Homepage changing, etc. Please help!

Blasphemous216 · Jul 15, 2004

Whenever I turn my PC on I get a message saying explorer has caused an error in <unknown>. I also keep having XXX icons appear on my desktop, plus I'm getting tons of pop ups, and my homepage keeps changing. I ran Spybot S&D, Adaware, and CWShredder. Here's my log... my last post on here went ignored hope I can get some help this time. Appreciate it.

Logfile of HijackThis v1.97.7
Scan saved at 12:30:07 PM, on 7/15/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\TDHMWPM.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\WINDOWS\SYSTEM32\EXPLORER.EXE
C:\WINDOWS\SYSTEM\AUTOMOVE.EXE
C:\WINDOWS\SYSTEM32\EXPLORER.EXE
C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\WINDUPDATES\WINKA.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SEMAGIC\LIVEJOURNAL.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ijxrqhfd] C:\WINDOWS\SYSTEM\TDHMWPM.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [IDIMAPM] C:\WINDOWS\SYSTEM\IDIMAPM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [ATLRL.EXE] C:\WINDOWS\SYSTEM\ATLRL.EXE
O4 - HKLM\..\Run: [WINTO32.EXE] C:\WINDOWS\SYSTEM\WINTO32.EXE
O4 - HKLM\..\Run: [IPTF.EXE] C:\WINDOWS\SYSTEM\IPTF.EXE
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
O4 - HKLM\..\Run: [qjurcvcx] C:\WINDOWS\qjurcvcx.exe
O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [APPPJ32.EXE] C:\WINDOWS\APPPJ32.EXE
O4 - HKLM\..\RunServices: [SYSFO.EXE] C:\WINDOWS\SYSTEM\SYSFO.EXE
O4 - HKLM\..\RunServices: [IPGS32.EXE] C:\WINDOWS\IPGS32.EXE
O4 - HKLM\..\RunServices: [NETSV.EXE] C:\WINDOWS\NETSV.EXE
O4 - HKLM\..\RunServices: [WINSI32.EXE] C:\WINDOWS\WINSI32.EXE
O4 - HKLM\..\RunServices: [IPUW32.EXE] C:\WINDOWS\IPUW32.EXE
O4 - HKLM\..\RunServices: [APIYQ32.EXE] C:\WINDOWS\SYSTEM\APIYQ32.EXE
O4 - HKLM\..\RunServices: [D3YH.EXE] C:\WINDOWS\SYSTEM\D3YH.EXE
O4 - HKLM\..\RunServices: [APPVH32.EXE] C:\WINDOWS\APPVH32.EXE
O4 - HKLM\..\RunServices: [SDKOY.EXE] C:\WINDOWS\SYSTEM\SDKOY.EXE
O4 - HKLM\..\RunServices: [WINHS.EXE] C:\WINDOWS\SYSTEM\WINHS.EXE
O4 - HKLM\..\RunServices: [ADDBY32.EXE] C:\WINDOWS\SYSTEM\ADDBY32.EXE
O4 - HKLM\..\RunServices: [SYSLS32.EXE] C:\WINDOWS\SYSLS32.EXE
O4 - HKLM\..\RunServices: [SDKFR.EXE] C:\WINDOWS\SDKFR.EXE
O4 - HKLM\..\RunServices: [JAVAAY.EXE] C:\WINDOWS\JAVAAY.EXE
O4 - HKLM\..\RunServices: [WINTH.EXE] C:\WINDOWS\WINTH.EXE
O4 - HKLM\..\RunServices: [IEOD.EXE] C:\WINDOWS\SYSTEM\IEOD.EXE
O4 - HKLM\..\RunServices: [NTSO32.EXE] C:\WINDOWS\NTSO32.EXE
O4 - HKLM\..\RunServices: [APPAK32.EXE] C:\WINDOWS\SYSTEM\APPAK32.EXE
O4 - HKLM\..\RunServices: [ATLOB.EXE] C:\WINDOWS\SYSTEM\ATLOB.EXE
O4 - HKLM\..\RunServices: [MFCGE.EXE] C:\WINDOWS\MFCGE.EXE
O4 - HKLM\..\RunServices: [NTQG.EXE] C:\WINDOWS\NTQG.EXE
O4 - HKLM\..\RunServices: [NETXA32.EXE] C:\WINDOWS\NETXA32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LochJournal] C:\PROGRAM FILES\LOCHJOURNAL\LOCHJ.EXE
O4 - HKCU\..\Run: [Cameno] C:\Program Files\Messenger Plus! 2\Plugins\Cameno\Cameno.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Uate] C:\WINDOWS\Application Data\oocs.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: PRINTMASTER EVENT REMINDER.LNK = C:\Program Files\Canon Creative\PrintMaster\Pmremind.exe
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournal.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O15 - Trusted Zone: *.mt-download.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38016.7179976852
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...a2f745d64562:c31e3730b38c174130e1e2729109a237
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

Blasphemous216 · Jul 17, 2004

Bump... anyone?

Blasphemous216 · Jul 18, 2004

Bump..

Blasphemous216 · Jul 20, 2004

Will someone please reply?

Taz71498 · Jul 26, 2004

Hello,

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of inetadpt.dll. Reboot.

You will need to be able to view all hidden files and folders, so go here and follow the directions to your system:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Reboot the computer into safe mode

Run Hijackthis again and check these items and then on Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing

F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [ijxrqhfd] C:\WINDOWS\SYSTEM\TDHMWPM.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [IDIMAPM] C:\WINDOWS\SYSTEM\IDIMAPM.exe
O4 - HKLM\..\Run: [ATLRL.EXE] C:\WINDOWS\SYSTEM\ATLRL.EXE
O4 - HKLM\..\Run: [WINTO32.EXE] C:\WINDOWS\SYSTEM\WINTO32.EXE
O4 - HKLM\..\Run: [IPTF.EXE] C:\WINDOWS\SYSTEM\IPTF.EXE
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
O4 - HKLM\..\Run: [qjurcvcx] C:\WINDOWS\qjurcvcx.exe
O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKLM\..\RunServices: [APPPJ32.EXE] C:\WINDOWS\APPPJ32.EXE
O4 - HKLM\..\RunServices: [SYSFO.EXE] C:\WINDOWS\SYSTEM\SYSFO.EXE
O4 - HKLM\..\RunServices: [IPGS32.EXE] C:\WINDOWS\IPGS32.EXE
O4 - HKLM\..\RunServices: [NETSV.EXE] C:\WINDOWS\NETSV.EXE
O4 - HKLM\..\RunServices: [WINSI32.EXE] C:\WINDOWS\WINSI32.EXE
O4 - HKLM\..\RunServices: [IPUW32.EXE] C:\WINDOWS\IPUW32.EXE
O4 - HKLM\..\RunServices: [APIYQ32.EXE] C:\WINDOWS\SYSTEM\APIYQ32.EXE
O4 - HKLM\..\RunServices: [D3YH.EXE] C:\WINDOWS\SYSTEM\D3YH.EXE
O4 - HKLM\..\RunServices: [APPVH32.EXE] C:\WINDOWS\APPVH32.EXE
O4 - HKLM\..\RunServices: [SDKOY.EXE] C:\WINDOWS\SYSTEM\SDKOY.EXE
O4 - HKLM\..\RunServices: [WINHS.EXE] C:\WINDOWS\SYSTEM\WINHS.EXE
O4 - HKLM\..\RunServices: [ADDBY32.EXE] C:\WINDOWS\SYSTEM\ADDBY32.EXE
O4 - HKLM\..\RunServices: [SYSLS32.EXE] C:\WINDOWS\SYSLS32.EXE
O4 - HKLM\..\RunServices: [SDKFR.EXE] C:\WINDOWS\SDKFR.EXE
O4 - HKLM\..\RunServices: [JAVAAY.EXE] C:\WINDOWS\JAVAAY.EXE
O4 - HKLM\..\RunServices: [WINTH.EXE] C:\WINDOWS\WINTH.EXE
O4 - HKLM\..\RunServices: [IEOD.EXE] C:\WINDOWS\SYSTEM\IEOD.EXE
O4 - HKLM\..\RunServices: [NTSO32.EXE] C:\WINDOWS\NTSO32.EXE
O4 - HKLM\..\RunServices: [APPAK32.EXE] C:\WINDOWS\SYSTEM\APPAK32.EXE
O4 - HKLM\..\RunServices: [ATLOB.EXE] C:\WINDOWS\SYSTEM\ATLOB.EXE
O4 - HKLM\..\RunServices: [MFCGE.EXE] C:\WINDOWS\MFCGE.EXE
O4 - HKLM\..\RunServices: [NTQG.EXE] C:\WINDOWS\NTQG.EXE
O4 - HKLM\..\RunServices: [NETXA32.EXE] C:\WINDOWS\NETXA32.EXE
O4 - HKCU\..\Run: [Uate] C:\WINDOWS\Application Data\oocs.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/Ud3rT0n5.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0e1e2729109a237
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab

Find and delete these files:

C:\WINDOWS\SYSTEM\TDHMWPM.EXE
C:\PROGRAM FILES\TV MEDIA ............................Folder
C:\WINDOWS\SYSTEM\IDIMAPM.exe
C:\WINDOWS\SYSTEM\ATLRL.EXE
C:\WINDOWS\SYSTEM\WINTO32.EXE
C:\WINDOWS\SYSTEM\IPTF.EXE
C:\WINDOWS\ALCHEM.exe
C:\WINDOWS\bokja.exe
C:\WINDOWS\SYSTEM\automove.exe
C:\WINDOWS\qjurcvcx.exe
C:\PROGRAM FILES\WINDUPDATES ......................Folder
C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
C:\WINDOWS\APPPJ32.EXE
C:\WINDOWS\SYSTEM\SYSFO.EXE
C:\WINDOWS\IPGS32.EXE
C:\WINDOWS\NETSV.EXE
C:\WINDOWS\WINSI32.EXE
C:\WINDOWS\IPUW32.EXE
C:\WINDOWS\SYSTEM\APIYQ32.EXE
C:\WINDOWS\SYSTEM\D3YH.EXE
C:\WINDOWS\APPVH32.EXE
C:\WINDOWS\SYSTEM\SDKOY.EXE
C:\WINDOWS\SYSTEM\WINHS.EXE
C:\WINDOWS\SYSTEM\ADDBY32.EXE
C:\WINDOWS\SYSLS32.EXE
C:\WINDOWS\SDKFR.EXE
C:\WINDOWS\JAVAAY.EXE
C:\WINDOWS\WINTH.EXE
C:\WINDOWS\SYSTEM\IEOD.EXE
C:\WINDOWS\NTSO32.EXE
C:\WINDOWS\SYSTEM\APPAK32.EXE
C:\WINDOWS\SYSTEM\ATLOB.EXE
C:\WINDOWS\MFCGE.EXE
C:\WINDOWS\NTQG.EXE
C:\WINDOWS\NETXA32.EXE
C:\WINDOWS\Application Data\oocs.exe

Empty the recycle bin.

Reboot.

Go to this online virus scan and scan your computer. Check the Autofix box beside the scan button before you scan. Let me know the results and what files are infected if any more are.

http://housecall.trendmicro.com/housecall/start_corp.asp

Run HJT again and post a new log here.

Log in or Sign up

Homepage changing, etc. Please help!

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Taz71498 Registered Member

Log in or Sign up

Homepage changing, etc. Please help!

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Blasphemous216 Registered Member

Taz71498 Registered Member

Useful Searches