Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Problems I Cannot Get Rid Of


  • Please log in to reply
10 replies to this topic

#1 DeniseM

DeniseM

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 21 December 2005 - 08:15 PM

i have run my ad-aware and spybot, run them both in safe mode, deleted all the problems
but they keep coming back, I get an error saying I have too many windows open continually. Delete
the problems and they come back again
last hijack file showed 2 entries of surfsidekick3, nwf, omf and more

heres my hijack file, I'm not sure what to do now...Thank you

thank you!!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REVOSVNF\COMMAND.EXE
C:\WINDOWS\SYSTEM\EDVRKSHABH.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\SYSTEM FILES\SYSTEM.EXE
D:\BACKUP\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\AD-AWARE.6.PRO.BUILD.181 + EXTRAS\AD-AWARE 6\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [PRUTQCT] C:\WINDOWS\SYSTEM\PRUTQCT.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = D:\backup\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com (HKLM)

BC AdBot (Login to Remove)

 


m

#2 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 22 December 2005 - 08:43 AM

The log I posted above was not done in safe mode
booting up my computer today Callinghome.biz came up on my spybot and my adaware is blocking APD123
thank you I'll have to try to find spywareblaster and ewido

Mod Edit -The member that posted to you was not a member of our HJT team. I removed his/her post. ~Joshuacat

Edited by Joshuacat, 23 December 2005 - 09:58 PM.


#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 23 December 2005 - 09:56 PM

You have not posted an entire log - the top and bottom are cut off

Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there

Your AdAware is old

Get all of these and/or verify you have the current versions

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Do the above boot and a new log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 24 December 2005 - 01:53 PM

sorry here is a log with the current hijack this
i've done everything else except for add the msantispy because i'm not sure i can use it with
windows ME?

Logfile of HijackThis v1.99.1
Scan saved at 1:49:00 PM, on 12/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REVOSVNF\COMMAND.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
D:\BACKUP\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT1.4\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = D:\backup\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - (no file)

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 24 December 2005 - 02:52 PM

Oooops sorry - you cannot

AOL Buddy virus

http://securityresponse.symantec.com/avcen...ddyremoval.html

Is your Norton up to date as it should have removed it????????????
===================
Do this
http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
==========
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 02:39 PM

I want to thank you for helping me with all this, it is GREATLY APPRECIATED!!

what a mess UGH
I checked my nortons and it says it is up to date, although it is only a 2003 version
my buddy virus was removed when I went to your link (hopefully) it said it was! lol

here are the two logs you requested:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 26, 2005 10:06:00
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/12/2005
Kaspersky Anti-Virus database records: 157314
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\WINDOWS\TEMP\

Scan Statistics:
Total number of scanned objects: 7331
Number of viruses found: 15
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 1846 sec

Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM\Cache\HelperInstaller.exe Infected: Trojan-Dropper.Win32.Delf.z
C:\WINDOWS\SYSTEM\Cache\cxtpls_loader.exe Infected: Trojan-Downloader.Win32.Apropo.r
C:\WINDOWS\SYSTEM\Cache\pi1_51.exe Infected: Trojan-Downloader.Win32.Small.afq
C:\WINDOWS\SYSTEM\Cache\adl_dh.exe Infected: Trojan-Downloader.Win32.Agent.hw
C:\WINDOWS\SYSTEM\Cache\BlazeVCM7.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\SYSTEM\Cache\BlazeVCM7.exe/data0003 Infected: Trojan-Downloader.Win32.Small.aly
C:\WINDOWS\SYSTEM\Cache\BlazeVCM7.exe Infected: Trojan-Downloader.Win32.Small.aly
C:\WINDOWS\SYSTEM\Cache\InstallAPS.exe Infected: Trojan-Dropper.Win32.Small.ul
C:\WINDOWS\SYSTEM\Cache\videoinst.exe Infected: Trojan-Downloader.Win32.Small.wj
C:\WINDOWS\SYSTEM\Cache\SSK_B5 WMG Media - Rev Share.EXE Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\SYSTEM\Cache\AUNIcons.exe Infected: Trojan-Downloader.Win32.Agent.jq
C:\WINDOWS\SYSTEM\Cache\setup66.exe Infected: Trojan-Dropper.Win32.Small.fl
C:\WINDOWS\SYSTEM\Cache\setup.exe/data0001/EXE-file Infected: Trojan.Win32.VB.tq
C:\WINDOWS\SYSTEM\Cache\setup.exe/data0001 Infected: Trojan.Win32.VB.tq
C:\WINDOWS\SYSTEM\Cache\setup.exe Infected: Trojan.Win32.VB.tq
C:\WINDOWS\SYSTEM\sysmonnt.exe Infected: Trojan.Win32.VB.tq
C:\WINDOWS\SYSTEM\dist001.exe Infected: Trojan-Downloader.Win32.Agent.aaf
C:\WINDOWS\SYSTEM\sate.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\DH.dll Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.

i think i'm adding more junk instead of removing :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:17 PM, on 12/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REVOSVNF\COMMAND.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
D:\BACKUP\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT1.4\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = D:\backup\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - (no file)

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 03:17 PM

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - (no file)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\PROGRAM FILES\COMMON FILES\WINTOOLS
C:\WINDOWS\SYSTEM\Cache\HelperInstaller.exe
C:\WINDOWS\SYSTEM\Cache\cxtpls_loader.exe
C:\WINDOWS\SYSTEM\Cache\pi1_51.exe
C:\WINDOWS\SYSTEM\Cache\adl_dh.exe
C:\WINDOWS\SYSTEM\Cache\BlazeVCM7.exe
C:\WINDOWS\SYSTEM\Cache\InstallAPS.exe
C:\WINDOWS\SYSTEM\Cache\videoinst.exe
C:\WINDOWS\SYSTEM\Cache\SSK_B5 WMG Media - Rev Share.EXE
C:\WINDOWS\SYSTEM\Cache\AUNIcons.exe
C:\WINDOWS\SYSTEM\Cache\setup66.exe
C:\WINDOWS\SYSTEM\Cache\setup.exe
C:\WINDOWS\SYSTEM\sysmonnt.exe
C:\WINDOWS\SYSTEM\dist001.exe
C:\WINDOWS\SYSTEM\sate.exe
C:\WINDOWS\DH.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 05:51 PM

wohoooo movin right along here
everything deleted except for:
C:\PROGRAM FILES\COMMON FILES\WINTOOLS
the Kill program said it doesnt exist

heres my new log file..... thank you!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 5:48:18 PM, on 12/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\REVOSVNF\COMMAND.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
D:\BACKUP\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT1.4\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = D:\backup\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 06:25 PM

Fix this

O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)

Get those tools mentioned in post #3

SHould be good to go, if not what is happening
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 07:19 PM

YEAH!! :thumbsup:
thanks for all your help
I have everything done you requested now and crossing my fingers that I'm running smoothly
I'd like to fix 2 more small problems and I'm not sure how to go about it
if you could help I'd appreciate it and then I'll leave you to all your other customers lol
When I boot up my computer I'm getting two error messages every time

#1. Problem with shortcut
the shortcut zeno.Ink refers to a location that is unavailable
(i'm not even sure what zeno is)
and the other is
#2 for my real player
Unable to establis a cnnection with the server
http://systemboothideplayer

I dont want it to connect automatically when I start my computer

thanks,
have a great week!

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 26 December 2005 - 08:51 PM

That is zeno.lnk not Ink and if it is invalid delete the link on the destop (I assume that/st wher eit is)


Fix this entry in HJT

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users