TechSpot

Problems with IExplorer dll's and spyware (as usual)

By Cational
Dec 25, 2004
  1. hi i get the following dll problems when i open iexplorer: SDKHZ.dll, KERNEL32.dll and IPRU32.dll any help to explaining what these are and how to fix would be greatly appreciated, the hijackthis log now:

    Logfile of HijackThis v1.99.0
    Scan saved at 6:29:08 PM, on 12/25/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\SYSTEM\WINAF32.EXE
    C:\WINDOWS\SYSTEM\NTZG32.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\IEUC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {4497B9DC-949A-50B6-B07F-A3586A99CEC4} - C:\WINDOWS\SYSTEM\IPRU32.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
    O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [IEUC.EXE] C:\WINDOWS\IEUC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [WINAF32.EXE] C:\WINDOWS\SYSTEM\WINAF32.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [NTZG32.EXE] C:\WINDOWS\SYSTEM\NTZG32.EXE
    O4 - HKCU\..\Run: [CD_Updater] C:\Program Files\Carpe Diem\GROSSESALOPE\CDUpdater.exe CD_UPDATER
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .ca/servlet/Jaws/nserc_utils/n_cp_print/of_print_form?as_web_id=99108&as_appl_id=202545&ac_appl_lang=F&as_subsystem_id=4&as_status=Y&as_session_id=40237067&as_session_key=17737261211031526401: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)

    AND

    Merry Christmas to all!!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

  3. Cational

    Cational TS Rookie Topic Starter

    still no change

    i went to the link and followed the steps and still no change, still the same errors running when i open iexplore, also can't run norton as it says missing key files. I searched windows for the kernel32.dll error message to no avail, its too damned big search base and no clear links to how to solve the problem. HJT posted:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:46:20 AM, on 12/29/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\NTZG32.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_5.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {4497B9DC-949A-50B6-B07F-A3586A99CEC4} - C:\WINDOWS\SYSTEM\IPRU32.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
    O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [WINAF32.EXE] C:\WINDOWS\SYSTEM\WINAF32.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [NTZG32.EXE] C:\WINDOWS\SYSTEM\NTZG32.EXE
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .ca/servlet/Jaws/nserc_utils/n_cp_print/of_print_form?as_web_id=99108&as_appl_id=202545&ac_appl_lang=F&as_subsystem_id=4&as_status=Y&as_session_id=40237067&as_session_key=17737261211031526401: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?319
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    I am also wondering as why no websites are allowed when the HJT file displays them...

    please help me!!! I really don't wantr to format but if nothing helps its my only choice (help me obi-wan....)
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Not quite...
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE is located where it should NOT be.

    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    These files are specifically named as BAD files

    Anyway, move HJT to its OWN directory.
    Boot in Safe Mode and run HJT on its own, let it "fix":

    C:\WINDOWS\SYSTEM\NTZG32.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yfdfe.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    O2 - BHO: Class - {4497B9DC-949A-50B6-B07F-A3586A99CEC4} - C:\WINDOWS\SYSTEM\IPRU32.DLL
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [WINAF32.EXE] C:\WINDOWS\SYSTEM\WINAF32.EXE
    O4 - HKLM\..\RunServices: [NTZG32.EXE] C:\WINDOWS\SYSTEM\NTZG32.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .ca/servlet/Jaws/nserc_utils/n_cp_print/of_print_form?as_web_id=99108&as_appl_id=202545&ac_appl_lang=F&as_subsystem_id=4&as_status=Y&as_session_id=40237067&as_session_key=17737261211031526401: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?319
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

    When done, delete the following:
    C:\WINDOWS\SYSTEM\NTZG32.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMP\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\IPRU32.DLL
    C:\WINDOWS\SYSTEM\WINAF32.EXE

    Clean out everything from C:\WINDOWS\TEMP
    Then post a new hjt.txt back if needed
     
  5. Cational

    Cational TS Rookie Topic Starter

    guinness does a body good

    Thank you guinness, the dll's are gone i was able to do everything except i couldn't fine the NTZG32.exe, IPRU32.dll and WINAF32.exe files, i suppose that these are bot present in my system.
    I was also wondering about 2 things, first why do you need HJT in its own folder does it change anything? and second what is the *statemgr (O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe)??

    oh and how many pints of guinness have you had in 1 sitting? the most i had was 13, my friend in dublin said thats good for a beginner...



    Logfile of HijackThis v1.99.0
    Scan saved at 11:06:28 AM, on 12/30/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\HJT\HIJACKTHIS.EXE

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
    O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    When HJT "fixes" anything, it first makes a backup.
    If you then find out you "fixed" something that should NOT have been fixed, HJT can undo it from its backup.
    Programs on the Desktop create a mess when they store theor own stuff (where could they?).
    The Statemgr program is for the management of Restore-points.
    The "not-found" programs were probably deleted by HJT.

    Quite a few years ago, I went to Kinsale with my brother-in-law.
    We each drank a pint of the real black stuff in every single pub of Kinsale (there were 42 at that time),
    chased by a G&T every 3 or 4 pints.
    We started around midday and were finished about 10:00 pm.
    We then went for a humongous steak-meal, which we washed down with red wine.
    Played darts afterwards, and not too shabby! We finally rolled into bed around 2:00am.
    Got up the next morning, had the full Irish, followed by a hair of the dog.
    Fit as a fiddle we were, and we have plenty of witnesses as well.
    I am too old for that now, but I still love my pints.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.