0

I found this forum via yahoo. My computer is really freaking slow and my homepage is the about: blank page. So FRUSTRATED! Sorry to bother you all with my problems, but I've run McAfee virus scan and CW Shredder, and they don't seem to solve my problems at all. I have a HiJackthis log. If someone could help me out I would be very greatful. It's times like these that I wish I was a computer nerd and not a chemistry nerd. Here is that log:

Logfile of HijackThis v1.97.7
Scan saved at 5:47:33 PM, on 5/22/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOLIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AdsGone\adsgone.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Chesty Bell\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\dhgpjf.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = [url]http://mmjb.musicmatch.com/mmjb/process.cgi?REQUEST=HOME&VERSION=7.10.0053DELL&LANG=ENU&Grant=0[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3677D310-430D-469C-9590-4AB08C349C20} - C:\WINDOWS\System32\dhgpjf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect5.exe
O4 - HKLM\..\Run: [gftibvi] rundll32 C:\WINDOWS\System32:gftibvi.dll,Init 1
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AOLIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [*gftibvi] rundll32 C:\WINDOWS\System32:gftibvi.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! MLB StatTracker - [url]http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/109159ff7a394e44f805/netzip/RdxIE601.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab[/url]
O16 - DPF: {C3C304ED-7599-4A9D-8AD3-2F8648AFBD1A} (BLWebSlideNetViewerX Control) - [url]http://www.bacuslabs.com/plugin/WEBSLIDE.EXE[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] 

One desperate soul,

Chip

Edited by pyTony: fixed formating

5
Contributors
15
Replies
16
Views
13 Years
Discussion Span
Last Post by Dulaithol
0

Download dllfix from the following link.
http://tools.zerosrealm.com/dllfix.exe

Create a folder on your desktop, doubleclick on the dllfix and install it into the folder you just created.

In that folder there should now be two more folders. Find & run start.bat and press option 1. 'output.txt' will be created in the folder.

Open the text file & copy the entire contents & post those results here.

0

Thanks Crunchie. hope this helps.

--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==-- 

Sun 05/23/2004 
11:23 AM

System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (9C91:488D) - FS:NTFS clusters:4k
Total: 39 983 083 520 [37G] - Free: 33 093 906 432 [31G]


 *IE version and Service packs: 
                6.0.2600.0  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MinorVersion    REG_SZ  ;q319182;

 *Google Toolbar version and Attributes: 
 Defaults: "A" ;"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

 *UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Q321150"=""


 *Wmplayer version: 
                8.0.0.4477  C:\Program Files\Windows Media Player\wmplayer.exe
                6.4.9.1120  C:\Program Files\Windows Media Player\mplayer2.exe

 *M$Java version: 
                5.0.3805.0  C:\WINDOWS\System32\msjava.dll


 *PC uptime: 
 11:23am  up 0 days, 14:44
Locked or 'Suspect' file(s) found... 
\\?\C:\WINDOWS\System32\HLPKJI.DLL +++ File read error
\\?\C:\WINDOWS\System32\HLPKJI.DLL +++ File read error


 *List of top level windows: 
    HWND         PID PRIO  TITLE
   10158        1792 norm  TF_FloatingLangBar_WndTitle
   1015a        1792 norm  CiceroUIWndFrame
  1e0164        1360 norm  SysFader
   a0086        1360 norm  Start Menu
   30034        1360 norm  _Shell_TrayWnd
   10026         544 high  NetDDE Agent
   d024e        4004 norm  CiceroUIWndFrame
   c026a        4004 norm  THOR MAIN WINDOW
   70304        3268 norm  CiceroUIWndFrame
   8031e        3268 norm  THOR MAIN WINDOW
  18029e        3268 norm  Cws Hidden Dll Fix by ShadowWAr
  150136        4004 norm  Slow computer + about:blank homepage - Security at DaniWeb TechTalk computer su
   f0388        2580 norm  C:\WINDOWS\System32\cmd.exe
  1802a6        1360 norm  dllfix
   702dc        3268 norm  IMMIF UI
   403d6        3268 norm  Hammer of Thor
   c035a        1360 norm  Acrobat IEHelper
  1001a4        4004 norm  MCI command handling window
  100252        4004 norm  IMMIF UI
   b026c        4004 norm  Hammer of Thor
  1802a4        4004 norm  DDE Server Window
  1d0292        4004 norm  Acrobat IEHelper
   10222        1736 norm  McAfee Personal Firewall Alert
   10206        1736 norm  McAfee Personal Firewall Alert
   20174        1736 norm  McAfee Personal Firewall Alert
   5019c        1736 norm  McAfee Personal Firewall Alert
   301da        1360 norm  MCI command handling window
   301d4        3040 norm  AutoUpdateWindow
   300f4        1776 norm  Sign On
   4018c         860 norm  Netropa OnScreen Display
   102c6        1760 norm  MSBLNetConn
   201a8        1760 norm  ActiveMovie Window
   201aa        1760 norm  ActiveMovie Window
   201ac        1760 norm  MSP PNP Notification Window
   201ae        1760 norm  CRTCClient
   201b0        1760 norm  CRTCIMService
   101c8         400 norm  ##MPF###MPFAGENTREFLECTOR##
   101be        1996 norm  ##VSO###MCVSRTE##48631904-EA9B-4ef2-89E1-CF94A133F055
   200fa        1492 norm  Netropa Hot Key
   20100        1360 norm  Connections Tray
   10184        1512 norm  DirectCD
   10194        1684 norm  ##VSO###MCVSSHLD##
   10192        1776 norm  DDE Server Window
   10180        1876 norm  ESCAN_05C7FDBC-A2CA-44ec-A1A2-2098B7DE92B8
   20122        1532 norm  600
   1010c        1760 norm  DDE Server Window
   100fc        1704 norm  McAgent_Main_Hidden_Window
   100d4        1360 norm  Power Meter
   100ca        1360 norm  MS_WebcheckMonitor
   100c8        1544 norm  BJCFD
   100c2        1552 norm  DIGStream
   100a8        1500 norm  Music Match Tray Applet
   100b8        1588 norm  Notification Wnd for RNAdmin
   100ae        1520 norm  MessageApp
   100a4        1532 norm  QTPlayer Tray Icon
   40054        1360 norm  gftibvi
  1300ee        4004 norm  SysFader
  120296        1360 norm  SysFader
   1007e        1360 norm  Program Manager
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3677D310-430D-469C-9590-4AB08C349C20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{7916DA26-A281-44A8-BE6A-65E5B752DE1D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{7916DA26-A281-44A8-BE6A-65E5B752DE1D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI)    ALLOW  Read         BUILTIN\Users
(IO)    ALLOW  Read         BUILTIN\Users
(NI)    ALLOW  Read         BUILTIN\Power Users
(IO)    ALLOW  Read         BUILTIN\Power Users
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read            BUILTIN\Users
Read            BUILTIN\Power Users
Full access     BUILTIN\Administrators
Full access     NT AUTHORITY\SYSTEM

Edited by pyTony: fixed formating

0

Run start.bat again and choose option 2. Hit '1' and enter dll name manually, which is:

C:\WINDOWS\System32\HLPKJI.DLL then hit enter. Reboot.
There will ba a scan for the dll file at boot up...there will also be an md5 scan.
When done, reboot again.

Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot

Run CWShredder again then post a new HJT log.

0

Here's the HJT log after I followed all the steps.

Logfile of HijackThis v1.97.7
Scan saved at 3:58:34 AM, on 5/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOLIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\Documents and Settings\Chesty Bell\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://mmjb.musicmatch.com/mmjb/process.cgi?REQUEST=HOME&VERSION=7.10.0053DELL&LANG=ENU&Grant=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7331A6F9-16F2-4776-AE84-CF33D1D92DAE} - c:\windows\system32\dhgpjf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gftibvi] rundll32 C:\WINDOWS\System32:gftibvi.dll,Init 1
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AOLIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/109159ff7a394e44f805/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {C3C304ED-7599-4A9D-8AD3-2F8648AFBD1A} (BLWebSlideNetViewerX Control) - http://www.bacuslabs.com/plugin/WEBSLIDE.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


thanks a lot. This has helped a bunch.


Chip

0

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive).
How to:Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {7331A6F9-16F2-4776-AE84-CF33D1D92DAE} - c:\windows\system32\dhgpjf.dll (file missing)

O4 - HKLM\..\Run: [gftibvi] rundll32 C:\WINDOWS\System32:gftibvi.dll,Init 1
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/109159ff7a394e...ip/RdxIE601.cab

Reboot into safe mode following the instructions here & navigate to & delete

c:\windows\system32\dhgpjf.dll< file
C:\WINDOWS\System32:gftibvi.dll< file
C:\windows\easywww.exe< file
C:\WINDOWS\System32\pc32.exe< file

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
May also have to show system files for those dll's:
Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Reboot normally after doing the above then post a fresh log plz.

0

Oh, & another find.all log too plz. Find & run start.bat and press option 1. 'output.txt' will be created in the folder.

Open the text file & copy the entire contents & post those results here.

0

Crunchie,

I cannot find the two .dll files you listed in safe mode, even after following the directions. I did find the other two (easywww.exe and pc32.exe) and I deleted those. Here are the two scans you requested:

Logfile of HijackThis v1.97.7
Scan saved at 12:46:50 PM, on 5/24/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Netropa\OSD.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://sports.espn.go.com/mlb/index[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;<local>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = [url]http://mmjb.musicmatch.com/mmjb/process.cgi?REQUEST=HOME&VERSION=7.10.0053DELL&LANG=ENU&Grant=0[/url]
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AOLIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! MLB StatTracker - [url]http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab[/url]
O16 - DPF: {C3C304ED-7599-4A9D-8AD3-2F8648AFBD1A} (BLWebSlideNetViewerX Control) - [url]http://www.bacuslabs.com/plugin/WEBSLIDE.EXE[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]




Here is the second scan you requested:


--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==-- 

Mon 05/24/2004 
12:47 PM

System Info: 

Microsoft Windows XP [Version 5.1.2600]
C: "" (9C91:488D) - FS:NTFS clusters:4k
Total: 39 983 083 520 [37G] - Free: 33 046 740 992 [31G]


 *IE version and Service packs: 
                6.0.2600.0  C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MinorVersion    REG_SZ  ;q319182;

 *Google Toolbar version and Attributes: 
 Defaults: "A" ;"R" 
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google

 *UserAgent: 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Q321150"=""


 *Wmplayer version: 
                8.0.0.4477  C:\Program Files\Windows Media Player\wmplayer.exe
                6.4.9.1120  C:\Program Files\Windows Media Player\mplayer2.exe

 *M$Java version: 
                5.0.3805.0  C:\WINDOWS\System32\msjava.dll


 *PC uptime: 
 12:47am  up 0 days,  0:13
Locked or 'Suspect' file(s) found... 
\\?\C:\WINDOWS\System32\HLPKJI.DLL +++ File read error
\\?\C:\WINDOWS\System32\HLPKJI.DLL +++ File read error


 *List of top level windows: 
    HWND         PID PRIO  TITLE
   10112        1584 norm  TF_FloatingLangBar_WndTitle
   10116        1584 norm  CiceroUIWndFrame
   3028e        1772 norm  SysFader
   30060        1772 norm  Start Menu
   500fe        1772 norm  _Shell_TrayWnd
   101d0        1188 norm  McAfee Personal Firewall Alert
   101ae        1188 norm  McAfee Personal Firewall Alert
   20144        1188 norm  McAfee Personal Firewall Alert
   3017e        1188 norm  McAfee Personal Firewall Alert
   10026         548 high  NetDDE Agent
   70238        2292 norm  C:\WINDOWS\System32\cmd.exe
   302a2        1772 norm  dllfix
   40280        1772 norm  MCI command handling window
   40298        1772 norm  Acrobat IEHelper
   30090        1772 norm  Connections Tray
   50038        1772 norm  Power Meter
   3014c        1772 norm  MS_WebcheckMonitor
   10114        1364 norm  System Configuration Utility
   40260        2652 norm  AutoUpdateWindow
   201fa        2136 norm  Netropa OnScreen Display
   20168        1316 norm  MSBLNetConn
   40108        2092 norm  ##MPF###MPFAGENTREFLECTOR##
   10180        1316 norm  ActiveMovie Window
   30104        1316 norm  ActiveMovie Window
   10178         500 norm  DirectCD
   20102        1316 norm  MSP PNP Notification Window
   1015c         416 norm  Netropa Hot Key
   1015a        1316 norm  CRTCClient
   100bc         112 norm  MessageApp
   20138        1316 norm  CRTCIMService
   20148        1012 norm  ESCAN_05C7FDBC-A2CA-44ec-A1A2-2098B7DE92B8
   1013c         972 norm  ##VSO###MCVSSHLD##
   200b0        1316 norm  DDE Server Window
   100fa        1064 norm  McAgent_Main_Hidden_Window
   100f8         816 norm  DIGStream
   100ee         732 norm  80
   100cc         776 norm  BJCFD
   100c8         904 norm  Notification Wnd for RNAdmin
   100c6         436 norm  Music Match Tray Applet
   100b6         732 norm  QTPlayer Tray Icon
   10072        1280 norm  ##VSO###MCVSRTE##48631904-EA9B-4ef2-89E1-CF94A133F055
   5004a        1772 norm  SysFader
   200aa        1772 norm  Program Manager
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key: 


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI)    ALLOW  Read         BUILTIN\Users
(IO)    ALLOW  Read         BUILTIN\Users
(NI)    ALLOW  Read         BUILTIN\Power Users
(IO)    ALLOW  Read         BUILTIN\Power Users
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  BUILTIN\Administrators
(IO)    ALLOW  Full access  CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read            BUILTIN\Users
Read            BUILTIN\Power Users
Full access     BUILTIN\Administrators
Full access     NT AUTHORITY\SYSTEM

Edited by pyTony: fixed formating

0

Crunchie,

one more question for you. After doing all that stuff in safe mode and rebooting in normal mode, I got this message upon startup:

You have used the System Configuration Utility to make changes to the way Windows starts.

The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.

Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes made using the System Configuration Utility.


Should I select Don't show this message or launch the System Config util when windows starts?


Thanks,

Chip

0

That log looks good now. You need to choose the normal startup mode now. Also Please go here & install ALL critical updates required for your system.

0

Crunchie?

How do i choose the normal startup mode? This is probably the easiest thing ever to do. I think i might be a moron. I got the downloads and all. I must say that you are amazing. thank you so much for the help. You saved my life. I thought i screwed up my parents computer pretty badly. Need to be more careful. THANK YOU AGAIN!

Chip

0

I am not conversant with XP so am not sure. With my W2K after booting in safe mode, it automatically boots into normal mode when I select restart.
Can you do a screenshot of the message?
Anyone with XP have the answer to this plz?

Note: Unless in the corners of the screen it says "Safe Mode" you are not in safe mode.

0

Go to Start/Run & type in Msconfig & hit enter. Under the general tab there should be an option for normal startup-load all device drivers & services. Pick that one.

0

how do i post a message on here, i need help desperatly!?
amanda

Hi Mandy,

I've sent you a personal message which hopefully answers your question. To read it, go to the Quick Links menu option at the top the page and click Private Messages under the Miscellaneous section.

:)

0

When this happend to me what I did was started my computer in safe mode ran ad-aware
SE and spybot (that will get rid of it) to keep it form comeing back is simple fun windows update thats what I did and i have not had a problem.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.