• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
The real jared

res://apkfu.dll/index.html#96676

10 posts in this topic

This is the homepage my computer is automatically setting itself to everytime i turn on my comp. I have tried ad-aware and S&D and they don't work. norton antivirus deletes it only for it to comeback upon reboot. could use help. will post HJT log if needed. Thx all.

Share this post


Link to post
Share on other sites

  1. Double click on "My Computer" to open it. Double click on the local "C-Drive" to open it. Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT. Please download HijackThis from this link, install it into C:\HJT. Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  2. Run HijackThis (This should, typically, be run from C:\HJT\HijackThis.exe)
    • Click on "Config" in the bottom right corner of the HijackThis window.
    • Make sure that the "Main" tab is selected at the top.
    • Place a checkmark in the box labelled "Make backups before fixing items".
    • Click on "Back" in the bottom right corner.
    • Click on "Scan" => "Save Log", accept the defaults and then copy the entire contents of the notepad window that will open.

[*]Please download About:Buster from any of the following sites:

[*]Unzip it to your desktop.

[*]Double click it and hit "Ok".

[*]Click "Start".

[*]Select "Ok" to start the scan.

[*]The scan should take a few seconds.

[*]Once it is done save the report.

[*]Post the results of the report and a fresh HijackThis log for review.

Share this post


Link to post
Share on other sites

-- Scan 1 --------

About:Buster Version 1.32

Removed! : C:\WINDOWS\rasnsb.dat

Removed! : C:\WINDOWS\scanregw.exe

Removed! : C:\WINDOWS\arlxa.dat

Removed! : C:\WINDOWS\taskmon.exe.$$$

Removed! : C:\WINDOWS\CREM.EXE.$$$

Removed! : C:\WINDOWS\ADDYH32.EXE.$$$

Removed! : C:\WINDOWS\SYSTEM\apkfu.dll

Error Removing! : C:\WINDOWS\SYSTEM\apiod.exe

Error Removing! : C:\WINDOWS\SYSTEM\mfcks32.exe

Removed! : C:\WINDOWS\SYSTEM\vyoqz.dat

Removed! : C:\WINDOWS\SYSTEM\ymsih.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 1.32

Error Removing! : C:\WINDOWS\SYSTEM\apiod.exe

Error Removing! : C:\WINDOWS\SYSTEM\mfcks32.exe

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

Logfile of HijackThis v1.98.0

Scan saved at 3:18:54 PM, on 7/27/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM\APIOD.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\HPZTSB05.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\MFCKS32.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATR32.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\MSTP32.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [APPZP.EXE] C:\WINDOWS\SYSTEM\APPZP.EXE

O4 - HKLM\..\Run: [ADDJE32.EXE] C:\WINDOWS\SYSTEM\ADDJE32.EXE

O4 - HKLM\..\Run: [JAVAWC.EXE] C:\WINDOWS\SYSTEM\JAVAWC.EXE

O4 - HKLM\..\Run: [MFCPK32.EXE] C:\WINDOWS\SYSTEM\MFCPK32.EXE

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [MSXN32.EXE] C:\WINDOWS\MSXN32.EXE

O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\JAVARG32.EXE

O4 - HKLM\..\RunServices: [NTKG.EXE] C:\WINDOWS\SYSTEM\NTKG.EXE

O4 - HKLM\..\RunServices: [ATLBE32.EXE] C:\WINDOWS\ATLBE32.EXE

O4 - HKLM\..\RunServices: [iPRM.EXE] C:\WINDOWS\IPRM.EXE

O4 - HKLM\..\RunServices: [D3EA.EXE] C:\WINDOWS\D3EA.EXE

O4 - HKLM\..\RunServices: [APPEV.EXE] C:\WINDOWS\APPEV.EXE

O4 - HKLM\..\RunServices: [APIKE32.EXE] C:\WINDOWS\APIKE32.EXE

O4 - HKLM\..\RunServices: [NETZN32.EXE] C:\WINDOWS\NETZN32.EXE

O4 - HKLM\..\RunServices: [MSVM32.EXE] C:\WINDOWS\SYSTEM\MSVM32.EXE

O4 - HKLM\..\RunServices: [MSCT32.EXE] C:\WINDOWS\SYSTEM\MSCT32.EXE

O4 - HKLM\..\RunServices: [MFCPS32.EXE] C:\WINDOWS\SYSTEM\MFCPS32.EXE

O4 - HKLM\..\RunServices: [NTWT32.EXE] C:\WINDOWS\SYSTEM\NTWT32.EXE

O4 - HKLM\..\RunServices: [sYSSJ32.EXE] C:\WINDOWS\SYSSJ32.EXE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM\..\RunServices: [APIOD.EXE] C:\WINDOWS\SYSTEM\APIOD.EXE

O4 - Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - User Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - User Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mwc.edu

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

Logfile of HijackThis v1.98.0

Scan saved at 3:18:54 PM, on 7/27/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM\APIOD.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\HPZTSB05.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\MFCKS32.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATR32.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\MSTP32.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [APPZP.EXE] C:\WINDOWS\SYSTEM\APPZP.EXE

O4 - HKLM\..\Run: [ADDJE32.EXE] C:\WINDOWS\SYSTEM\ADDJE32.EXE

O4 - HKLM\..\Run: [JAVAWC.EXE] C:\WINDOWS\SYSTEM\JAVAWC.EXE

O4 - HKLM\..\Run: [MFCPK32.EXE] C:\WINDOWS\SYSTEM\MFCPK32.EXE

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [MSXN32.EXE] C:\WINDOWS\MSXN32.EXE

O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\JAVARG32.EXE

O4 - HKLM\..\RunServices: [NTKG.EXE] C:\WINDOWS\SYSTEM\NTKG.EXE

O4 - HKLM\..\RunServices: [ATLBE32.EXE] C:\WINDOWS\ATLBE32.EXE

O4 - HKLM\..\RunServices: [iPRM.EXE] C:\WINDOWS\IPRM.EXE

O4 - HKLM\..\RunServices: [D3EA.EXE] C:\WINDOWS\D3EA.EXE

O4 - HKLM\..\RunServices: [APPEV.EXE] C:\WINDOWS\APPEV.EXE

O4 - HKLM\..\RunServices: [APIKE32.EXE] C:\WINDOWS\APIKE32.EXE

O4 - HKLM\..\RunServices: [NETZN32.EXE] C:\WINDOWS\NETZN32.EXE

O4 - HKLM\..\RunServices: [MSVM32.EXE] C:\WINDOWS\SYSTEM\MSVM32.EXE

O4 - HKLM\..\RunServices: [MSCT32.EXE] C:\WINDOWS\SYSTEM\MSCT32.EXE

O4 - HKLM\..\RunServices: [MFCPS32.EXE] C:\WINDOWS\SYSTEM\MFCPS32.EXE

O4 - HKLM\..\RunServices: [NTWT32.EXE] C:\WINDOWS\SYSTEM\NTWT32.EXE

O4 - HKLM\..\RunServices: [sYSSJ32.EXE] C:\WINDOWS\SYSSJ32.EXE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM\..\RunServices: [APIOD.EXE] C:\WINDOWS\SYSTEM\APIOD.EXE

O4 - Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - User Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - User Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mwc.edu

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

  1. Run HijackThis (This should, typically, be run from C:\HJT\HijackThis.exe)
    • Click on "Config" in the bottom right corner of the HijackThis window.
    • Make sure that the "Main" tab is selected at the top.
    • Place a checkmark in the box labelled "Make backups before fixing items".
    • Click on "Back" in the bottom right corner.
    • Make sure all Browser windows are closed otherwise it may interfere with the fixing of items.
    • Click on "Scan" and then place a check mark in the following boxes (If they still exist), And click on "Fix Checked":

    • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
      R3 - Default URLSearchHook is missing
      O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
      O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\MSTP32.DLL
      O4 - HKLM\..\Run: [APPZP.EXE] C:\WINDOWS\SYSTEM\APPZP.EXE
      O4 - HKLM\..\Run: [ADDJE32.EXE] C:\WINDOWS\SYSTEM\ADDJE32.EXE
      O4 - HKLM\..\Run: [JAVAWC.EXE] C:\WINDOWS\SYSTEM\JAVAWC.EXE
      O4 - HKLM\..\Run: [MFCPK32.EXE] C:\WINDOWS\SYSTEM\MFCPK32.EXE
      O4 - HKLM\..\RunServices: [MSXN32.EXE] C:\WINDOWS\MSXN32.EXE
      O4 - HKLM\..\RunServices: [JAVARG32.EXE] C:\WINDOWS\JAVARG32.EXE
      O4 - HKLM\..\RunServices: [NTKG.EXE] C:\WINDOWS\SYSTEM\NTKG.EXE
      O4 - HKLM\..\RunServices: [ATLBE32.EXE] C:\WINDOWS\ATLBE32.EXE
      O4 - HKLM\..\RunServices: [iPRM.EXE] C:\WINDOWS\IPRM.EXE
      O4 - HKLM\..\RunServices: [D3EA.EXE] C:\WINDOWS\D3EA.EXE
      O4 - HKLM\..\RunServices: [APPEV.EXE] C:\WINDOWS\APPEV.EXE
      O4 - HKLM\..\RunServices: [APIKE32.EXE] C:\WINDOWS\APIKE32.EXE
      O4 - HKLM\..\RunServices: [NETZN32.EXE] C:\WINDOWS\NETZN32.EXE
      O4 - HKLM\..\RunServices: [MSVM32.EXE] C:\WINDOWS\SYSTEM\MSVM32.EXE
      O4 - HKLM\..\RunServices: [MSCT32.EXE] C:\WINDOWS\SYSTEM\MSCT32.EXE
      O4 - HKLM\..\RunServices: [MFCPS32.EXE] C:\WINDOWS\SYSTEM\MFCPS32.EXE
      O4 - HKLM\..\RunServices: [NTWT32.EXE] C:\WINDOWS\SYSTEM\NTWT32.EXE
      O4 - HKLM\..\RunServices: [sYSSJ32.EXE] C:\WINDOWS\SYSSJ32.EXE
      O4 - HKLM\..\RunServices: [APIOD.EXE] C:\WINDOWS\SYSTEM\APIOD.EXE
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

[*]Please reboot into safe mode - How do I boot into "Safe" mode?

[*]The following DIRECTORY CONTENTS (But not the directory), DIRECTORIES and FILES, need to be deleted while in safe mode. Make sure your settings allow you to view "Hidden files". Open up any explorer window and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". If the files etc listed are not present - Do not worry, just delete those that you can find. If no path is listed, you may need to search for the file(s) - To search, click on "Start" => "Search" => "For Files and Folders" => "All Files and Folders" and type in the file name. You can delete it right from the search results window.

  1. DIRECTORY CONTENTS (But not the directory)
    • %windir%\Temp\
    • %temp%\
    • %userprofile%\Local Settings\Temp\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
    • Click on "Start" => "Settings" => "Control Panel" => "Internet Options". Click on "Delete Files", select "Delete All Offline Content" and click on "OK". <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested. Click on "OK" once more to close the options panel.
    • Right click on "Recycle Bin" and select "Empty Recycle Bin" and respond "Yes" when prompted.

[*]DIRECTORIES


  • Nothing to Delete

[*]FILES

  • C:\WINDOWS\MSTP32.DLL
  • C:\WINDOWS\SYSTEM\APPZP.EXE
  • C:\WINDOWS\SYSTEM\ADDJE32.EXE
  • C:\WINDOWS\SYSTEM\JAVAWC.EXE
  • C:\WINDOWS\SYSTEM\MFCPK32.EXE
  • C:\WINDOWS\MSXN32.EXE
  • C:\WINDOWS\JAVARG32.EXE
  • C:\WINDOWS\SYSTEM\NTKG.EXE
  • C:\WINDOWS\ATLBE32.EXE
  • C:\WINDOWS\IPRM.EXE
  • C:\WINDOWS\D3EA.EXE
  • C:\WINDOWS\APPEV.EXE
  • C:\WINDOWS\APIKE32.EXE
  • C:\WINDOWS\NETZN32.EXE
  • C:\WINDOWS\SYSTEM\MSVM32.EXE
  • C:\WINDOWS\SYSTEM\MSCT32.EXE
  • C:\WINDOWS\SYSTEM\MFCPS32.EXE
  • C:\WINDOWS\SYSTEM\NTWT32.EXE
  • C:\WINDOWS\SYSSJ32.EXE
  • C:\WINDOWS\SYSTEM\APIOD.EXE

[*]Reboot again and log in normally, repost a new HijackThis log into this message for further review.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 4:14:20 PM, on 7/27/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\HPZTSB05.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\MSTP32.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [MFCKS32.EXE] C:\WINDOWS\SYSTEM\MFCKS32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM\..\RunServices: [APIOD.EXE] C:\WINDOWS\SYSTEM\APIOD.EXE

O4 - Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - User Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - User Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mwc.edu

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

 

 

i still get an error in MSTP32.dll when i try to start up IE

Share this post


Link to post
Share on other sites

There are still a few files bothering me.

 

Run through the about:Buster process again as per (We are adding a safe mode procedure to the steps):

  1. Please download About:Buster from any of the following locations:

[*]Please boot into Safe Mode - How do I boot into "Safe" mode?

[*]Unzip the about:buster program previously downloaded to your desktop.

[*]Double click it and hit "Ok".

[*]Click "Start".

[*]Select "Ok" to start the scan.

[*]The scan should take a few seconds.

[*]Once it is done save the report.

[*]Reboot and sign in normally.

[*]Post the results of the report and a fresh HijackThis log for review.

Share this post


Link to post
Share on other sites

sorry bout the wait

 

-- Scan 1 --------

About:Buster Version 1.32

Removed! : C:\WINDOWS\kcxief.dat

Removed! : C:\WINDOWS\SYSTEM\xgycp.dat

Error Removing! : C:\WINDOWS\SYSTEM\wines32.exe

Error Removing! : C:\WINDOWS\SYSTEM\javaik.exe

Removed! : C:\WINDOWS\SYSTEM\xgycp.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 1.32

Error Removing! : C:\WINDOWS\SYSTEM\wines32.exe

Error Removing! : C:\WINDOWS\SYSTEM\javaik.exe

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

Logfile of HijackThis v1.98.0

Scan saved at 8:30:08 PM, on 7/27/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM\WINES32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\HPZTSB05.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\JAVAIK.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\xgycp.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xgycp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xgycp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\xgycp.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\xgycp.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xgycp.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\MSTP32.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [MFCKS32.EXE] C:\WINDOWS\SYSTEM\MFCKS32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM\..\RunServices: [APIOD.EXE] C:\WINDOWS\SYSTEM\APIOD.EXE

O4 - HKLM\..\RunServices: [WINES32.EXE] C:\WINDOWS\SYSTEM\WINES32.EXE

O4 - Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: VAIO ACTION SETUP (SERVER).LNK = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - User Startup: ADOBE GAMMA LOADER.EXE.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - User Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - User Startup: ADOBE GAMMA LOADER.LNK = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mwc.edu

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

sorry that wasnt in safe mode

 

-- Scan 1 --------

About:Buster Version 1.32

Removed! : C:\WINDOWS\SYSTEM\xgycp.dll

Removed! : C:\WINDOWS\SYSTEM\wines32.exe

Removed! : C:\WINDOWS\SYSTEM\javaik.exe

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 1.32

Attempted Clean Of Temp folder.

Pages Reset... Done!

Share this post


Link to post
Share on other sites

Can you run it once more in normal mode and post a fresh HijackThis log?

 

Thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0