0

Good day,

I have the about: blank problem that so many seem to have. I have tried to follow the advice given to others but it does not seem to cure my problem. I suppose each machine is different.

The usual symptoms: Whenever I go online, the explorer address line is chnged to about:blank. I ran hijack this and this now, at least, stops the address changing by notifying me that a change has been attempted (I deny the change).

Here is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 10:49:40 AM, on 6/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\SYSOD.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\ATLVG.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PVSW\BIN\W3DBSMGR.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {1BA9AA02-966B-3399-AE85-A9ACA0DC17F9} - C:\WINDOWS\SYSTEM\JAVANP32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Exec] C:\Windows\System\exec.hta
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\IOMEGA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [q75X36W] AWCRUN.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [CRUR32.EXE] C:\WINDOWS\CRUR32.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATLVG.EXE] C:\WINDOWS\ATLVG.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [MuAutoStart] C:\WINDOWS\SYSTEM\Mustart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINRY.EXE] C:\WINDOWS\WINRY.EXE /s
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSOD.EXE] C:\WINDOWS\SYSTEM\SYSOD.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - User Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - User Startup: PowerReg SchedulerV2.exe
O4 - User Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - User Startup: PowerReg Scheduler V3.exe
O4 - User Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O19 - User stylesheet: (file missing)

Any help would be appreciated as it is driving me CRAZY!!!!!!!!

Thanks
Best Regards
Mark

2
Contributors
7
Replies
8
Views
12 Years
Discussion Span
Last Post by crunchie
0

Please go here for the instructions on how to remove the Bube.d (aka Win32.Beavis) Removal [isrvs] infection. Please follow the removal instructions exactly.
Once done, repost a new log here and we will finish off the clean up.

0

Good day again,

I have run the Anti Virus program as instructed. Some of the instructions seemed to be for XP but, anyway, it has been done.

Here is the Hijack log now

Logfile of HijackThis v1.99.1
Scan saved at 10:03:35 AM, on 6/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
C:\PVSW\BIN\W3DBSMGR.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Exec] C:\Windows\System\exec.hta
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\IOMEGA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [q75X36W] AWCRUN.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [CRUR32.EXE] C:\WINDOWS\CRUR32.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATLVG.EXE] C:\WINDOWS\ATLVG.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [MuAutoStart] C:\WINDOWS\SYSTEM\Mustart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINRY.EXE] C:\WINDOWS\WINRY.EXE /s
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSOD.EXE] C:\WINDOWS\SYSTEM\SYSOD.EXE /s
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - User Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - User Startup: PowerReg SchedulerV2.exe
O4 - User Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - User Startup: PowerReg Scheduler V3.exe
O4 - User Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O19 - User stylesheet: (file missing)

At the moment things seem to have settled down and there is no sign of anything funny. Please let me know if you see anything further that can cause problems

Thanks for your help
Best Regards
Mark


Please go here for the instructions on how to remove the Bube.d (aka Win32.Beavis) Removal [isrvs] infection. Please follow the removal instructions exactly.
Once done, repost a new log here and we will finish off the clean up.

0

You have a few things there that need removing...

===============

Please go here and have this file scanned. Post the results back here.

C:\WINDOWS\SYSTEM\Mustart.exe

===============

We'll need to unload Spybot's Teatimer before we begin. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [Exec] C:\Windows\System\exec.hta
O4 - HKLM\..\Run: [q75X36W] AWCRUN.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [CRUR32.EXE] C:\WINDOWS\CRUR32.EXE
O4 - HKLM\..\Run: [ATLVG.EXE] C:\WINDOWS\ATLVG.EXE
O4 - HKLM\..\RunServices: [WINRY.EXE] C:\WINDOWS\WINRY.EXE /s
O4 - HKLM\..\RunServices: [SYSOD.EXE] C:\WINDOWS\SYSTEM\SYSOD.EXE /s

O19 - User stylesheet: (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

c:\Program Files\AutoUpdate

files...

C:\WINDOWS\CRUR32.EXE
C:\WINDOWS\ATLVG.EXE
C:\WINDOWS\WINRY.EXE
C:\WINDOWS\SYSTEM\SYSOD.EXE

Search for...

AWCRUN.EXE

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.

0

Good day again,

I have done as requested. Here is the hijacklog

Logfile of HijackThis v1.99.1
Scan saved at 1:51:05 PM, on 6/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
C:\PVSW\BIN\W3DBSMGR.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\IOMEGA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [MuAutoStart] C:\WINDOWS\SYSTEM\Mustart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: GetRight Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - User Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - User Startup: PowerReg SchedulerV2.exe
O4 - User Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - User Startup: PowerReg Scheduler V3.exe
O4 - User Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

The mustart.exe was not found in the windows system folder but in EzClone folder. This is a program that I had on the computer to enable two users to run the system at the same time. It is no problem to uninstall this program.
I looked for the autoupdate, crur32, atlvg,winry, sysod and awcrun files. None were found. (I have checked that "show all files" box selected)

So, hopefully, things have sorted themselves out.

Let me know if you think so as well.

Thanks again for your help
Best Regards
Mark

0

Congratulations! Your log looks clean - good work!

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.

Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

0

Good day,

Every thing seems to be running correctly without any problems.

Thanks again for your help
Best Regards
Mark

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.