Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is so slow - winfixer - tons of popups [RESOLVED]

Started by timlovesfaith , Aug 19 2005 02:09 PM

  • This topic is locked This topic is locked

#16
Emilita
Posted 01 September 2005 - 04:27 PM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts
Hi,
Go to Add/Remove Programs List and uninstall these if present:
SurfSideKick
Cas

Double-click on the killbox.exe program. Select the option labeled "Delete on Reboot." Copy the file names below to the clipboard by highlighting them and pressing Control-C: (or by highlighting them, then rightclick and click "copy".


C:\WINDOWS\SYSTEM\ide21201.vxd
C:\keys.ini
C:\WINDOWS\ALCHEM.INI
C:\WINDOWS\cfgmgr52.ini
C:\PROGRAM FILES\CasStub
C:\Program Files\Cas
C:\WINDOWS\gaubu.dat

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the "Delete on Reboot" prompt. If your computer does not restart automatically, please restart it manually.

Using windows explorer go to your C\Windows folder and delete everything inside the "temp" folder



1. Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

2. Download WinHelp2002's DelDomains.inf.
Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop.
Run the "WinHelp2002's DelDomains.inf" that you've downloaded by rightclicking on it and select Install. this will remove all the sites in trusted/restricted zones.
If you have spybot and used its immunize feature then you have to re-immunize, if you have SpywareBlaster then you have to re-enable all protection.

3. Download CleanUp
Install the program, dont run it yet, we will later.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer and please post a new HJT log,
  • 0

Advertisements

#17
timlovesfaith
Posted 06 September 2005 - 12:05 AM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi!!
Sorry it took so long to reply. I did not see the 2nd page.
I did all stated above. Here are my new results:

Logfile of HijackThis v1.99.1
Scan saved at 1:00:49 AM, on 9/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Microsoft Picture It! PhotoPub\IE95boot.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://128.167.56.50...cherControl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.cleve...everContent.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream...er/tdserver.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ImageEditor.cab
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.82.184.122...sCamControl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

THANKS!!!
  • 0

#18
Emilita
Posted 06 September 2005 - 03:53 PM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts
Hi timlovesfaith,
Your Hijackthis log looks clean!

To help protect your computer in the future I recommend the following free programs:
SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.

It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Regularly running your AdAware and Spybot and make sure you check for updates and download updates before scanning.
AdAware
Spybot Search & Destroy

You can also get a free firewall here:
ZoneAlarm

And also see TonyKlein's good advice
So how did I get infected in the first place?
and Spyware Aid's spyware article:
Spyware, Adware, Malware:
What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#19
timlovesfaith
Posted 06 September 2005 - 07:16 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Thank you so much!

One more question:
When I start my computer, a box comes up after my comp starts loading and it sats "SETUP" then it says to complete setup, I need to restart my computer. I will click yes and it says it everytime. Is there anyway I can get rid of this?
Also, if I have more than one window up, the computer brings up a box, after a while, that says, "Runtime Error 226 at 04E0605B"

Thanks

Edited by timlovesfaith, 06 September 2005 - 07:20 PM.

  • 0

#20
Emilita
Posted 07 September 2005 - 11:49 PM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts

One more question:
When I start my computer, a box comes up after my comp starts loading and it sats "SETUP" then it says to complete setup, I need to restart my computer. I will click yes and it says it everytime. Is there anyway I can get rid of this?
Also, if I have more than one window up, the computer brings up a box, after a while, that says, "Runtime Error 226 at 04E0605B"

When did this start happening? It might be caused by some programs, do you have Spyware Doctor?
You could try running "System File Checker" which corrects corrupt files.
Go to Start > Run, type in sfc hit Enter and follow the prompts. You may need your Windows installation cd.

There's a Win98 forum here at GeeksToGo, they might know what's causing the runtime error. Sorry I don't have much of an idea, hope someone can help you with this.
http://www.geekstogo...p?act=SF&s=&f=3
  • 0

#21
timlovesfaith
Posted 08 September 2005 - 02:27 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
it has been happening for a while now.
When I did a system file checker the following files showed up (when I tried to restore it stated "The file was not found. Verify that you have selected the correct 'restore from' location and try again", I have it set on D:\WIN98\ & inserted the Windows 98 disk in my D: drive)

mcfuia32.dll

I do not have spyware doctor, should I download it?
  • 0

#22
Emilita
Posted 08 September 2005 - 07:56 PM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts

it has been happening for a while now.
When I did a system file checker the following files showed up (when I tried to restore it stated "The file was not found. Verify that you have selected the correct 'restore from' location and try again", I have it set on D:\WIN98\ & inserted the Windows 98 disk in my D: drive)

mcfuia32.dll

Are you sure it's that dll or do you mean this dll? mfcuia32.dll

I do not have spyware doctor, should I download it?

No don't download it, I was only asking because that program sometimes can caused runtime errors.
  • 0

#23
timlovesfaith
Posted 08 September 2005 - 10:48 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
it is:
mfcuia32.dll

You are right. How do I fix that, is that the problem?
  • 0

#24
Emilita
Posted 09 September 2005 - 06:02 AM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts

it is:
mfcuia32.dll

You are right. How do I fix that, is that the problem?

I'm not sure if that is the caused of the problem but you can try fixing that and we'll see if it helps.
Can you also post a new HJT log just in case there are some new entries there? thanks.

You can use System File Checker to extract the file from win98_33.cab if you have that CAB file on your computer.
Or:
You can also download mfcuia32.dll from these locations:
http://files.chatnfiles.com/Netware%20Super%20Library/DLL/

http://www.dll-files.com/dllindex/dll-files.shtml?mfcuia32
  • 0

#25
timlovesfaith
Posted 12 September 2005 - 12:22 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Ok! I went away for the weekend and just got back and turned on my computer and when it was booting these things came up saying that these have been deleted and they "cannot find the devices need to run windows" and these were the ones listed: SAVRT.VXD , SYMTD.VXD , C:\Progra~/Norton~2/Savrtpel.vxd .

This is the actual text:

"Cannot find a device file that may be needed to run windows or a windows application.
The windows registry or SYSTEM.INI file refers to this device file, be the device file no longer exists.
If you deleted this file on purpose, try uninstalling the associated application using its uninstall or setup program.
If you still want to use the application associated with this device file, try reinstalling that application to replace the missing file.
SYMTDI.VXD
Press Any Key To Continue

Cannot find a device file that may be needed to run windows or a windows application.
The windows registry or SYSTEM.INI file refers to this device file, be the device file no longer exists.
If you deleted this file on purpose, try uninstalling the associated application using its uninstall or setup program.
If you still want to use the application associated with this device file, try reinstalling that application to replace the missing file.
C:\PROGRA~1\NORTON~2\SAVRTPEL.VXD
Press Any Key To Continue

Cannot find a device file that may be needed to run windows or a windows application.
The windows registry or SYSTEM.INI file refers to this device file, be the device file no longer exists.
If you deleted this file on purpose, try uninstalling the associated application using its uninstall or setup program.
If you still want to use the application associated with this device file, try reinstalling that application to replace the missing file.
C:\PROGRA~1\NORTON~2\SAVRT.VXD"

When my comp loaded up my icons are all really big and now with internet up there is this grey haze over my computer screen and everything is twice the size it should be.
What should I delete, what programs? The last thing I did was remove the things on Hijack this that you asked me to. :tazz:
Please Help Again!
:)
THANKS

Edited by timlovesfaith, 12 September 2005 - 03:05 PM.

  • 0

Advertisements

#26
Emilita
Posted 13 September 2005 - 01:01 AM

Emilita

    Visiting Staff

  • Visiting Consultant
  • 273 posts
Hi timlovesfaith,
I got help from an Expert Michelle (thank you Michelle.)

Copy everything inside the quote box below (starting with REGEDIT4) and paste it into Notepad. Go up to "File > Save As" then click the drop-down box to change the "Save As Type" to "All Files". Save it as remvxd.reg on your desktop:

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SAVRT]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SYMTDI]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SAVRTPEL]

Double-click remvxd.reg on your desktop and when asked if you want to merge with the registry click YES. Reboot your computer and let me know if you're receiving any other error messages.
  • 0

#27
timlovesfaith
Posted 13 September 2005 - 12:35 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi,
Ok, The Error messages are gone. But, my computer screen & icons is still twice the size it should be and my net still has the grey haze over it. :tazz: I went into my settings and they are set on 16 Color with a 640x 480 screen, but when i change it and reboot it, it goes back the same. :)
THANKS!!
  • 0

#28
timlovesfaith
Posted 14 September 2005 - 04:23 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I am now getting the message:
RUNDLL
C:\Progra~1/WildTa~/apps/cda/cdaeng~1dll
This system cannot find the path specified.

I think my computer screen is message up because it will not come of 16 Color (even when I change it) and the screen will not come off of 640 x 480, when previously it was on High Color (16 bit) & 800 x 600 :tazz:
  • 0

#29
Michelle
Posted 14 September 2005 - 05:51 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello timlovesfaith :tazz:

Will you post a new Hijackthis log into this topic, please. Also, please tell me what video card you have.
  • 0

#30
timlovesfaith
Posted 14 September 2005 - 07:50 PM

timlovesfaith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
THANK YOU! :tazz:

My Video Card is I think : SiS 900 PCI Fast Ethernet Adapter


Logfile of HijackThis v1.99.1
Scan saved at 8:39:27 PM, on 9/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\WINMX\WINMX.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
O4 - HKLM\..\Run: [xdusufs] C:\WINDOWS\SYSTEM\xmygxw.exe
O4 - HKLM\..\Run: [SRPJT40M] C:\WINDOWS\SYSTEM\SRPJT40M.exe
O4 - HKLM\..\Run: [Fme.exe] C:\WINDOWS\TEMP\FME.EXE
O4 - HKLM\..\Run: [WAO7Q0KZU.EXE] C:\WINDOWS\TEMP\WAO7Q0KZU.EXE
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [2M5DH#L3@S9Y6H] C:\WINDOWS\SYSTEM\KrwH5g.exe
O4 - HKLM\..\Run: [qE2X36R] SCSTVSDS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NR20R] C:\WINDOWS\SYSTEM\NR20R.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WinMX] C:\PROGRAM FILES\WINMX\WINMX.EXE -m
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\MNIBKLS9\SUBMITED.PIF
O4 - HKCU\..\Run: [Nrad] C:\WINDOWS\Application Data\buas.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - HKCU\..\Run: [bpt7RWdmi] SERHRL12.EXE
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Microsoft Picture It! PhotoPub\IE95boot.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://128.167.56.50...cherControl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.25.44...etzip/RdxIE.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.cleve...everContent.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream...er/tdserver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ImageEditor.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.82.184.122...sCamControl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Edited by timlovesfaith, 14 September 2005 - 07:51 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP