Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 22 of 22

Thread: Losing memory faster than my hair....

  1. #1

    Losing memory faster than my hair....

    I star up my comp and have about 100 mb os space.... within minutes, even seconds at times and all my disc space or memory is gone or as low as 1 or 0 mb.....what,s up with that.....thanks !!

  2. #2
    Join Date
    Feb 2005
    Location
    At my Computer
    Posts
    1,818
    Welcome to the Pc Guide. First off, were are you getting these numbers from? Is is the anount of free space on your HD? Or is it RAM usage?

    For starters, please download a copy of Hijackthis. Unzip it into a permanent folder. Click on the icon. Choose the option to scan and create a log. Post the contents of the log here for the experts to review.
    Apathy: If we don't take care of the customer,maybe they'll stop bugging us.

    Customer Disservice: Because we're not satisfied until you're not satisfied.

    (Maybe BB's approach?)
    ~Despair.com

  3. #3

    log

    Scan saved at 10:42:49 PM, on 2/20/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\UUAR\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\NBHNV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\PROGRAM FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
    O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
    O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
    O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [polo.exe] polo.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
    O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
    O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
    O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
    O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
    O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
    O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
    O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
    O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
    O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.shopathomeselect.co...nstall4110.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=5150
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
    O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
    O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)

  4. #4
    That can,t be good !!!

  5. #5
    Join Date
    Mar 2002
    Posts
    12,172
    Blog Entries
    2
    Holy bajeezes!! I'm no HJT expert, and even I can tell your system is riddled with spyware! How long has it been since you reinstalled Windows? And what sort of security do you have on that thing?

  6. #6

    A lot of **** here

    4-5 months since I re-installed windows. Obviously my norton 2003 with all the updates can't seem to help me much..... I think my best option will be to save all I can before I jump off the deck....lol

  7. #7
    Join Date
    Mar 2002
    Posts
    12,172
    Blog Entries
    2
    Oh, see, Norton will only protect you from virii and other forms of malicious code. It won't actually protect you from spyware/malware because these little utilities are actually given permission to run on the system and are legitimately installed as far as the OS is concerned. Spyware/malware gets into your system in a variety of ways, from the l'user way of clicking on "YES" for every pop-up to the sneaky ones that latch onto ActiveX or other loop holes in your internet browser. A free anti-spyware utility like Adaware SE or Spybot Search & Destroy (do not use them together) is necessary for the removal of such spyware/malware. If it's only been 5 months since your last reinstall, you have a chance of curtailing this incident before things get out of hand. Once you get past the 1-year mark, however, it's easier to just reinstall.

    For future reference, a lot of here on the forums have found that using an alternative browser, like Firefox, greatly reduces the amount of spyware/malware that we get. I've noticed a reduction in my own browsing activities on the order of 95-99% using Mozilla/Firefox vs M$'s Internet Explorer. I used to run Spybot S&D once a week before I switched, and now I run it once every month or two. That's pretty good for a Windows system, although my Linux box never gets spyware/malware.

  8. #8
    Join Date
    Feb 2005
    Location
    At my Computer
    Posts
    1,818
    No, wait for Budfred or Classic. -Have fun guys .
    Last edited by hockey man; 02-20-2006 at 11:38 PM.
    Apathy: If we don't take care of the customer,maybe they'll stop bugging us.

    Customer Disservice: Because we're not satisfied until you're not satisfied.

    (Maybe BB's approach?)
    ~Despair.com

  9. #9

    guess I'll Wait

    thanks guys cya later...... will take more advice though.....

  10. #10

    Unhappy hockeyman or Budfred or Classic

    which ones should I delete..... nead some tips here please.....thanx

  11. #11
    Join Date
    Aug 2003
    Location
    Northern California
    Posts
    13,426
    Moving this to Applications & Security for HJT read.

    DO NOT try to fix anything until the experts advise.

  12. #12

    Wink Hey budfred !!

    What do you think of all this..... Any advice please ?

  13. #13
    Join Date
    Feb 2005
    Location
    At my Computer
    Posts
    1,818
    Pierre, I know enough to get your started, but these kinds of fixes require an expert to be done correctly, and I'm no expert. Please, be patient- it will be well worth it.
    Apathy: If we don't take care of the customer,maybe they'll stop bugging us.

    Customer Disservice: Because we're not satisfied until you're not satisfied.

    (Maybe BB's approach?)
    ~Despair.com

  14. #14
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,243
    First: Download CCLEANER and empty your TEMP and Temporary Internet Folders.

    Next:
    Open Hijackthis and place a check next to:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
    O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
    O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
    O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL

    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL

    O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [polo.exe] polo.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
    O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
    O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
    O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
    O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
    O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
    O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
    O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.shopathomeselect.co...nstall4110.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=5150

    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
    O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
    O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)

    Close all open program and browser windows except HJT and click fix checked

    Re- Boot and delete the following files and folders. You may have to show hidden files

    c:\secure32.html

    C:\WINDOWS\SYSTEM\ZGF.DLL
    D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
    C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    C:\WINDOWS\NEM220.DLL
    C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
    C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
    C:\WINDOWS\SYSTB.DLL
    C:\WINDOWS\SYSTEM\ZGF.DLL
    C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
    C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\WINDOWS\FPHMNQNC.EXE
    C:\Program Files\Internet Optimizer\optimize.exe
    polo.exe
    C:\WINDOWS\SYSTEM\paytime.exe
    rtf32.exe
    C:\WINDOWS\SYSTEM\kernels32.exe
    C:\WINDOWS\SYSTEM\efsdfgxg.exe
    C:\WINDOWS\SYSTEM\priva.exe
    C:\WINDOWS\wupdt.exe
    C:\WINDOWS\SYSTEM\kernels32.exe
    C:\WINDOWS\SYSTEM\efsdfgxg.exe
    C:\winstall.exe
    C:\WINDOWS\SYSTEM\ibm00001.exe
    C:\WINDOWS\SYSTEM\paytime.exe
    C:\WINDOWS\SYSTEM\symsvcsa.exe
    C:\Program Files\Common Files\uuar\rundll32.exe
    C:\WINDOWS\SYSTEM\nbhnv.exe
    C:\WINDOWS\web\related.htm
    C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
    C:\WINDOWS\SYSTEM\pakkimbe.dll
    C:\WINDOWS\SYSTEM\birdihuy32.dll
    C:\WINDOWS\SYSTEM\Fmnehcgl.dll

    Re-boot and Please download, install, and update the NEW free version of Ewido trojan scanner:

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful")


    Perform a full system scan and fix all that it finds.

    Re-boot and post the ewido log and a new HJT log and let is know how the system is running.
    Last edited by classicsoftware; 02-23-2006 at 01:01 AM.
    No two moments are alike and a person who thinks that any two moments are alike has never lived.

    A.J. Heschel

  15. #15

    Angry problem classic....

    downloaded ewido program but can't install it. it says windows 2000 and higher.... I have windows ME that not good enough ?

  16. #16
    Join Date
    Feb 2005
    Location
    At my Computer
    Posts
    1,818
    Just do the steps with CCleaner and HJT, then re-post a log for Classic.
    Apathy: If we don't take care of the customer,maybe they'll stop bugging us.

    Customer Disservice: Because we're not satisfied until you're not satisfied.

    (Maybe BB's approach?)
    ~Despair.com

  17. #17
    Join Date
    Aug 2003
    Location
    Northern California
    Posts
    13,426
    I have windows ME that not good enough
    No,
    With Windows ME you can try the Trojan Hunter program.
    http://www.misec.net/

  18. #18

    Exclamation new log for classic....

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:40 PM, on 2/25/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    D:\TROJANHUNTER 4.2\THGUARD.EXE
    C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    D:\PROGRAM FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [THGuard] "D:\TROJANHUNTER 4.2\THGUARD.EXE"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

    system seems to run better but still have not much disk space, in my windows folder I have over 118 Mb of junk which ones too delete? Also on my C drive I have this file __W9XUNDO.DAT__ which is 157 Mb should I delete to make space ?

  19. #19

    Question Unbelievable....!!!

    Re-boot my comp. check space on primary drive C (Primarily just for windows applications) it has roughly 65 to 70 Mb. Start internet explorer, come to PC opening page find my way to this board.........bang.....--low disk space notification-- let it do its scan.....you only have(usually anywhere from 0 to 5 Mb of space). I got rid of alot of spyware so far with the different steps takin so far, but still my REAL problem hasn't been found yet !!! I think I'll just save what I want on disk D and re-format C again , sounds just about easier, but still would want to know why I'm getting all that space eaten within seconds of internet surfing. thanks guys...

  20. #20
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,243
    If this was an upgrade from Windows 98, then you can remove it from Add/remove programs. You can always copy it to the d drive and if it starts Ok then you can kill it.

    Download ccleaner and clean all of your TEMP and Temporary Internet Folders and see how much space is remaining.

    Once you clean out the junk we can prune some more off w/o reinstalling...

    p.s. your log looks clean
    No two moments are alike and a person who thinks that any two moments are alike has never lived.

    A.J. Heschel

  21. #21

    THANKS Classic

    Wow just removed 500 Mb of garbage without touching the other file above mentioned....W9XUNDO.DAT....I'll wait and see if it is necessary

  22. #22
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,243
    So how is the system running???????
    No two moments are alike and a person who thinks that any two moments are alike has never lived.

    A.J. Heschel

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •