0

Please help me. I have the above on my computer, and the about blank web page keeps popping up. I keep receiving messages that state no memory left, and that I need to close programs. I have run Adware Alert, SE Adaware, as well as SPybot/Destroyer. It states that they have removed, but keeps coming back. I am not sure what to do. I have ME edition.

Thanks for any help you can offer.
:cry:
:o

2
Contributors
24
Replies
25
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Hi Bubba, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

0

Here is the log from the Hijack this file

Thank you so much for your help

Bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:17:20 PM, on 7/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\TEMP\TD_0010.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {287067A0-9848-929E-B819-572CE5C53D03} - C:\WINDOWS\SYSTEM\IPIL32.DLL
O2 - BHO: Class - {C7593148-738E-F18C-0FD1-179344BFCC46} - C:\WINDOWS\ADDUW32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Hi Bubba, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

0

Here is the copy of the Hijack this file. Please give me any help you can. I have run CWS Shredder, etc. I have no memory left on the computer.

Please let me know what I have to do. Thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:23:11 PM, on 7/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\JAVAOH.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CE0313BB-3015-D4A8-1854-F6B277DB070A} - C:\WINDOWS\IEJA.DLL (disabled by BHODemon)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [SYSHU32.EXE] C:\WINDOWS\SYSTEM\SYSHU32.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html

0

Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.

0

DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba

Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.

0

Here is the most up to date

Please provide whatever assistance you can.

thanks bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:44:27 PM, on 7/21/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\NTES.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSJG.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (disabled by BHODemon)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab


DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba

0

Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.

0

dlh6213:

Thanks for all your help to date. I am back to a degree. Still looks like Home Search Assistant, Shoopping Wizard, and Search Extender are still on my computer. Still getting about blank taking over as the default browser, and only the best pop-ups. After all the deletes, I can't use optonline. When I click icon, I get the an error message saying windows can't find Program.exe. I am computer novice so not sure what I need to now do. I am leaving computer and won't shut down until I hear back from you.

Thanks so much for your help so far.

Here is the most recent Hijack file:


Logfile of HijackThis v1.99.1
Scan saved at 11:42:57 PM, on 7/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {A0114348-958C-3797-ED04-B855B86EDEE6} - C:\WINDOWS\SYSTEM\ADDBY32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [IPZT32.EXE] C:\WINDOWS\IPZT32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/

Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.

0

Instructions for fixing the Program.exe error (from MS -- http://support.microsoft.com/?kbid=191219; normally I would just post the link, but since you still can't access the internet, I've copied the instructions):

"Edit the File Association
Edit the "URL:hypertext transfer protocol" file association to associate this type of file with Internet Explorer:

1. Double-click My Computer on the desktop.
2. On the View (or Tools) menu, click Folder Options (or Options).
3. Click the File Types tab, click URL:HyperText Transfer Protocol in the Registered File Types box, and then click Edit.
4. In the Actions box, click Open, and then click Edit.
5. Click Browse, navigate to the \Program Files\Internet Explorer folder, click the Iexplore.exe file, click Open, click OK, click Close, and then click Close.
NOTE: You may also need to repeat these steps for the following file associations:
URL:HyperText Transfer Protocol with Privacy
URL:File Transfer Protocol
URL:Gopher Protocol

Set Internet Explorer to Be the Default Browser
Set Internet Explorer to check whether it is the default browser: 1. Click Start, point to Settings, click Control Panel, and then double-click Internet.
2. Click the Programs tab, and then click to select the Internet Explorer should check whether it is the default browser check box.
3. Click Apply, and then click OK. Start Internet Explorer, and then click OK when you are prompted to make Internet Explorer the default browser.

NOTE: Another method to resolve this is to utilize the IE repair tool, if available."

Did you scan with about:Buster and CWShredder? You should also run HSRemove again.

Reboot into Safe Mode.

Go to Add/Remove Programs and remove ADWAREALERT, if present.

Scan with HJT and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A0114348-958C-3797-ED04-B855B86EDEE6} - C:\WINDOWS\SYSTEM\ADDBY32.DLL
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\RunServices: [IPZT32.EXE] C:\WINDOWS\IPZT32.EXE /s

Remember to close any open windows before hitting Fix checked.

Go to the following locations and delete the highlighted files and folder:

C:\WINDOWS\SYSTEM\ADDBY32.DLL
C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\WINDOWS\IPZT32.EXE

C:\PROGRAM FILES\ADWAREALERT

Empty your Recycle Bin and reboot normally.

See if you are now able to access the internet.

Scan with HJT and post a new log please.

0

Thanks for your help.

2 questions though, I purchased the Adware alert program, with the intention of fixing the about blank, search extender, home search assistant and shopping wizard problem. At least that's what it said it does for whatever price Ipaid. Do I really want to delete? I know so far everytime I use it says that it has quarantined those three, but to date no avail. The optonoline is the internet portal I use. Should that still be deleted/fixed?

Again, I really appreciate the time you have spent with me on this problem.

Instructions for fixing the Program.exe error (from MS -- http://support.microsoft.com/?kbid=191219; normally I would just post the link, but since you still can't access the internet, I've copied the instructions):

"Edit the File Association
Edit the "URL:hypertext transfer protocol" file association to associate this type of file with Internet Explorer:

1. Double-click My Computer on the desktop.
2. On the View (or Tools) menu, click Folder Options (or Options).
3. Click the File Types tab, click URL:HyperText Transfer Protocol in the Registered File Types box, and then click Edit.
4. In the Actions box, click Open, and then click Edit.
5. Click Browse, navigate to the \Program Files\Internet Explorer folder, click the Iexplore.exe file, click Open, click OK, click Close, and then click Close.
NOTE: You may also need to repeat these steps for the following file associations:
URL:HyperText Transfer Protocol with Privacy
URL:File Transfer Protocol
URL:Gopher Protocol

Set Internet Explorer to Be the Default Browser
Set Internet Explorer to check whether it is the default browser: 1. Click Start, point to Settings, click Control Panel, and then double-click Internet.
2. Click the Programs tab, and then click to select the Internet Explorer should check whether it is the default browser check box.
3. Click Apply, and then click OK. Start Internet Explorer, and then click OK when you are prompted to make Internet Explorer the default browser.

NOTE: Another method to resolve this is to utilize the IE repair tool, if available."

Did you scan with about:Buster and CWShredder? You should also run HSRemove again.

Reboot into Safe Mode.

Go to Add/Remove Programs and remove ADWAREALERT, if present.

Scan with HJT and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A0114348-958C-3797-ED04-B855B86EDEE6} - C:\WINDOWS\SYSTEM\ADDBY32.DLL
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\RunServices: [IPZT32.EXE] C:\WINDOWS\IPZT32.EXE /s

Remember to close any open windows before hitting Fix checked.

Go to the following locations and delete the highlighted files and folder:

C:\WINDOWS\SYSTEM\ADDBY32.DLL
C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\WINDOWS\IPZT32.EXE

C:\PROGRAM FILES\ADWAREALERT

Empty your Recycle Bin and reboot normally.

See if you are now able to access the internet.

Scan with HJT and post a new log please.

0

Do a search for ADWAREALERT at this site to find out about its reputation:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
(A good place to check before getting any spyware products)

Don't feel too bad about being goaded into purchasing the program, I did the same thing a year ago with a similar product before I found out (from this forum) about its poor reputation; so I know how you feel having wasted your money.

Removing this file -- C:\Program Files\Optimum Online\Netsurf.exe -- won't prevent you from using Optonoline, it will only stop the adware & spyware that comes with it :).
http://castlecops.com/s2624-Netsurf_exe.html
http://www.liutilities.com/products/wintaskspro/processlibrary/netsurf/

0

DLH 6213

Well I feel like an idiot about buying the AdwareAlert program. So much for using that.

I still have trouble accessing the internet via Optonline. Still comes up with a Program error when I hit the icon, even after I followed your directions. I am "backdooring" the net through an email. When I try the Internet Explorer icon, the "About Blank" website comes up. I am still getting the "Only the Best" pop-ups, and I see the Search Extender, Shopping Wizard, and Home Seach assistant in the add/remove programs.


Here is the most recent hijack this
Logfile of HijackThis v1.99.1
Scan saved at 6:11:29 PM, on 7/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {21BB89CF-BE0E-AEC1-B7D9-DBB05AD005C8} - C:\WINDOWS\SYSTEM\IPMN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [ATLEV32.EXE] C:\WINDOWS\SYSTEM\ATLEV32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NTKM.EXE] C:\WINDOWS\NTKM.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/

Do a search for ADWAREALERT at this site to find out about its reputation:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
(A good place to check before getting any spyware products)

Don't feel too bad about being goaded into purchasing the program, I did the same thing a year ago with a similar product before I found out (from this forum) about its poor reputation; so I know how you feel having wasted your money.

Removing this file -- C:\Program Files\Optimum Online\Netsurf.exe -- won't prevent you from using Optonoline, it will only stop the adware & spyware that comes with it :).
http://castlecops.com/s2624-Netsurf_exe.html
http://www.liutilities.com/products/wintaskspro/processlibrary/netsurf/

0

Go to Add/Remove Programs and remove:

Search Extender
Shopping Wizard
Home Seach Assistant

Download, install, update, and run these utilities (if you already have any of these, just update them before running):

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
CCleanerhttp://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, Double-click on the Hijackthis.exe icon that is on your desktop; scan with HijackThis and have it fix the following entries:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {21BB89CF-BE0E-AEC1-B7D9-DBB05AD005C8} - C:\WINDOWS\SYSTEM\IPMN.DLL

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to C:\WINDOWS\SYSTEM and delete IPMN.DLL

Go to Start, Run, type regedit in the box, and hit Enter.

At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Then click on Edit, Find; in the box, paste home search assistant, and then click on Find Next

Right-click on any entries found and click Delete.

Continue using the Find Next option until you get the Finished searching through registry message.

Repeat the 'Find' instructions for search extender, shopping wizard, and shopping assistant.

Close the Registry Editor.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HijackThis, and post the new log along with the Ewido log.

0

I have tried repeatedly to download Ewido without any success. Everytime, it tells me I am forbidden from that site. Any suggestions?

I maybe mistaken, but HS Remove does not work with the ME edition.

Is there something else I should download? I have done all the other downloads as you suggested.

Thanks again.

Go to Add/Remove Programs and remove:

Search Extender
Shopping Wizard
Home Seach Assistant

Download, install, update, and run these utilities (if you already have any of these, just update them before running):

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
CCleanerhttp://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, Double-click on the Hijackthis.exe icon that is on your desktop; scan with HijackThis and have it fix the following entries:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {21BB89CF-BE0E-AEC1-B7D9-DBB05AD005C8} - C:\WINDOWS\SYSTEM\IPMN.DLL

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to C:\WINDOWS\SYSTEM and delete IPMN.DLL

Go to Start, Run, type regedit in the box, and hit Enter.

At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Then click on Edit, Find; in the box, paste home search assistant, and then click on Find Next

Right-click on any entries found and click Delete.

Continue using the Find Next option until you get the Finished searching through registry message.

Repeat the 'Find' instructions for search extender, shopping wizard, and shopping assistant.

Close the Registry Editor.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HijackThis, and post the new log along with the Ewido log.

0

I have run the counter spy and cc. Looks like Home Search Extender, might be gone. Here is the lastest Hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 11:42:34 AM, on 8/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\NTKM.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [ATLEV32.EXE] C:\WINDOWS\SYSTEM\ATLEV32.EXE
O4 - HKLM\..\Run: [SUNASDTSERV] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NTKM.EXE] C:\WINDOWS\NTKM.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

Sorry, my mistake, neither HSRemove or Ewido will work with Windows Me. Try these:

CounterSpy -- http://www.download.com/CounterSpy/3000-8022_4-10375153.html?tag=lst-0-1

CCleaner -- http://www.ccleaner.com/

Post a new HijackThis log after running those.

0

Scan with HJT and have it fix:

O4 - HKLM\..\RunServices: [NTKM.EXE] C:\WINDOWS\NTKM.EXE /s

Close any open windows and hit Fix checked.

Go to C:\WINDOWS and delete NTKM.EXE.

Reboot, close any open browser windows, scan with HJT, and post a new log... and let us know if you're still having problems.

0

Here is the latest Hijack this file. IS the Atlev32.exe file a good file?

Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 8:52:00 AM, on 8/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASSERV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [ATLEV32.EXE] C:\WINDOWS\SYSTEM\ATLEV32.EXE
O4 - HKLM\..\Run: [SUNASDTSERV] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\sunASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

0

Good catch! No, it's not good, it's part of Javatv32.exe which is a Trojan/Backdoor. Sorry I overlooked that last time.

Scan with HJT and have it fix this line:

O4 - HKLM\..\Run: [ATLEV32.EXE] C:\WINDOWS\SYSTEM\ATLEV32.EXE

Then go to C:\WINDOWS\SYSTEM and delete ATLEV32.EXE

If you can't delete it, try booting into Safe Mode and deleting it from there.

Reboot (normally), close any open browser windows, scan with HJT and post a new log please.

0

I fixed with Hijack this, but when I went to delete in Windows/system, it wasn't there. Does that cause a problem?

This is the most recent Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 6:40:19 PM, on 8/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASSERV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\COUNTERSPY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [SUNASDTSERV] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

Good catch! No, it's not good, it's part of Javatv32.exe which is a Trojan/Backdoor. Sorry I overlooked that last time.

Scan with HJT and have it fix this line:

O4 - HKLM\..\Run: [ATLEV32.EXE] C:\WINDOWS\SYSTEM\ATLEV32.EXE

Then go to C:\WINDOWS\SYSTEM and delete ATLEV32.EXE

If you can't delete it, try booting into Safe Mode and deleting it from there.

Reboot (normally), close any open browser windows, scan with HJT and post a new log please.

0

I fixed with Hijack this, but when I went to delete in Windows/system, it wasn't there. Does that cause a problem?

No, that's not a problem, as long as it's gone :)

Your log looks clean to me, are you still having any trouble?

0

DLH 6213:

Thanks for all your help to date. I am still having two problems, first, I have attempted to down load Trojan Hunter and was told I was forbidden, and then tried to download an update from Zone Alarms, and was given the same message: HTTP 403 Forbidden. You are not authorized to view this page. Is that something that could be a consequence of all the problems I had?

Second problem was the using the Optonline Icon. Still getting Windows cannot find program. I have followed your directions from previous threads but to no avail. Have I screwed up something?

Again, I have to say I am very grateful for all of yor help. :o

Bubba

No, that's not a problem, as long as it's gone :)

Your log looks clean to me, are you still having any trouble?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.