• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
wts

system folder opens when staring computer

15 posts in this topic

Hi wts, can you please download HijackThis. Extract it to it's own folder, run it, and press the scan button. Then press the Save Log button and copy it's contents into a reply in this thread. Thanks.

Share this post


Link to post
Share on other sites

I hate to be a bother, but could you please paste your log into a reply rather than atach it, it's just infinitley easier to work on that way.

 

Thanks.

 

*edit* Just highlight your entire log (ctrl+a) copy it onto your clipboard (ctrl+c) and paste it into a reply (ctrl+v)

Edited by Gwyrox732

Share this post


Link to post
Share on other sites

Sorry about that. Not sure how.

Like this?

 

Logfile of HijackThis v1.98.0

Scan saved at 10:31:38 PM, on 7/7/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\COMPAQ\CPQINET\CPQINET.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

C:\WINDOWS\SYSTEM\HPOOPM07.EXE

C:\RAY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\KGFPQIHU.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\PALTALK\PNETAWARE.EXE

C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\RBENHANCE\RBENH.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-websearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

O1 - Hosts: 193.125.201.50 ie.search.msn.com

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe

O4 - HKLM\..\Run: [shell] c:\ray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [] c:\Windows\System\

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKLM\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [khjz] C:\WINDOWS\kgfpqihu.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [] c:\Windows\System\

O4 - HKCU\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKCU\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - Startup: Compaq Knowledge Center.lnk = C:\program files\Compaq Knowledge Center\bin\silent.exe

O4 - Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nstall_popup.pl

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Edited by wts

Share this post


Link to post
Share on other sites

It got rid of one item. But same start up as before.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:31:38 PM, on 7/7/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\COMPAQ\CPQINET\CPQINET.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

C:\WINDOWS\SYSTEM\HPOOPM07.EXE

C:\RAY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\KGFPQIHU.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\PALTALK\PNETAWARE.EXE

C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\RBENHANCE\RBENH.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-websearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

O1 - Hosts: 193.125.201.50 ie.search.msn.com

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe

O4 - HKLM\..\Run: [shell] c:\ray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [] c:\Windows\System\

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKLM\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [khjz] C:\WINDOWS\kgfpqihu.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [] c:\Windows\System\

O4 - HKCU\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKCU\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - Startup: Compaq Knowledge Center.lnk = C:\program files\Compaq Knowledge Center\bin\silent.exe

O4 - Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nstall_popup.pl

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

OOPs.

Logfile of HijackThis v1.98.0

Scan saved at 11:18:09 PM, on 7/7/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\RBENHANCE\RBENH.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\COMPAQ\CPQINET\CPQINET.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

C:\WINDOWS\SYSTEM\HPOOPM07.EXE

C:\RAY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\KGFPQIHU.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\PALTALK\PNETAWARE.EXE

C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-websearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

O1 - Hosts: 193.125.201.50 ie.search.msn.com

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe

O4 - HKLM\..\Run: [shell] c:\ray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [] c:\Windows\System\

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKLM\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [khjz] C:\WINDOWS\kgfpqihu.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [] c:\Windows\System\

O4 - HKCU\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKCU\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - Startup: Compaq Knowledge Center.lnk = C:\program files\Compaq Knowledge Center\bin\silent.exe

O4 - Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nstall_popup.pl

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

The following fix will get rid of most of your problems (except for your C:\WINDOWS\System error, where I just wanted to get everything else out of the way first).

 

First, end the following processes using your Task Manager (ctl+alt+del once):

C:\RAY.EXE

C:\WINDOWS\KGFPQIHU.EXE

 

Next, place a checkmark next to the following entries in HijackThis and press "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-websearch.com/

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

O1 - Hosts: 193.125.201.50 ie.search.msn.com

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [shell] c:\ray.exe

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [khjz] C:\WINDOWS\kgfpqihu.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServicesOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe

 

Reboot your computer and delete the following files/folders (you may have to show hidden files) if they are there:

C:\RAY.EXE

C:\WINDOWS\KGFPQIHU.EXE

C:\PROGRAM FILES\TV MEDIA\ <-folder

C:\WINDOWS\BXXS5.DLL

C:\program files\RBEnhance <-folder

C:\WINDOWS\kgfpqihu.exe

C:\Program Files\webHancer\Programs\ <-folder

 

Now reboot and post a new log so we can take care of the most visible problem.

 

Thanks for your patience.

Share this post


Link to post
Share on other sites

Thank you for helping. Here is the new log.

 

Logfile of HijackThis v1.98.0

Scan saved at 12:05:08 AM, on 7/8/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\COMPAQ\CPQINET\CPQINET.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

C:\WINDOWS\SYSTEM\HPOOPM07.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\PALTALK\PNETAWARE.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [] c:\Windows\System\

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKLM\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [rb32 ml806e] "C:\program files\RapidBlaster\rb32.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [] c:\Windows\System\

O4 - HKCU\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKCU\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\Windows\System\</BODY>

O4 - Startup: Compaq Knowledge Center.lnk = C:\program files\Compaq Knowledge Center\bin\silent.exe

O4 - Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=3c00&LC=0409 (file missing)

O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nstall_popup.pl

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

Now, to finish this log :lol:

 

Fix these in HijackThis just like before:

O4 - HKLM\..\Run: [] c:\Windows\System\

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKLM\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\Windows\System\</BODY>

O4 - HKLM\..\Run: [rbenh ml806e] "C:\program files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [rb32 ml806e] "C:\program files\RapidBlaster\rb32.exe"

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\Windows\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\Windows\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\Windows\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [] c:\Windows\System\

O4 - HKCU\..\Run: [<H] c:\Windows\System\<HEAD>

O4 - HKCU\..\Run: [</H] c:\Windows\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\Windows\System\<BODY>

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\Windows\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\Windows\System\</BODY>

 

And reboot one final time. Your System folder should not open this time. There is no need to post a new log, unless you would like to, just tell if it worked.

 

Thank you.

Share this post


Link to post
Share on other sites

My pleasure, especially since I'm researching logs like yours to figure out where they come from. Yours helped to connect a couple more dots, so to speak.

 

And, as always, check out this thread for some great advice on how to make sure it never happens again.

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team

an email with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0