: [ATLTC32.EXE] C:\WINDOWS\ATLTC32.EXE
O4 - HKLM\..\RunServices: [IEDL32.EXE] C:\WINDOWS\IEDL32.EXE
O4 - HKLM\..\RunServices: [MSHA.EXE] C:\WINDOWS\MSHA.EXE
O4 - HKLM\..\RunServices: [D3BY32.EXE] C:\WINDOWS\D3BY32.EXE
O4 - HKLM\..\RunServices: [WINZE32.EXE] C:\WINDOWS\SYSTEM\WINZE32.EXE
O4 - HKLM\..\RunServices: [MSGL32.EXE] C:\WINDOWS\SYSTEM\MSGL32.EXE
O4 - HKLM\..\RunServices: [CRTT32.EXE] C:\WINDOWS\CRTT32.EXE
O4 - HKLM\..\RunServices: [ADDRI.EXE] C:\WINDOWS\SYSTEM\ADDRI.EXE
O4 - HKLM\..\RunServices: [IPVW.EXE] C:\WINDOWS\SYSTEM\IPVW.EXE
O4 - HKLM\..\RunServices: [APPFR.EXE] C:\WINDOWS\SYSTEM\APPFR.EXE
O4 - HKLM\..\RunServices: [ATLXI.EXE] C:\WINDOWS\ATLXI.EXE
O4 - HKLM\..\RunServices: [WINMP.EXE] C:\WINDOWS\WINMP.EXE
O4 - HKLM\..\RunServices: [APPGE32.EXE] C:\WINDOWS\SYSTEM\APPGE32.EXE
O4 - HKLM\..\RunServices: [ATLOC.EXE] C:\WINDOWS\SYSTEM\ATLOC.EXE
O4 - HKLM\..\RunServices: [APPAJ.EXE] C:\WINDOWS\APPAJ.EXE
O4 - HKLM\..\RunServices: [APPVJ32.EXE] C:\WINDOWS\SYSTEM\APPVJ32.EXE
O4 - HKLM\..\RunServices: [WINXJ32.EXE] C:\WINDOWS\SYSTEM\WINXJ32.EXE
O4 - HKLM\..\RunServices: [MFCUT32.EXE] C:\WINDOWS\MFCUT32.EXE
O4 - HKLM\..\RunServices: [ATLFA32.EXE] C:\WINDOWS\SYSTEM\ATLFA32.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\MFCKZ32.EXE
O4 - HKLM\..\RunServices: [SYSZC.EXE] C:\WINDOWS\SYSZC.EXE
O4 - HKLM\..\RunServices: [JAVAXE.EXE] C:\WINDOWS\SYSTEM\JAVAXE.EXE
O4 - HKLM\..\RunServices: [WINOC.EXE] C:\WINDOWS\WINOC.EXE
O4 - HKLM\..\RunServices: [APIEW.EXE] C:\WINDOWS\APIEW.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):


C:\WINDOWS\SYSTEM\WINON.EXE
C:\WINDOWS\SYSTEM\JAVARG32.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\ADDER32.EXE
C:\WINDOWS\SYSTEM\ADDKX32.EXE
C:\WINDOWS\D3CI32.EXE
C:\WINDOWS\SYSTEM\JAVAJX.EXE
C:\WINDOWS\APPZV32.EXE
C:\WINDOWS\SYSTEM\IPGX.EXE
C:\WINDOWS\SYSTEM\D3FM.EXE
C:\WINDOWS\ATLWJ.EXE
C:\WINDOWS\D3FL.EXE
C:\WINDOWS\IEKW.EXE
C:\WINDOWS\CRZM32.EXE
C:\WINDOWS\SYSAQ.EXE
C:\WINDOWS\WINKN.EXE
C:\WINDOWS\CRAU.EXE
C:\WINDOWS\WINBL32.EXE
C:\WINDOWS\SDKUV.EXE
C:\WINDOWS\SYSTEM\WINMT.EXE
C:\WINDOWS\APPQJ.EXE
C:\WINDOWS\JAVAAW32.EXE
C:\WINDOWS\ATLTC32.EXE
C:\WINDOWS\SYSTEM\SDKGN32.EXE
C:\WINDOWS\D3BY32.EXE
C:\WINDOWS\IEDL32.EXE
C:\WINDOWS\SYSTEM\WINZE32.EXE
C:\WINDOWS\SYSTEM\MSGL32.EXE
C:\WINDOWS\MSHA.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\IPVW.EXE
C:\WINDOWS\SYSTEM\ADDRI.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\ATLXI.EXE
C:\WINDOWS\WINMP.EXE
C:\WINDOWS\SYSTEM\APPGE32.EXE
C:\WINDOWS\SYSTEM\ATLOC.EXE
C:\WINDOWS\SYSTEM\APPVJ32.EXE
C:\WINDOWS\MFCUT32.EXE
C:\WINDOWS\SYSTEM\WINXJ32.EXE
C:\WINDOWS\APPAJ.EXE
C:\WINDOWS\SYSTEM\ATLFA32.EXE
C:\WINDOWS\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\APPAJ.EXE
C:\WINDOWS\SYSZC.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\JAVAXE.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\SYSTEM\WINQO.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\WINOC.EXE

C:\WINDOWS\APPAJ.EXE

C:\WINDOWS\WINMP.EXE
C:\WINDOWS\APPZV32.EXE
C:\WINDOWS\SYSTEM\APPFR.EXE
C:\WINDOWS\CRTT32.EXE
C:\WINDOWS\ATLXI.EXE
C:\WINDOWS\APIEW.EXE

Run adaware and clean out your temp. files as instructed in the previous post. Install an antiviral and update IE. Then run housecall and moosoft.

Reboot and post a new log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP