Show Posts

1

Tech Clinic / My Compaq runs slow & locks up

« on: May 15, 2006, 09:33:47 PM »

Guestolo,

I did everything you suggested on your last post. I re-installed AVG7 Grisoft. My lock ups have stopped and my speed has increased greatly. Even my email downloads are running super fast. Great work! Thanks so much.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Jack1

2

Tech Clinic / My Compaq runs slow & locks up

« on: May 15, 2006, 05:44:45 PM »

Guestolo,

I followed your instructions, the "EVNTSVC.EXE" was not found on the task manager. In the add remove programs listing I found "REALONE PLAYER" and removed it. In windows the folder C:\Progra, Files\Comet was not present. Following are the Hijackthis and Panda reports:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:06 PM, on 5/15/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Incident Status Location

Adware:adware/comet Not disinfected Windows Registry
Adware:Adware/Comet Not disinfected C:\WINDOWS\TEMP\ccu\comet.cab[csbho.dll]
Adware:Adware/Comet Not disinfected C:\WINDOWS\TEMP\ccu\csbho.dll
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\default@linkexchange[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[2].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\default@preferences[2].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\default@preferences[1].txt
Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Cookies\anyuser@kount[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\default@linkexchange[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\default@linkexchange[3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\default@linkexchange[4].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\default@preferences[4].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[3].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\default@atwola[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[4].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\default@apmebf[2].txt
Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\default@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[5].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[6].txt
Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Cookies\default@kount[1].txt

3

Tech Clinic / My Compaq runs slow & locks up

« on: May 15, 2006, 12:53:10 PM »

Guestolo,

Following is the latest Hijack-this report, after running the Ad-Aware and Spybot programs.
I have also noticed when I shut down my computer I get a "windows notification" titled "WND for RNAdmin" stating that this is not reponding Then I have to click "end task" to continue the shut down process.

I had been using Grisoft AVG untill a couple days ago when I got fed up with time it took to virus scan incomming emails, 10 emails took about 8 minutes.

Here is the report:

Logfile of HijackThis v1.99.1
Scan saved at 1:47:02 PM, on 5/15/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

Thanks

4

Tech Clinic / My Compaq runs slow & locks up

« on: May 14, 2006, 12:55:45 PM »

Having trouble with my Compaq Presario. It runs slow and will often lock up and will always lock up when trying to open my control panel using the start drop down menu, however I can open my control panel going through "my computer" on my desktop. can anyone help

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Here is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:13:18 PM, on 5/14/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBSRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBHOSTIE.DLL
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBHOSTIE.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

Thanks!

5

Tech Clinic / about.blank help

« on: March 13, 2005, 09:01:13 PM »

Guestolo,

Just ran Jotti's Online Malware scan, here's the results:

Service load: 0% 100%

File: abCD.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -

AntiVir No viruses found (0.43 seconds taken)
Avast No viruses found (1.53 seconds taken)
AVG Antivirus No viruses found (0.54 seconds taken)
BitDefender No viruses found (0.53 seconds taken)
ClamAV No viruses found (0.63 seconds taken)
Dr.Web No viruses found (0.92 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Fortinet No viruses found (0.44 seconds taken)
Kaspersky Anti-Virus No viruses found (1.01 seconds taken)
mks_vir No viruses found (0.24 seconds taken)
NOD32 No viruses found (0.49 seconds taken)
Norman Virus Control No viruses found (0.80 seconds taken)

6

Tech Clinic / about.blank help

« on: March 13, 2005, 08:25:58 PM »

Guestolo,

Sorry I have no idea what ABCD.EXE file is for.

I ran AVG and it found and removed another 296 objects.

I installed AVG in the two other personal computer I have here.

AVG looks great.

7

Tech Clinic / about.blank help

« on: March 13, 2005, 07:25:19 PM »

Guestolo,

I got to the bottom of my problem, evidently my computer does not like to have both a "dial-up" card and a "ethernet" card installed at the same time. I did another restore with only my "dial-up" card installed. Then I removed the "dial-up" in the device manager, shut down the computer and removed the 'dial-up" card and installed the "ethernet" card. After that both my internet and shut down problems went away.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

About.blank has also disappeared and my computer speed has increased.

I downloaded and installed the "AVG" you suggested.

Again thanks for your expert help.

8

Tech Clinic / about.blank help

« on: March 12, 2005, 12:59:35 PM »

guestolo,

I followed your last instructions.

I am still not able to get on the internet with the computer we are troubleshooting. I get a "cannot find server" error whenever I try to open my internet explorer. I have reinstalled my ethernet PCI card and the device manager says its installed and working. When I check my network configuration tcp/ip>netgear pci adapter is shown. When I check my IP configuration it shows an ip address for my PCI adapter of 169.254.54.213 I don't believe this address is correct. I have a DSL connection with a Zoom modem and a linsys wireless router. I am direct wired from the router to the computer I am having trouble with. I have two other computers a notebook and another desk top with wireless conections to the router, both of the other computers can access the internet through the wireless router.

I still cannot shut down or restart my computer normally, it stalls and has to be shut down using the power button.

I plan on installing the AVG program you suggested as soon as I can get back on to the internet.

Buster came up clean and here is the most recent hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:16:13 AM, on 03/12/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Dcfssvc] C:\Program Files\Common Files\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Again thanks for your help.

9

Tech Clinic / about.blank help

« on: March 11, 2005, 03:59:15 PM »

guestolo,

I started to carryout the instructions you sent me and ran in to some problems. I downloaded the softwares and restarted in safe mode. I went to the task manager to look for the programs you listed but none of those were running. I then found all the dll and exe files you listed and deleted them. Idid another scan with hijackthis and found that all the R0 items had a file jpwmo.dll instead of the kylww.dll listed in the previous log and so I did not "fix check" them but did "fix check the renaining ones.Still in safe mode I ran "about:buster" saved the log and exit.

I ran CWSSchredder and used the fix button.

Then I rebooted in normal mode and in the process recieved an error "While initializing device IOS" "error:real mode memeroy allocation failed". I had that happen to me one time in the past and the manufacturer directed to do a "system files restore", which cleared the error. I repeated this restore operation, and the error cleared and I was able to restart in normal mode.

Once rebooted I ran another about:buster log.

I ran Hoster and restored the original hosts.

I reset the web settings as you directed.

I found the shell.dll file it was in my system folder.

When shut down and restarted my computer, I was unable to access the internet. So I decided to re-install my PCI card and dsl modem, but this has not resolved my problem. I am posting to you from another computer which has internet access. Another problem also developed in that when I do a normal shut down, the shut down starts normally but then freezes when it gets to the windows "shutting down screen" and then the only way I could finish the shut down process is to hold the power button in for 5 seconds.

Here is latest hijackthis log and the safe mode and normal mode about:buster logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:16 PM, on 03/11/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jpwmo.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www2.enter.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {0000031A-0000-0000-C000-000000000046} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Dcfssvc] C:\Program Files\Common Files\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Scanned at: 2:55:48 PM on: 03/10/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Removed! : C:\WINDOWS\addzt32.exe
Removed! : C:\WINDOWS\addna32.exe
Removed! : C:\WINDOWS\d3lj32.exe
Removed! : C:\WINDOWS\crtu.exe
Removed! : C:\WINDOWS\d3dm32.exe
Removed! : C:\WINDOWS\ieze32.exe
Removed! : C:\WINDOWS\d3rk.exe
Removed! : C:\WINDOWS\netwm32.exe
Removed! : C:\WINDOWS\SYSTEM\d3su.exe
Removed! : C:\WINDOWS\SYSTEM\addwg32.exe
Removed! : C:\WINDOWS\SYSTEM\atltk.exe
Removed! : C:\WINDOWS\SYSTEM\addil.exe
Removed! : C:\WINDOWS\SYSTEM\javaml.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 3:22:57 PM on: 03/10/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Once again thanks for your help, can you help me resolve these newest problems.

10

Tech Clinic / about.blank help

« on: March 09, 2005, 08:20:40 AM »

gestolo

Here is my hijackthis log. Running adware in safe mode seams to work. There is no longer a long delay when opening my control panel. However about.blank is still a problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:16:50 AM, on 03/09/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ADDTQ32.EXE
C:\WINDOWS\SYSTEM\ADDNL32.EXE
C:\WINDOWS\SYSTEM\MSKV.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\D3BJ32.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\ADDZT32.EXE
C:\WINDOWS\CRFN32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {7FD318B9-600D-989C-1DCA-4BF6B4D6258D} - C:\WINDOWS\NETAD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Thanks for your help!

11

Tech Clinic / about.blank help

« on: March 08, 2005, 07:55:07 PM »

Hi Heddalora,
I did what you suggested, I downloaded Adware and ran it on my computer. On the first scan it identified 290 objects, I went through the removal process and adware performed a quaratine of the objects then preceeded to delete them. the deletion process seem to freeze before completing and the deletion process bar remained on my screen untill I closed the application. I decided to re-scan and found that the objects I thought were deleted were detected once again. Again I ran the deletion and again it seem to freeze before completing. A third scan produced the same results. Can you suggest what could be going wrong. Thanks for your help.

12

Tech Clinic / about.blank help

« on: March 08, 2005, 10:51:46 AM »

I am having a couple of problems with my computer, I believe it is infected. Everytime I open my internet explorer I get a page entitled "about.blank". When I try to open my "contrl panel" it takes as long as "60 seconds" and when I change my home page back to its original setting under "internet options" it will only work once when "about.blank" reapears. I have read some of your posting and see that you usually start the remedy process by viewing a hijackthis log file. I have down loaded this program and my log file follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:44 AM, on 03/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\ADDTQ32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\APIBC.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {708855B6-7B1A-0E07-E911-ABFC91C434AC} - C:\WINDOWS\SYSTEM\APPJM.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [APIBC.EXE] C:\WINDOWS\APIBC.EXE
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Can you help me with this problem.

TheTechGuide Forum

News:

Messages - jack1

Tech Clinic / My Compaq runs slow & locks up

Tech Clinic / My Compaq runs slow & locks up

Tech Clinic / My Compaq runs slow & locks up

Tech Clinic / My Compaq runs slow & locks up

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help

Tech Clinic / about.blank help