Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
after i just uploaded my norton antivirus & rebooted the pc, then after the windows started my antivirus removed something then after that, 2 messageS appeared that says: Could not load or run FNTLDR.exe specified in the WIN.INI file. Make sure the file existson your computer or remove the reference to it in the WIN.INI file... Cant find file FNTLDR.EXE( or one of its components). Make sure the path & filename are correct & that all required libraries are available.... all this happened yesterday, so anyone tell me what this means, what FNTLDR.exe is, & how do i get rid of the 2 messages that appear everytime i the windows starts...... pls anyone tell me what to do...
Hi
That is left over from the file norton removed.
There are win.ini and registry items to remove to stop that error.
I would guess that the file norton found was Adware.SearchCounter.If you feel comfortable editing the registry and the win.ini file...follow instructions here:
http://securityresponse.symantec.com/avcenter/venc/data/adware.searchcounter.html
If not...download Hijackthis from this link:
http://www.majorgeeks.com/download3155.html
Use the BTN mirror....it is the only one that will work at this time. The author's site is also not working right now.
Save the download and unzip to its own folder, double click to start program, hit scan, the scan button changes to "save log" button, click save log, save the log to same folder, it will open in notepad, copy/paste the whole log in reply.
Please DO NOT fix anything with it yet....most of the things you see in scan are safe or even essential! We will tell you what needs fixing.
Once we fix that..next step will be tools to help protect you from that kind of thing.I never give up!
0 
so wat does the fntldr.exe & ADWARE.SEARCHCOUNTER do to my computer? and how do i get rid of the 2 messages that says cant find & load fntldr.exe that stuff?? i'm not an expert on pc fixing so can u tell me how to pls..... and thnx....
0
Pau
The file fntldr.exe is one of the many varients of cool web search hijack which hijacks your internet explorer, causing searches you try to do to be redirected to cool web's crappy site displaying "results" mostly of adult nature, online gambling, etc.
Adware searchcounter is another hijacker ...does pretty much the same thing besides adding crappy links in your favorites list, and causing popups.Go to this site:
http://www.lurkhere.com/~nicefiles/
Download the version of CWShredder from there, and HijackThis,
Unzip Cwshredder and double click to run tool> close all open windows except cwshredder> click "fix" not just scan. It will tell you what was fixed.
Reboot and run the tool again just to make sure all was removed.
***note*** There is an update feature in the tool...I don't recommend using it as the newer versions are causing all kinds of problems...besides the site that normally hosts the tool is down right now. The version I posted is safe...should be 1.44.08.Unzip HijackThis to its own folder, double click hijackthis.exe, click "scan", the scan button changes to "save log" button. Click save log, save it to the same folder.
The log file will open up in notepad...hit ctrl+a to select all the text, right click, select "copy", right click in reply here, select paste.
We will read your log to see what else need doing (if anything)
Please do not fix anything yet....most things in the log are safe or essential.
I will check back in a bit...
I never give up!
0
I just updated Grisoft AVG 6.0 and when I restarted computer I got a meesage that 'trojan horse was in windows\FNTLDR.exe'. I am not computer literate and it took a while to get to where an anti virus scan could be done. The AVG scan identified 2 files that it recommended isolating in a "Virus Vault'. I did that an every time i start the computer i get the message "Could not load or run FNTLDR.exe specified in the WIN.INI file. Make sure the file existson your computer or remove the reference to it in the WIN.INI file..."
Now besides getting this message constantly, i have 2 contaminated files. Can someone help me? Thanks tom
0
so how do i remove the message "could not run.....blahblahblah"??? can u help me how to remove it too blender???
0
Pau and Mulli
Please go to :
Download Hijackthis to its own folder.
Double click to start the program
Click scan
The scan button changes to "save log" button
Click save log
Save it to same folder
It will open up in notepad.
Hit ctrl+a keys at the same time
Right click the greyed text
Select copy
Paste the results here.Don't have it fix anything yet....most items in the log are safe or even essential!
I need to see the log in order to help you fix those errors.
By doing that Hijack is not doing anything yet...it is just drawing up a log file to show everything that is going on with internet explorer and whatever else is starting up.Thanks!
I never give up!
0
Hi Blender: I believe I've resolved my problems, which were
1. “RUN FNTLDR.EXE” was specified in REGISTRY and trying to run every time the computer was started.
2. There were 2 contaminated files in the AVG 'Virus Vault' identified as
C:\WINDOWS\FNTLDR.exe Trojan Horse Startpage.DM
C:\WINDOWS\SYSTEM\SOUND MX.exe Trojan Horse Startpage.DM
I called A Best Buy outlet and a technician told me how to use ‘msconfig’ to get that error message to stop for ‘RUN FNTLDR.EXE’ on start-up.
He also suggested that I go to securityresponse@symatec.com for an independent virus check of the computer. The results were 11681 files scanned – 0 infected. That told me the viruses were isolated in the AVG ‘virus vault’.Now I had to clean up the registry and find out how whether or not there was anything of value in the isolated files.
I went to the site you recommended to clean up the registry: http://securityresponse.symantec.com/avcenter/venc/data/adware.searchcounter.html
I followed the instructions to get “RUN FNTLDR.EXE” out of the registry using ‘Start’ ‘run’ and typing in “edit c:\windows\win.ini”. The independent virus check using securityresponse@symatec.com told me the viruses were isolated in the AVG ‘virus vault’.
I was now confident the ‘C:\WINDOWS\FNTLDR.EXE’ file in the virus vault could be removed and I deleted it.Then I did a search on Computing.Net to find out what ‘SOUND MX.EXE’ was and discovered it is another Trojan horse virus that was attached to the Internet Explorer. I immediately deleted it from the ‘virus vault’ and used ‘Tufenuf’s’ instructions on the use of ‘regedit’ to get it out of the registry and clean the Internet Explorer.
I have done several anti virus tests since and run most of the programs. Everything seems to be be o.k.
Thank you, Blender, Tufenuf, and Computer.Net!!
0
Mulli
Glad to hear you got it all worked out.
Take care and all the best!
_____________________
I never give up!
0
here's the results of the scan:
Logfile of HijackThis v1.97.7
Scan saved at 3:22:02 PM, on 2/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\OFFICE51\SOINTGR.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.exe
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\ATICWD32.exe
C:\WINDOWS\SYSTEM\ATITASK.exe
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.exe
C:\WINDOWS\SYSTEM\LXSUPMON.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.exe
C:\PROGRAM FILES\VISIONEER\PAPERPORT\PPWEBCAP.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.exe
C:\WINDOWS\SYSTEM\LEXPPS.exe
C:\MY DOCUMENTS\PAUL'S MP3\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://awebfind.biz/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.loosemark.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F1 - win.ini: run=fntldr.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_4_0.DLL
O2 - BHO: (no name) - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRA~1\ICHOOSE\BPIECL~1.DLL
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\WINTX\MSIESH.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\1.BIN\MWSSRCAS.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_4_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.exe /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.exe RUN
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.exe -b
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.exe
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRAM FILES\VISIONEER\PAPERPORT\PPWebCap.exe
O4 - Startup: PalNetaware.lnk = ?
O4 - Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37746.4773958333
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {C14B4055-A29B-420C-9D24-71C04956189C} - http://www.myfreecursors.com/cursors/saddam.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
0
pau
Wow....quite a bit of work to do...
First download CWShredder from here:
It may take a few tries because server is so busy with download requests but works well.
Unzip it, close all windows except shredder, and double click to run the tool.
Reboot the machine and run it again to make sure it cleaned everything.
Reboot again if shredder cleaned out more stuff.
Next Place HijackThis in its own folder...it makes backups and will make a big mess of your mp3 folder.
Start hijackthis and place a check in front of these entries that remain:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://awebfind.biz/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://awebfind.biz/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.loosemark.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscatedF1 - win.ini: run=fntldr.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearchO2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\WINTX\MSIESH.DLL
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.exe -b
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exeO4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {C14B4055-A29B-420C-9D24-71C04956189C} - http://www.myfreecursors.com/cursors/saddam.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cabO19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
Close all open windows except hijack and click "fix checked"Reboot the machine to SAFE mode (tap f8 at bootup) and delete the following:
c:\windows\system\winstart001.exe <- this file
c:\windows\system\soundmx.exe <- this file
c:\program files\common files\GMT\GMT.exe <- file and folder
c:\program files\common files\CMEII\CMESYS.exe <- file and folderReboot the machine to normal windows.
If you don't use my websearch toolbar or don't know why it is there...you can remove it with add/remove programs in control panel.
Post fresh hijack log when done.
___________________________I never give up!
0
hey i followed wut u told pau to do i hav the same 2 errors popup on startup could u help me by ne chance?? if u can heres my log file
THNX!! o(^_^)oLogfile of HijackThis v1.97.7
Scan saved at 5:26:07 PM, on 3/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\ISTSVC\ISTSVC.exe
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.exe
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=102828
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=102828
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cokemusic.com/home/index.jsp?section=games
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=102828
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?cxlow (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?cxlow about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?cxlow (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://in.webcounter.cc/-/?cxlow about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
F1 - win.ini: run=fntldr.exe
O1 - Hosts: 1089288654 auto.search.msn.com
O1 - Hosts: 216.93.168.167 auto.search.msn.com
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\WINUE\MSIESH.DLL
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\1.BIN\MWSSRCAS.DLL
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEKI\IEKI.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\IEKI\MSSEARCH.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWAY\BAR\1.BIN\MWSOEMON.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.exe
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\180SOLUTIONS\MSBB.exe
O4 - HKLM\..\Run: [obcbatqr] C:\WINDOWS\SYSTEM\lrawisyg.exe
O4 - HKLM\..\Run: [SVYCFILP] C:\WINDOWS\SVYCFILP.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\RunServices: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - Startup: ShortKeys Lite.lnk = C:\Program Files\shortkey\SHORTKEY.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37997.3797453704
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/payload2.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdplugin_1015_bundle43v1d12.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.d2jsp.org:8000/java/cr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
im only 14 and i fvck up my computer alotim only 14 and i fvck up my computer alot
0
stefan1212
We have a fair bit of work to do here...
Then once you are cleaned up, we will look at a few free programs to help protect you.First download CWShredder from here:
Once downloaded, unzip it, then disconnect your internet, double click CWShredder.exe to start it.
Next close all windows except cwshredder as well as any other programs like windows media player, notepad, things like that.
Click the next button.
If you get a popup asking about a random file name...write it down exactly like it says and click "NO".
There will be a few more popups telling you to shut off some programs...make sure they are not running and click ok on each popup.When CWShredder is done click next, click exit.
Reboot the computer.
Next go back online and download this program:
Install it, once installed click the "online" button.
Click "search for updates"
Make sure all in the list are checked and click "download updates"
Spybot will restart itself.Now go offline again and shut off computer for 30 seconds to clear memory.
Restart computer...as it is starting tap the f8 key until you see the black screen with boot menu.
Use your arrow keys to choose safe mode, then hit enter.
The graphics will look funny (thats normal for safe mode) and it will take a bit longer than normal to boot.
Click yes or ok on next window
Start spybot again, and click "check for problems"
When scan is done make sure all items in red are checked.
Click "fix selected problems"Reboot the computer to regular windows (just let it boot)
Another program to download:
Once that is downloaded, install it, start it, and click the globe icon, click connect, click ok to install update.
Shut down and restart ad-aware.
Set it up like this:Click the gear at top
Click scanning at left
Checkmark everything you can in there
Click tweak at left
Expand the + beside scanning engine
Checkmark "unload recognizes processes during scanning"
Expand the + beside cleaning engine
Checkmark "let windows remove files in use at next reboot"
Click "proceed" at bottom
Click start
Click use custom scanning options.
Make sure "activate in depth scan" is green.
Go offline again
Click next to start scan
When its done click next
Right click in the window and click the select all at top of popup menu.Reboot computer again.
Connect to net again and go here for virus scan:
It will ask you if you want to download an active x control....make sure it says RAV antivirus virus scan, and click yes. It will take a few minuites to load.
When it says ready, click scan my computer.It will take a while...go have a pop or something.
When the scan is done, copy/paste results here along with new hijack log.
We will still have some stuff to fix.
And please stay away from those nasty sites or download anything else till we get your computer cleaned up. (this is important.)
___________________________
I never give up!
0
could you help me too please? i have the same problem!
here is my log file:Logfile of HijackThis v1.97.7
Scan saved at 12:00:44 PM, on 3/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\TCDPLAY.DRV
C:\WINDOWS\SYSTEM\TWBROWSE.DRV
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\S3SYSKEY.exe
C:\TOSHIBA\MOUSE\TMOUSE.exe
C:\WINDOWS\SYSTEM\TOSHIBSU.exe
C:\WINDOWS\SYSTEM\PSPCCARD.exe
C:\WINDOWS\SYSTEM\PWRTRAY.exe
C:\WINDOWS\SYSTEM\TESCKEY.exe
C:\WINDOWS\SYSTEM\TFUNCKEY.exe
C:\WINDOWS\SYSTEM\THOTKEY.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.exe
C:\WINDOWS\SYSTEM\HPZIPM12.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\ZIPFORWARD\ZIPFORWARD.exe
C:\WINDOWS\ZIPFORWARDCACHE\HIJACKTHIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/h.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated)
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.exe
O4 - HKLM\..\Run: [PsPCCard] PsPCCard.exe
O4 - HKLM\..\Run: [PowerTray] PwrTray.exe
O4 - HKLM\..\Run: [TEscKey] TESCKEY.exe
O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.exe
O4 - HKLM\..\Run: [THotkey] THotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.Drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.Drv
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38012.7357638889
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.103.183.237/activex/AxisCamControl.ocx
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O19 - User stylesheet: (file missing)
0
Attention am a novice user pls explain in laymans terms
Logfile of HijackThis v1.97.7
Scan saved at 1:32:13 AM, on 3/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\IGFXTRAY.exe
C:\WINDOWS\SYSTEM\HKCMD.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\WINAMP\WINAMPA.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.exe
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\PROGRAM FILES\DAP\DAP.exe
C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
F1 - win.ini: run=fntldr.exe hpfsched
O1 - Hosts: 1089288654 auto.search.msn.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\PROGRAM FILES\E2G\IEBHOS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [Hot_in] C:\Program Files\GMSoft\Dialers\Hot_in\Hot_in.exe /dontdial
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.lyricsdomain.com/download.mp3.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://mywebpage.netscape.com/fullalbumsplugin/full_albums.exe
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
0
I am having the problem with fntldr.exe error message on startup. I have run HijackThis and am attaching the log file.
Can you please help me?
Thank you Thank you Thank you!!Logfile of HijackThis v1.97.7
Scan saved at 8:41:36 AM, on 03/25/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\IOMON98.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\EXPLORER.exe
C:\OPLIMIT\OCRAWARE.exe
C:\OPLIMIT\OCRAWR32.exe
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\WEBTRAP.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\TEXTBRIDGE PRO 98\BIN\INSTANTACCESS.exe
C:\WINDOWS\STARTER.exe
C:\PROGRAM FILES\KIC\KICMON.exe
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.exe
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.exe
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.exe
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.exe
C:\TOOLS_95\IOWATCH.exe
C:\TOOLS_95\IMGICON.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.exe
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.exe
C:\WINDOWS\SYSTEM\HPOMLCH.exe
C:\PROGRAM FILES\FAST BROWSER\PRO\FASTBROWSER.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\WINZIP\WINZIP32.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?toaqy (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?toaqy about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?toaqy (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?toaqy (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:6502
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.worldmpeg.com/j.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=fntldr.exe
O1 - Hosts: 1089288654 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.exe
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1\BIN\INSTAN~1.exe /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\BIN\REGIST~1.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [KeepItClean] "C:\PROGRAM FILES\KIC\kicmon.exe" background
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\BIN\REGIST~1.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.exe
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.exe
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Save As Scholar's Aid WebNote (HKLM)
O9 - Extra 'Tools' menuitem: Save As Scholar's Aid WebNote (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://spystream.babenet.com/cabs/videox.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/controls/iptdweb/ikcntrls.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://66.28.45.60/Download_Plugin.exe
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://www.ultimxxx.net/exefiles/022111.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37623.2309027778
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://goinnow.com/plugin/110231.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1636b76df43c76d2a101/netzip/RdxIE601.cab
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
Clint
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
