|
|
Custom Search
|
|
|
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC! |
|
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more. Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted. |
Apprentice Geek
I star up my comp and have about 100 mb os space.... within minutes, even seconds at times and all my disc space or memory is gone or as low as 1 or 0 mb.....what,s up with that.....thanks !!
Grand Master Geek
Welcome to the Pc Guide. First off, were are you getting these numbers from? Is is the anount of free space on your HD? Or is it RAM usage?
For starters, please download a copy of Hijackthis. Unzip it into a permanent folder. Click on the icon. Choose the option to scan and create a log. Post the contents of the log here for the experts to review.
Apathy: If we don't take care of the customer,maybe they'll stop bugging us.
Customer Disservice: Because we're not satisfied until you're not satisfied.
(Maybe BB's approach?)
~Despair.com
Apprentice Geek
Scan saved at 10:42:49 PM, on 2/20/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\UUAR\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\NBHNV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.shopathomeselect.co...nstall4110.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=5150
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)
Apprentice Geek
That can,t be good !!!
Holy bajeezes!!I'm no HJT expert, and even I can tell your system is riddled with spyware! How long has it been since you reinstalled Windows? And what sort of security do you have on that thing?
Apprentice Geek
4-5 months since I re-installed windows. Obviously my norton 2003 with all the updates can't seem to help me much..... I think my best option will be to save all I can before I jump off the deck....lol
Oh, see, Norton will only protect you from virii and other forms of malicious code. It won't actually protect you from spyware/malware because these little utilities are actually given permission to run on the system and are legitimately installed as far as the OS is concerned. Spyware/malware gets into your system in a variety of ways, from the l'user way of clicking on "YES" for every pop-up to the sneaky ones that latch onto ActiveX or other loop holes in your internet browser. A free anti-spyware utility like Adaware SE or Spybot Search & Destroy (do not use them together) is necessary for the removal of such spyware/malware. If it's only been 5 months since your last reinstall, you have a chance of curtailing this incident before things get out of hand. Once you get past the 1-year mark, however, it's easier to just reinstall.
For future reference, a lot of here on the forums have found that using an alternative browser, like Firefox, greatly reduces the amount of spyware/malware that we get. I've noticed a reduction in my own browsing activities on the order of 95-99% using Mozilla/Firefox vs M$'s Internet Explorer. I used to run Spybot S&D once a week before I switched, and now I run it once every month or two. That's pretty good for a Windows system, although my Linux box never gets spyware/malware.
Grand Master Geek
No, wait for Budfred or Classic. -Have fun guys.
Last edited by hockey man; 02-20-2006 at 11:38 PM.
Apathy: If we don't take care of the customer,maybe they'll stop bugging us.
Customer Disservice: Because we're not satisfied until you're not satisfied.
(Maybe BB's approach?)
~Despair.com
Apprentice Geek
thanks guys cya later...... will take more advice though.....
Apprentice Geek
hockeyman or Budfred or Classic
which ones should I delete..... nead some tips here please.....thanx
Amateur Master Geek
Moving this to Applications & Security for HJT read.
DO NOT try to fix anything until the experts advise.
Apprentice Geek
Hey budfred !!
What do you think of all this..... Any advice please ?
Grand Master Geek
Pierre, I know enough to get your started, but these kinds of fixes require an expert to be done correctly, and I'm no expert. Please, be patient- it will be well worth it.
Apathy: If we don't take care of the customer,maybe they'll stop bugging us.
Customer Disservice: Because we're not satisfied until you're not satisfied.
(Maybe BB's approach?)
~Despair.com
Exalted Grand Master Geek
First: Download CCLEANER and empty your TEMP and Temporary Internet Folders.
Next:
Open Hijackthis and place a check next to:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.shopathomeselect.co...nstall4110.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=5150
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)
Close all open program and browser windows except HJT and click fix checked
Re- Boot and delete the following files and folders. You may have to show hidden files
c:\secure32.html
C:\WINDOWS\SYSTEM\ZGF.DLL
D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
C:\WINDOWS\NEM220.DLL
C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
C:\WINDOWS\SYSTB.DLL
C:\WINDOWS\SYSTEM\ZGF.DLL
C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\FPHMNQNC.EXE
C:\Program Files\Internet Optimizer\optimize.exe
polo.exe
C:\WINDOWS\SYSTEM\paytime.exe
rtf32.exe
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\efsdfgxg.exe
C:\WINDOWS\SYSTEM\priva.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\efsdfgxg.exe
C:\winstall.exe
C:\WINDOWS\SYSTEM\ibm00001.exe
C:\WINDOWS\SYSTEM\paytime.exe
C:\WINDOWS\SYSTEM\symsvcsa.exe
C:\Program Files\Common Files\uuar\rundll32.exe
C:\WINDOWS\SYSTEM\nbhnv.exe
C:\WINDOWS\web\related.htm
C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
C:\WINDOWS\SYSTEM\pakkimbe.dll
C:\WINDOWS\SYSTEM\birdihuy32.dll
C:\WINDOWS\SYSTEM\Fmnehcgl.dll
Re-boot and Please download, install, and update the NEW free version of Ewido trojan scanner:
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main Ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful")
Perform a full system scan and fix all that it finds.
Re-boot and post the ewido log and a new HJT log and let is know how the system is running.
Last edited by classicsoftware; 02-23-2006 at 01:01 AM.
No two moments are alike and a person who thinks that any two moments are alike has never lived.
A.J. Heschel
Apprentice Geek
problem classic....
downloaded ewido program but can't install it. it says windows 2000 and higher.... I have windows ME that not good enough ?
Grand Master Geek
Just do the steps with CCleaner and HJT, then re-post a log for Classic.
Apathy: If we don't take care of the customer,maybe they'll stop bugging us.
Customer Disservice: Because we're not satisfied until you're not satisfied.
(Maybe BB's approach?)
~Despair.com
Amateur Master Geek
No,I have windows ME that not good enough
With Windows ME you can try the Trojan Hunter program.
http://www.misec.net/
Apprentice Geek
new log for classic....
Logfile of HijackThis v1.99.1
Scan saved at 2:53:40 PM, on 2/25/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [THGuard] "D:\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
system seems to run better but still have not much disk space, in my windows folder I have over 118 Mb of junk which ones too delete? Also on my C drive I have this file __W9XUNDO.DAT__ which is 157 Mb should I delete to make space ?
Apprentice Geek
Unbelievable....!!!
Re-boot my comp. check space on primary drive C (Primarily just for windows applications) it has roughly 65 to 70 Mb. Start internet explorer, come to PC opening page find my way to this board.........bang.....--low disk space notification-- let it do its scan.....you only have(usually anywhere from 0 to 5 Mb of space). I got rid of alot of spyware so far with the different steps takin so far, but still my REAL problem hasn't been found yet !!! I think I'll just save what I want on disk D and re-format C again , sounds just about easier, but still would want to know why I'm getting all that space eaten within seconds of internet surfing. thanks guys...
Exalted Grand Master Geek
If this was an upgrade from Windows 98, then you can remove it from Add/remove programs. You can always copy it to the d drive and if it starts Ok then you can kill it.
Download ccleaner and clean all of your TEMP and Temporary Internet Folders and see how much space is remaining.
Once you clean out the junk we can prune some more off w/o reinstalling...
p.s. your log looks clean
No two moments are alike and a person who thinks that any two moments are alike has never lived.
A.J. Heschel
Apprentice Geek
Wow just removed 500 Mb of garbage without touching the other file above mentioned....W9XUNDO.DAT....I'll wait and see if it is necessary
Exalted Grand Master Geek
So how is the system running???????
No two moments are alike and a person who thinks that any two moments are alike has never lived.
A.J. Heschel
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote