Tech Support banner

Status
Not open for further replies.
1 - 20 of 23 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter #1
Today when I came back from school and hopped onto my computer, I did a few things. First, I checked the progress on my Overnet downloads :)angel: ), then I went into my folder where I put all my downloaded stuff (from the internet, like demo's of games, and SpyBot, and PG, and others) and changed all of their names so I could share them on Overnet, aka: so they would make more sense to people trying to download them (ex: I changed ss2 to System Shock 2 DEMO). I changed some "read-only" file names, also, since some of the downloads were "read-only". Finally, I went into msconfig and stopped a few programs from starting up. Those were:

TkBellExe
updater
winnet

TkBellExe is something to do with RealPlayer, updater is that Windows Update auto-thingy, and winnent is something I don't know about, but it didn't do anything when I stopped it from running (Ctrl+Alt+Del, then stopped it), so I thought "whatever" and stopped it.

So, I restart my computer, and now I can't access the internet, and I can't play any games (like CounterStrike and Age Of Empires 2) :upset: It keeps giving me error messages, and all of them have to do with Kernel.32.dll
MSN Messenger does it, RUNDLL does it (RUN does it whenever I try to go on the internet), and whenever I try to play a game it does it.

Anyone have any suggestions? I have Windows ME, and it has been working perfectly until just about an hour ago! I went back (after a few restarts and tests) into msconfig and put TkBellExe, update, and winnet (though there was another copy of winnet in there when I checked, and another copy that was deselected...that was strange, so I unchecked the new one and rechecked the old one, to no avail) back so that they started when the computer did, but I'm still getting errors!

Thanks for your help!

-ScatMasterX
 

·
ID10T Circuit replacement
Joined
·
1,038 Posts
You may have a virus. Try going to symantec.com or mcafee.com and try doing some type of online virus scan.

Let me know what you find out. I am not sure which virus, but if you could provide the program names associated with the winnet and the other one.
 

·
ID10T Circuit replacement
Joined
·
1,038 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter #4
Yes, it is a virus:angry2:

It's the Trojan.Download.Swizz virus, and it seems to have corrupted my Kernel 32.dll file...**** Overnet...

I ran Norton Antivirus 2003 and it found it. I immediately quarintined and deleted it, but I'm afraid it did it's damage (I'm still getting those errors).

So now the question is:

How can I fix my Kernel 32.dll file?

Thanks!

-ScatMasterx
 

·
ID10T Circuit replacement
Joined
·
1,038 Posts
Do a find for *.cab either on the hard drive, or on the ME cd. In the containing text box type kernel32.dll.

When it finds the cab file, double click it, right click on kernel32.dll and extract it to c:\windows\system. If it prompts, let it overwrite the file.

If it won't let you overwrite the file, extract it to c:\.
Boot to dos (use windows 98 or other bootable disk) Then at the c prompt type

copy c:\kernel32.dll c:\windows\system\kernel32.dll
 

·
Registered
Joined
·
15 Posts
Discussion Starter #6
AHHH!
I think I just royally screwed up my computer:no: :upset:

I did as you said, and I found the kernel32.dll file in a zip file called "Win_11". So, I made a Windows ME boot disk (so I could boot into DOS) and tried all of these commands:

copy c:\kernel32.dll c:\windows\system\kernel32.dll
Recieved: error message, saying it couldn't find c:\kernel32.dll

copy c:\windows\options\cabs\win_11\kernel32.dll c:\windows\system\kernel32.dll
Recieved: First, let me explain that the first part after "copy" was where I had found the WIN_11 zip file. However, it still gave me that error (where it couldn't find the file I specified after the "copy" command)

copy c:\windows\options\cabs\win_11 c:\windows\system
Recieved: same error message

copy c:\windows\options\cabs\win_11 c:\windows\system\kerne32.dll
Recieved: same error message

copy c:\windows\options\cabs\win_11.cab c:\windows\system\kernel32.dll
Recieved: This one finally worked. But, I guess I made a grave mistake in assuming that the .cab file would unzip itself and replace the corrupted kernel32.dll file with the one it had. I said "Y" when it prompted "Are you sure you want to overwrite blah blah?", and the deed was done.

So, I restarted my computer, and it got to the Windows ME start-up thingy, and immediately shutdown. Uh oh. I started it back up and went into safe mode. It hung at "It is now safe to shut your computer off" for 5 minutes. Nothing worked, so I had to shut it down. I turned it on again; safe mode; same thing. Uh oh.

I went back into DOS and tried replacing the file with kernel32.dll from the .cab file, using the prompts I tried above again. I think I ended up copying the WIN_11.cab file into the Windows\system folder and into the windows folder.

What happened!? I think I rewrote the .cab file (which is in ZIP form) over my useless-but-still-functioning-enough-so-that-I-could-do-basic-stuff kernel32.dll file. I think that file is GONE.

Sigh.

Any ideas on how to fix my dilemma? You've been a great help thus far, it's just that I've been too eager to get my computer back and working up-to-speed again. I should have posted another question (gee, the prompts I'm trying aren't working...could somene help me?) instead of blindly going off on another tangent. I think all I need to do is find a way to unzip the WIN_11.cab file and extract the kernel32.dll file into c:\windows\sytem

Sigh.

Any help is appreciated!

-ScatMasterX

PS: I couldn't extract kernel32.dll from the .cab file in windows because it said that "Kernel32.dll is being used by another program", even though I ctrl+alt+del(eted) everything from running except Explorer...guess Explorer was using it...
 

·
ID10T Circuit replacement
Joined
·
1,038 Posts
Keyword. EXTRACT the kernel32.dll file from the cabinet file first!

You need to extract by double clicking the cabinet file. Right click on kernel32.dll EXTRACT when prompted choose the C drive.

Then boot to dos mode and run the commands from the previous post!!!

http://support.microsoft.com/default.aspx?scid=kb;en-us;129605

The article above might be able to help you also.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #8
Phew, that was a close one:tongue2:
I now have it so that my computer can get to the desktop and do all the things it used to be able to do before the "royal screw-up". However, I followed your directions (and those of a few other web pages), but I am still having those error messages. I mainly can't get on the web, and MSN Messenger and RUNDLL are always popping up becuase they try and run themselves, fail, give me the error, and try again.
And again
And again
And AGAIN!
I can play games, but whenever those error messages pop up (at least 2 times a minute, usually more), it minimizes the program. Some of my games are not made to be minimized, and minimizing them like that causes them to crash. A real pain in the...yeah...

So, is there anything else I could do to try and remedy my problem? I've replaced the kernel32.dll file at least 4 times now with a copy that should work perfectly (the one found in WIN_11.cab). I'm not able to replace it while Windows is running, either in safe mode or regular mode, becuase it is always being used by another program (even when I pass its write-protection thing). The only way I can replace it is using DOS...well, as far as I know...

Thanks for anything more you can tell me!

-ScatMasterX
 

·
ID10T Circuit replacement
Joined
·
1,038 Posts
Also try doing another virus scan, either online or from your updated virus scanner if it is running. There has to be some other problems.

After replacing the Kernel32.dll file, did you try to go to windowsupdate.com to re-patch anything that was updated?

Do the hijack log, and jgvernonco will be able to help you with that.

Thanks for watching!!!
 

·
Registered
Joined
·
15 Posts
Discussion Starter #11
Here is the startuplist thingy:

StartupList report, 11/8/2003, 7:01:42 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALEVENT.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
C:\PROGRAM FILES\PEERGUARDIAN_1.99PR7\PEERGUARDIAN_1.99B_PR7.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Hidserv = Hidserv.exe run
LoadQM = loadqm.exe
NAV CfgWiz = C:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
updater = C:\Program Files\Common files\updater\wupdater.exe
winnet = C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
ccEvtMgr = C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
SchedulingAgent = mstask.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/11/2003, 18:43:16)

[Rename]
NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE
NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\SYSTEM\STLBDIST.DLL - {2CF0B992-5EEB-4143-99C0-5297EF71F443}
(no name) - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing) - {136A9D1D-1F4B-43D4-8359-6F2382449255}
(no name) - C:\PROGRAM FILES\POP\POP205.DLL (file missing) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}
(no name) - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL (file missing) - {00000762-3965-4A1A-98CE-3D4BF457D4C8}
(no name) - C:\WINDOWS\BI.DLL - {000006B1-19B5-414A-849F-2A3C64AE6939}
(no name) - C:\WINDOWS\SYSTEM\PHOTOG~1.EXE - {63B78BC1-A711-4D46-AD2F-C581AC420D41}
(no name) - C:\WINDOWS\SYSTEM\MMCMI.DLL - {2B23607B-AEE0-43B0-A592-46AC9FCE2D9D}
BabeIE - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL - {00000000-0000-0000-0000-000000000000}
NavErrRedir Class - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - {5D60FF48-95BE-4956-B4C6-6BB168A70310}
(no name) - C:\WINDOWS\IP.DLL - {8D91ECD1-2A29-41B8-9988-FD892F07F859}
(no name) - C:\Program Files\NewDotNet\newdotnet5_48.dll (file missing) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job
Synchronize Time.job
Check E-mail.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VIDEOX.DLL
CODEBASE = http://streamg.redhotnetworks.com/cabs/videox.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.5972453704

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[RealArcadeRdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\REALARCADERDXIE.DLL
CODEBASE = http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/30cb77ef5fb655e0b603/netzip/RdxIE601.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #2: C:\Program Files\NewDotNet\newdotnet5_48.dll (file MISSING)
Protocol #1: C:\WINDOWS\SYSTEM\INETADPT.DLL
Protocol #2: C:\WINDOWS\SYSTEM\INETADPT.DLL
Protocol #3: C:\WINDOWS\SYSTEM\INETADPT.DLL
Protocol #4: C:\WINDOWS\SYSTEM\INETADPT.DLL
Protocol #5: C:\WINDOWS\SYSTEM\INETADPT.DLL
Protocol #17: C:\WINDOWS\SYSTEM\INETADPT.DLL

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL

--------------------------------------------------
End of report, 7,792 bytes
Report generated in 0.154 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Also, idtent, I can't go on the internet from the computer that is "broken", so I'm not sure how I can go to windowsupdate.com or do an online viruscan...
Also, I've run Norton Antivirus 2003 numerous times, and only the first full system scan turned up a virus. I quarantined it and deleted it, and have run a scan many times after that with no viruses found.

Thanks again!

-ScatMasterX
 

·
Registered
Joined
·
5,955 Posts
Under your circumstances, I hate like **** to tell you this, but we have the wrong long. (This happens sometimes).

Go back to HJT, press the scan button. When the scan is completed, that button turns into "Save". Press that, and save it, then past that log here.

It will be worth it, as I have identified several infections, but we can't fix them from where you were at in the program.

I just want to try to get us to the point where we can use some online cleaners, and then we'll mop it up. :D
 

·
Registered
Joined
·
15 Posts
Discussion Starter #13
Alright, here are my "correct results" (I hope!):

Logfile of HijackThis v1.97.3
Scan saved at 7:58:42 PM, on 11/8/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
C:\PROGRAM FILES\PEERGUARDIAN_1.99PR7\PEERGUARDIAN_1.99B_PR7.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.free64all.com/tgp/out.php3?l=207
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.29.16.127/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.free64all.com/tgp/out.php3?l=207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\PROGRAM FILES\POP\POP205.DLL (file missing)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL (file missing)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\PHOTOG~1.EXE
O2 - BHO: (no name) - {2B23607B-AEE0-43B0-A592-46AC9FCE2D9D} - C:\WINDOWS\SYSTEM\MMCMI.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8D91ECD1-2A29-41B8-9988-FD892F07F859} - C:\WINDOWS\IP.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O3 - Toolbar: SuperBar - {B47F0B52-1EBA-4FF6-B379-8065919FBBD2} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O3 - Toolbar: &POP - {645FD3BC-C314-4F7A-9D2E-64D62A0FDD78} - C:\PROGRAM FILES\POP\POP205.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet5_48.dll' missing
O11 - Options group: [CommonName] CommonName
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamg.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.5972453704
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30cb77ef5fb655e0b603/netzip/RdxIE601.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

And also, I'm not sure how we can use online cleaners unless we can save them to a disk and transport them to the "broken" computer...

Thanks for your continuous help!

-ScatMasterX
 

·
Registered
Joined
·
5,955 Posts
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE (delete folder)
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE (delete folder)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.free64all.com/tgp/out.php3?l=207
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.free64all.com/tgp/out.php3?l=207
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\PROGRAM FILES\POP\POP205.DLL (file missing)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL (file missing)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\PHOTOG~1.EXE
O2 - BHO: (no name) - {2B23607B-AEE0-43B0-A592-46AC9FCE2D9D} - C:\WINDOWS\SYSTEM\MMCMI.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8D91ECD1-2A29-41B8-9988-FD892F07F859} - C:\WINDOWS\IP.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll (file missing)
O3 - Toolbar: SuperBar - {B47F0B52-1EBA-4FF6-B379-8065919FBBD2} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O3 - Toolbar: &POP - {645FD3BC-C314-4F7A-9D2E-64D62A0FDD78} - C:\PROGRAM FILES\POP\POP205.DLL (file missing)
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip
t0.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet5_48.dll' missing (run LSPfix)
O11 - Options group: [CommonName] CommonName
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamg.redhotnetworks.com/cabs/videox.cab
-----------------------------------------------------------------------------------
I had to sleep on this one!

If, after you have made the repairs that we will discuss, you can boot into safe mode and get to the net, I want you to immeiatly download and run LSPFix from this link:

http://www.cexx.org/lspfix.htm

If not, you will have to "import" that tool and run it, which will hopefully get you back online. Either way, we'll want a new HJT log, and we'll start hunting stragglers.

Ok, create a new HJT log and check all of the above items to be fixed. Then, with all explorer windows closed, tell HJT to fix them.

Reboot into safe mode

Find and delete the following files:

C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE (delete folder)
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE (delete folder)
C:\WINDOWS\SYSTEM\STLBDIST.DLL
C:\WINDOWS\BI.DLL
C:\WINDOWS\SYSTEM\PHOTOG~1.EXE
C:\WINDOWS\SYSTEM\MMCMI.DLL
C:\WINDOWS\IP.DLL
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip (If that a folder, delete the whole thing).

There will be more work to do, so get as far as you can, then post a new log here.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #16
Here goes...
I did all the things you told me to do (deleted and fixed all the stuff), and I downloaded and ran LSPFix, first in Safe Mode, then in Normal Mode. After I ran it in Safe Mode, when I restarted into Normal, I got a bunch of WS32 errors on a bunch of things. I restarted again (Explorer crashed) and when it finished ScanDisk, it froze again. I shut down manually and booted up once again. This time it got to the desktop without any of my usual kernel32.dll error (yay!), however, it gave me this error:

Explorer has caused in error in <unkown>. If this problem persists, please restart your computer.

Or something like that. I know for sure it said Explorer caused an error in <unknown>. So I cancelled (or closed, forgot what the button said) the error window, and it "re-booted" the desktop in about 3 seconds. After 3 seconds of the desktop looking fine, it gave me the same error. I restarted the computer. Same thing. I ran LSPFix in normal mode. Resart. Same thing.
I still can't go online, but I can do pretty much everything else, even with the message still on-screen...it doesn't seem to do anything except for re-boot the desktop, and then come up again.
If I try to go to Google (my homepage), the bar goes very, very slowly, and then stops about halfway through. I ran PeerGuardian and tried to update it, and it said that it couldn't connect to the server, which means I still can't go on the internet.

Anyway, here is the new Hijack Log:

Logfile of HijackThis v1.97.3
Scan saved at 2:47:06 PM, on 11/9/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.29.16.127/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.5972453704
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30cb77ef5fb655e0b603/netzip/RdxIE601.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

Thanks again!

-ScatMasterX
 

·
Registered
Joined
·
5,955 Posts
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30cb77ef5fb655...ip/RdxIE601.cab

Since LSPfix did not fix those 010 entries, I want to tp have HJT fix them.

I also missed one, and since it is a browser hijacker, it might be the problem;

Open HJT, check all of the above to be fixed, then, with all explorer and browser windows closed, have HJT fix them

Reboot.

See how the system is behaving, and also post another HJT log here.

I think we are close. ME is sometimes difficult to repair but results are good so far/
 

·
Registered
Joined
·
15 Posts
Discussion Starter #18
Alrighty...
I ran HJT and tried to fix what you told me to. HJT fixed the Q16 one, but did not fix the Q10 ones.
So, after the reboot, I tried to fix them again. HJT asked me to restart, so I said "Yes". It froze on me. Manual shutdown and restart. Froze after it showed my wallpaper. Restarted with Ctrl+Alt+Del. Got to desktop. Ran HJT. Still hadn't "fixed" the Q10 entries. Tried to fix them again. Said "Yes" to restart. This time it "shutdown" the desktop and then displayed this error:

Kernel32 has caused an error in KRNL386.EXE. Please restart (etc etc etc, forgot how the rest went...y'know, it's that usual message after an error)

Clicked OK and it went away, and froze. Manual shutdown and restart. Rebooted once again. Ran HJT. This is what I got:

Logfile of HijackThis v1.97.3
Scan saved at 5:52:29 PM, on 11/10/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\PEERGUARDIAN_1.99PR7\PEERGUARDIAN_1.99B_PR7.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.29.16.127/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.5972453704
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

So, it seems like my computer does NOT want to delete those Q10 thingies. Don't know why...

Thanks!

-ScatMasterX

PS: Haven't gotten that KRNL386 error ever before, and after a few more restarts, still haven't gotten it. I still keep getting those "Explorer caused in error in <unknown>" messages.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #20
BOOYAH!

I'm writing this from my newly-revitalized and ONLINE computer!

That deletion of that one .dll did the trick! No more "Explorer cuased an error in <unkown>"! Actually, no more errors at all (this boot-up, at least...too excited to try more tests!)!!

Thank you jgvernonco and idtent! You took a lot of time out of your lives to try and help me :winking: :tongue2:

Thanks again!

-ScatMasterX:bandit:

PS: THANKS! AYOOO I'm ONLINE!
 
1 - 20 of 23 Posts
Status
Not open for further replies.
Top