Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijack this log help for window me


  • This topic is locked This topic is locked
3 replies to this topic

#1 windowsme

windowsme

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 25 February 2007 - 10:28 PM

[font=Arial]computer is slowing down with spyware problems help please

ogfile of HijackThis v1.99.1
Scan saved at 10:01:37 PM, on 2/25/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\WINWV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APIDB.EXE
C:\WINDOWS\SYSTEM\NTOA.EXE
C:\WINDOWS\SYSTEM\ADDYA.EXE
C:\WINDOWS\SYSTEM\NTLT.EXE
C:\WINDOWS\SYSTEM\MSAV32.EXE
C:\WINDOWS\WINEF.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\ATLED.EXE
C:\WINDOWS\SYSTEM\NETVW32.EXE
C:\WINDOWS\IERO32.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\NTTI.EXE
C:\WINDOWS\SDKNR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\CRPK.EXE
C:\WINDOWS\CRNB32.EXE
C:\WINDOWS\IPNS.EXE
C:\WINDOWS\SYSTEM\ADDFV32.EXE
C:\WINDOWS\SYSTEM\CRNR.EXE
C:\WINDOWS\SYSTEM\ADDFP32.EXE
C:\WINDOWS\JAVAPJ32.EXE
C:\WINDOWS\SYSTEM\NETCU32.EXE
C:\WINDOWS\CRRS32.EXE
C:\WINDOWS\ADDEZ.EXE
C:\WINDOWS\MSIN.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\NETVX32.EXE
C:\WINDOWS\SYSTEM\APPLB32.EXE
C:\WINDOWS\JAVASO.EXE
C:\WINDOWS\SYSTEM\JAVATA32.EXE
C:\WINDOWS\SYSTEM\IPQK32.EXE
C:\WINDOWS\IPTD32.EXE
C:\WINDOWS\SYSTEM\D3GA.EXE
C:\WINDOWS\SDKTD.EXE
C:\WINDOWS\SYSTEM\NTEX32.EXE
C:\WINDOWS\ATLSU32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IPNF.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\PROGRAM FILES\A.C\SCROLL-IN-MOUSE V2.12\SCROLL.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CRNR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APIDB.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\WINEF.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\SYSTEM\NETCU32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\APPOU32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ADDEZ.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\NTLT.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {A8C8EC41-2064-11BF-72C0-1F7287B758A0} - C:\WINDOWS\SYSTEM\MSGH32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPNF.EXE] C:\WINDOWS\SYSTEM\IPNF.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [WINWV.EXE] C:\WINDOWS\WINWV.EXE /s
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [APPIR.EXE] C:\WINDOWS\APPIR.EXE /s
O4 - HKLM\..\RunServices: [APIDB.EXE] C:\WINDOWS\APIDB.EXE /s
O4 - HKLM\..\RunServices: [NTOA.EXE] C:\WINDOWS\SYSTEM\NTOA.EXE /s
O4 - HKLM\..\RunServices: [ADDYA.EXE] C:\WINDOWS\SYSTEM\ADDYA.EXE /s
O4 - HKLM\..\RunServices: [NTLT.EXE] C:\WINDOWS\SYSTEM\NTLT.EXE /s
O4 - HKLM\..\RunServices: [MSAV32.EXE] C:\WINDOWS\SYSTEM\MSAV32.EXE /s
O4 - HKLM\..\RunServices: [WINEF.EXE] C:\WINDOWS\WINEF.EXE /s
O4 - HKLM\..\RunServices: [CROA.EXE] C:\WINDOWS\CROA.EXE /s
O4 - HKLM\..\RunServices: [ATLED.EXE] C:\WINDOWS\ATLED.EXE /s
O4 - HKLM\..\RunServices: [NETVW32.EXE] C:\WINDOWS\SYSTEM\NETVW32.EXE /s
O4 - HKLM\..\RunServices: [IERO32.EXE] C:\WINDOWS\IERO32.EXE /s
O4 - HKLM\..\RunServices: [SYSTX32.EXE] C:\WINDOWS\SYSTEM\SYSTX32.EXE /s
O4 - HKLM\..\RunServices: [NTTI.EXE] C:\WINDOWS\NTTI.EXE /s
O4 - HKLM\..\RunServices: [SDKNR.EXE] C:\WINDOWS\SDKNR.EXE /s
O4 - HKLM\..\RunServices: [CRPK.EXE] C:\WINDOWS\CRPK.EXE /s
O4 - HKLM\..\RunServices: [CRNB32.EXE] C:\WINDOWS\CRNB32.EXE /s
O4 - HKLM\..\RunServices: [IPNS.EXE] C:\WINDOWS\IPNS.EXE /s
O4 - HKLM\..\RunServices: [ADDFV32.EXE] C:\WINDOWS\SYSTEM\ADDFV32.EXE /s
O4 - HKLM\..\RunServices: [CRNR.EXE] C:\WINDOWS\SYSTEM\CRNR.EXE /s
O4 - HKLM\..\RunServices: [ADDFP32.EXE] C:\WINDOWS\SYSTEM\ADDFP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPJ32.EXE] C:\WINDOWS\JAVAPJ32.EXE /s
O4 - HKLM\..\RunServices: [NETCU32.EXE] C:\WINDOWS\SYSTEM\NETCU32.EXE /s
O4 - HKLM\..\RunServices: [CRRS32.EXE] C:\WINDOWS\CRRS32.EXE /s
O4 - HKLM\..\RunServices: [ADDEZ.EXE] C:\WINDOWS\ADDEZ.EXE /s
O4 - HKLM\..\RunServices: [MSIN.EXE] C:\WINDOWS\MSIN.EXE /s
O4 - HKLM\..\RunServices: [MFCDZ32.EXE] C:\WINDOWS\MFCDZ32.EXE /s
O4 - HKLM\..\RunServices: [NETVX32.EXE] C:\WINDOWS\NETVX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB32.EXE] C:\WINDOWS\SYSTEM\APPLB32.EXE /s
O4 - HKLM\..\RunServices: [JAVASO.EXE] C:\WINDOWS\JAVASO.EXE /s
O4 - HKLM\..\RunServices: [JAVATA32.EXE] C:\WINDOWS\SYSTEM\JAVATA32.EXE /s
O4 - HKLM\..\RunServices: [IPQK32.EXE] C:\WINDOWS\SYSTEM\IPQK32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [D3GA.EXE] C:\WINDOWS\SYSTEM\D3GA.EXE /s
O4 - HKLM\..\RunServices: [SDKTD.EXE] C:\WINDOWS\SDKTD.EXE /s
O4 - HKLM\..\RunServices: [NTEX32.EXE] C:\WINDOWS\SYSTEM\NTEX32.EXE /s
O4 - HKLM\..\RunServices: [ATLSU32.EXE] C:\WINDOWS\ATLSU32.EXE /s
O4 - HKLM\..\RunServices: [APPOU32.EXE] C:\WINDOWS\APPOU32.EXE /s
O4 - Startup: Scroll-In-Mouse V2.12.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.12\Scroll.exe
O4 - Startup: NetMedia.lnk = C:\Program Files\NetMedia\Versato.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 March 2007 - 07:45 AM

Hello and welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 windowsme

windowsme

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 05 March 2007 - 12:06 AM

Have not been able to start cleaning the spyware or whatever is starting on my windows ME machine. It is slowed down or overloaded to the point of not being able to run standard programs. Would like to clean it up some to donate to for use by the kids. here is a repost of my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:50:56 PM, on 3/4/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\WINWV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APIDB.EXE
C:\WINDOWS\SYSTEM\NTOA.EXE
C:\WINDOWS\SYSTEM\ADDYA.EXE
C:\WINDOWS\SYSTEM\NTLT.EXE
C:\WINDOWS\SYSTEM\MSAV32.EXE
C:\WINDOWS\WINEF.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\ATLED.EXE
C:\WINDOWS\SYSTEM\NETVW32.EXE
C:\WINDOWS\IERO32.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\NTTI.EXE
C:\WINDOWS\SDKNR.EXE
C:\WINDOWS\CRPK.EXE
C:\WINDOWS\CRNB32.EXE
C:\WINDOWS\IPNS.EXE
C:\WINDOWS\SYSTEM\ADDFV32.EXE
C:\WINDOWS\SYSTEM\CRNR.EXE
C:\WINDOWS\SYSTEM\ADDFP32.EXE
C:\WINDOWS\JAVAPJ32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\NETCU32.EXE
C:\WINDOWS\CRRS32.EXE
C:\WINDOWS\ADDEZ.EXE
C:\WINDOWS\MSIN.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\NETVX32.EXE
C:\WINDOWS\SYSTEM\APPLB32.EXE
C:\WINDOWS\JAVASO.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\JAVATA32.EXE
C:\WINDOWS\SYSTEM\IPQK32.EXE
C:\WINDOWS\IPTD32.EXE
C:\WINDOWS\SYSTEM\D3GA.EXE
C:\WINDOWS\SDKTD.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\NTEX32.EXE
C:\WINDOWS\ATLSU32.EXE
C:\WINDOWS\APPOU32.EXE
C:\WINDOWS\SYSTEM\MFCMY.EXE
C:\WINDOWS\SYSTEM\NTHR32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\IPNF.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\PROGRAM FILES\A.C\SCROLL-IN-MOUSE V2.12\SCROLL.EXE
C:\PROGRAM FILES\NETMEDIA\VERSATO.EXE
C:\PROGRAM FILES\NETMEDIA\OSD.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\SYSTEM\MSAV32.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megavision.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qgiad.dll/sp.html#37049%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {144EFEB3-D791-B28B-9BAE-14CE58C99001} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPNF.EXE] C:\WINDOWS\SYSTEM\IPNF.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [WINWV.EXE] C:\WINDOWS\WINWV.EXE /s
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [APPIR.EXE] C:\WINDOWS\APPIR.EXE /s
O4 - HKLM\..\RunServices: [APIDB.EXE] C:\WINDOWS\APIDB.EXE /s
O4 - HKLM\..\RunServices: [NTOA.EXE] C:\WINDOWS\SYSTEM\NTOA.EXE /s
O4 - HKLM\..\RunServices: [ADDYA.EXE] C:\WINDOWS\SYSTEM\ADDYA.EXE /s
O4 - HKLM\..\RunServices: [NTLT.EXE] C:\WINDOWS\SYSTEM\NTLT.EXE /s
O4 - HKLM\..\RunServices: [MSAV32.EXE] C:\WINDOWS\SYSTEM\MSAV32.EXE /s
O4 - HKLM\..\RunServices: [WINEF.EXE] C:\WINDOWS\WINEF.EXE /s
O4 - HKLM\..\RunServices: [CROA.EXE] C:\WINDOWS\CROA.EXE /s
O4 - HKLM\..\RunServices: [ATLED.EXE] C:\WINDOWS\ATLED.EXE /s
O4 - HKLM\..\RunServices: [NETVW32.EXE] C:\WINDOWS\SYSTEM\NETVW32.EXE /s
O4 - HKLM\..\RunServices: [IERO32.EXE] C:\WINDOWS\IERO32.EXE /s
O4 - HKLM\..\RunServices: [SYSTX32.EXE] C:\WINDOWS\SYSTEM\SYSTX32.EXE /s
O4 - HKLM\..\RunServices: [NTTI.EXE] C:\WINDOWS\NTTI.EXE /s
O4 - HKLM\..\RunServices: [SDKNR.EXE] C:\WINDOWS\SDKNR.EXE /s
O4 - HKLM\..\RunServices: [CRPK.EXE] C:\WINDOWS\CRPK.EXE /s
O4 - HKLM\..\RunServices: [CRNB32.EXE] C:\WINDOWS\CRNB32.EXE /s
O4 - HKLM\..\RunServices: [IPNS.EXE] C:\WINDOWS\IPNS.EXE /s
O4 - HKLM\..\RunServices: [ADDFV32.EXE] C:\WINDOWS\SYSTEM\ADDFV32.EXE /s
O4 - HKLM\..\RunServices: [CRNR.EXE] C:\WINDOWS\SYSTEM\CRNR.EXE /s
O4 - HKLM\..\RunServices: [ADDFP32.EXE] C:\WINDOWS\SYSTEM\ADDFP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPJ32.EXE] C:\WINDOWS\JAVAPJ32.EXE /s
O4 - HKLM\..\RunServices: [NETCU32.EXE] C:\WINDOWS\SYSTEM\NETCU32.EXE /s
O4 - HKLM\..\RunServices: [CRRS32.EXE] C:\WINDOWS\CRRS32.EXE /s
O4 - HKLM\..\RunServices: [ADDEZ.EXE] C:\WINDOWS\ADDEZ.EXE /s
O4 - HKLM\..\RunServices: [MSIN.EXE] C:\WINDOWS\MSIN.EXE /s
O4 - HKLM\..\RunServices: [MFCDZ32.EXE] C:\WINDOWS\MFCDZ32.EXE /s
O4 - HKLM\..\RunServices: [NETVX32.EXE] C:\WINDOWS\NETVX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB32.EXE] C:\WINDOWS\SYSTEM\APPLB32.EXE /s
O4 - HKLM\..\RunServices: [JAVASO.EXE] C:\WINDOWS\JAVASO.EXE /s
O4 - HKLM\..\RunServices: [JAVATA32.EXE] C:\WINDOWS\SYSTEM\JAVATA32.EXE /s
O4 - HKLM\..\RunServices: [IPQK32.EXE] C:\WINDOWS\SYSTEM\IPQK32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [D3GA.EXE] C:\WINDOWS\SYSTEM\D3GA.EXE /s
O4 - HKLM\..\RunServices: [SDKTD.EXE] C:\WINDOWS\SDKTD.EXE /s
O4 - HKLM\..\RunServices: [NTEX32.EXE] C:\WINDOWS\SYSTEM\NTEX32.EXE /s
O4 - HKLM\..\RunServices: [ATLSU32.EXE] C:\WINDOWS\ATLSU32.EXE /s
O4 - HKLM\..\RunServices: [APPOU32.EXE] C:\WINDOWS\APPOU32.EXE /s
O4 - HKLM\..\RunServices: [MFCMY.EXE] C:\WINDOWS\SYSTEM\MFCMY.EXE /s
O4 - HKLM\..\RunServices: [NTHR32.EXE] C:\WINDOWS\SYSTEM\NTHR32.EXE /s
O4 - Startup: Scroll-In-Mouse V2.12.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.12\Scroll.exe
O4 - Startup: NetMedia.lnk = C:\Program Files\NetMedia\Versato.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 March 2007 - 04:07 PM

Do you still have your Windows ME cd? The best thing you could do is reformat and re-install windows.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users