:D Hi ya all! I really appreciate the help I've gotten here! I have been running Spybot and Adawre alternatively and rebooting for days now and still finding junk. I almost feel like I'm learning all the Run.Dll errors that exist since I get so many of them through the day. My machine is limping and crawling and crashing still. . .although a little less. (I'm hopeful!) I had to do 2 hard reboots (yesterday and the day before), but overall, the situation is slowly improving. Norton, Spybot and Adaware have told me I have junk, some has been removed, I have 11 left and I tried again to clean but these are hanging tough: DSO Exploit, Look2Me and HunterBar (A browser toolbar and hijacker. Believed to be a drive-by download.) A few days ago, something took over my computer and for a couple of seconds, I was locked. It was really bad and I had to reboot out of it. I think is this pest. I tries to commandeer the computer. So, what's next? Any ideas?
Thanks as always!
Some (extremely un-fun) info concerning Look2Me and its removal:
http://www.kephyr.com/spywarescanner/library/look2me/index.phtml
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
Have you gotten the absolutely most recent patches and fixes from Microsoft? If not, do so now- your system needs to be kept thoroughly up to date to lessen your vulnerability. Also, download and install SpywareBlaster if you haven't already; it blocks the installation of malicious programs which exploit ActiveX controls:
http://www.javacoolsoftware.com/spywareblaster.html
hi guys! Thanks for answering! My problems have increased since I last posted. I'm writing you from a borrowed computer. I cannot turn mine on, at least, not until I get help in shutting it off. Let me explain. I have followed advice the best I could. And although Norton no longer gives me a list of adware, Spybot and Ad-Aware do. No longer do they talk about HuntBar (I'm not sure) after the last cleaning. But they still insist that I have Look2Me and DSO Exploit. Well, for the last four days, I have been having less and less Rundll32 messages as I continued to run the anti-spyware but now, my machine won't shut down! When I try to shut down, it gives me a menu that says:
This program is not responding
If I insist, t gives me a blue screen that reads as follows:
Windows
An error has occurrred. To continue: Press Enter to return to Windows or Press Ctrl + Alt + Del to restart your computer. If you do this, you will lose any unsaved information in all open applications.
File name: VWI32 (05) +000012DO Error> OE: 0028 : C02A44A8
Press any key to continue
If I press enter, it will go into a black screen and do nothing. If I try to reboot, it will do the same and give me another blue screen saying the same thing, and continue that way until I, exhausted, shut if off cold. Or if I refuse to go that route, it will go sort of into hibernation and give me a black screen with a white blinking cursor on the upper left side of the screen and stay like that forever, it will not come out of that state, (at least I don't know how to take it out of it) no matter how many times I try. So, after having done 4 or 5 cold hard shutdowns in a row, you understand that I'm fearful of turning it on until I get some more info. I will keep these instructions, thou and apply them as soon as I get more input on how to safely shut down the machine.
I went to Microsoft and asked a lot of questions, but couldn-t find a thing. I' not a technician, so I guess, I don't know where to go and what to ask in the proper lingo that will get me anwers I can understand and implement.
I get very few attempts to communicate with my computer (the firewall warns me), so I think we are getting the amount of invaders down to a few, but these are really a problem. I also tried to do a Windows update, but Microsoft told me I had the latest ones and refused to do it. I was hoping that if something has gotten corrupted, I could get it repaired that way. I don-t have my Windows ME disks, all I have a re the recovery CDs that came with the computer and those would wipe out my hard drive (my sister used hers once and she was screaming afterwards, when she lost something valuable to her.) This is the first time I don't have my Windows as part of a separate software package, and I regret it.
Can anyone help me with this? I reallyneed to get into my machine! Thank you very, very much for the help you give!
Clotilde :cool:
You need to post a hijackthis log.
Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop & not directly on your hard drive).
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
http://www.downloads.subratam.org/VX2Finder9x.exe
L2M files are slightly different in 9x,
1.) Scan with the finder, select files it finds and delete them.
2.) During the deletion the utility will end both Rundll32 & explorer.exe processes, so when all files are gone.
3.) Click the restore desktop button to get the desktop back.
4.) Click UserAgent$ to delete last registry item.
5.) Clear the contents of your C:\Windows\Temp folder
Okay guys. I got Spywareblaster and SpywareGuard but it was after the fact. I will now download hijack this and see what happens. I was borrowing my sister's computer and waiting for what you guys would say about my shutdown cycle. Because I don't want to continue doing hard shutdowns but if I must, i must. Will post my log as soon as I can.
Thanks again!
Here's my HijackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 5:08:37 PM, on 6/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\SEEK ADMIN BEND\SUPPORT COAL.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38106.526712963
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Can you see what's not letting me shutdown?
I'm now going to the VX2Finder place.
Thanks! (hopefully you'll have all the info you need)
Crunchie, I downloaded VX2Finder and when I tried to run it (I have Windows ME), it said that it's currently only for NT systems and refused to run. so I guess, I'll have to remove it. I hope Add/Remove will do.
Crunchie, this link is down:
Hunterbar:
http://doxdesk.com/parasite/HuntBar.html
I got the information on Look2Me. Thank you!
I posted the first VX2Finder link B4 I knew you had W9X. The second link is for your system.
Wintools removal here.
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\PROGRA~1\Seek Admin Bend< folder
Reboot normally.
Lop.com uninstaller.
http://lop.com/new_uninstall.exe
Try this too as you may have an old variant of look2me.
Please download Kill2Me from here & run it to remove Look2Me from your computer.
Thank you for bearing with me. I copied your instructions to follow them carefully. Mind you, I am NOT technical and these are hard for me. I made a bootable disk last night to try to remove Look2Me according to Kephyr's instructions (I went to the link you posted) and my compupter refused to use it! It told me to remove floppy disk and press any key to continue. I was thinking about a software I had seen on MajorGeeks that claimed to delete Look2Me, I need something automatic, but I will try the link I saw you added.
I was able to download CShredder and VX2Finder9x. Made one mistake ad downloaded it to the Programs files (force of habit) but will move it before I open it. I hope it will go well, my machine is acting very weird.
After running CShredder i got an error message when getting online. Hope that's temporary. It told me it didn't find what it wad looking for but it was restoring EI (???)
Anway, I hope I didn't add more problems to my lot.
Here's my log from VX2 Finder for my version of Windows
Files Found---
C:\WINDOWS\SYSTEM\AbYCFILT.DLL
C:\WINDOWS\SYSTEM\AiYCFILT.DLL
C:\WINDOWS\SYSTEM\BkOWSEUI.DLL
C:\WINDOWS\SYSTEM\BpIEIN.DLL
C:\WINDOWS\SYSTEM\CfETCFG.DLL
C:\WINDOWS\SYSTEM\CjBVIEW.DLL
C:\WINDOWS\SYSTEM\HjTPLUG.DLL
C:\WINDOWS\SYSTEM\HrTPLUG.DLL
C:\WINDOWS\SYSTEM\HtTPLUG.DLL
C:\WINDOWS\SYSTEM\HwTPLUG.DLL
C:\WINDOWS\SYSTEM\HzTPLUG.DLL
C:\WINDOWS\SYSTEM\IaSETUP.DLL
C:\WINDOWS\SYSTEM\IbSETUP.DLL
C:\WINDOWS\SYSTEM\IcFRARED.DLL
C:\WINDOWS\SYSTEM\IcSETUP.DLL
C:\WINDOWS\SYSTEM\IdFRARED.DLL
C:\WINDOWS\SYSTEM\IeFRARED.DLL
C:\WINDOWS\SYSTEM\IgSETUP.DLL
C:\WINDOWS\SYSTEM\IhFRARED.DLL
C:\WINDOWS\SYSTEM\IjFRARED.DLL
C:\WINDOWS\SYSTEM\IlFRARED.DLL
C:\WINDOWS\SYSTEM\IoFRARED.DLL
C:\WINDOWS\SYSTEM\IqFRARED.DLL
C:\WINDOWS\SYSTEM\IrFRARED.DLL
C:\WINDOWS\SYSTEM\IsFRARED.DLL
C:\WINDOWS\SYSTEM\ItFRARED.DLL
C:\WINDOWS\SYSTEM\ItSETUP.DLL
C:\WINDOWS\SYSTEM\IuSETUP.DLL
C:\WINDOWS\SYSTEM\IvFRARED.DLL
C:\WINDOWS\SYSTEM\IwSETUP.DLL
C:\WINDOWS\SYSTEM\IxFRARED.DLL
C:\WINDOWS\SYSTEM\IyFRARED.DLL
C:\WINDOWS\SYSTEM\IySETUP.DLL
C:\WINDOWS\SYSTEM\IzFRARED.DLL
C:\WINDOWS\SYSTEM\MaSTDFMT.DLL
C:\WINDOWS\SYSTEM\MbLOCUSR.DLL
C:\WINDOWS\SYSTEM\MeSTDFMT.DLL
C:\WINDOWS\SYSTEM\MiLOCUSR.DLL
C:\WINDOWS\SYSTEM\MjSTDFMT.DLL
C:\WINDOWS\SYSTEM\MkLOCUSR.DLL
C:\WINDOWS\SYSTEM\MlSTDFMT.DLL
C:\WINDOWS\SYSTEM\MlVCR70.DLL
C:\WINDOWS\SYSTEM\MnLOCUSR.DLL
C:\WINDOWS\SYSTEM\MnSTDFMT.DLL
C:\WINDOWS\SYSTEM\MnVCR70.DLL
C:\WINDOWS\SYSTEM\MtLOCUSR.DLL
C:\WINDOWS\SYSTEM\MvLOCUSR.DLL
C:\WINDOWS\SYSTEM\MzLOCUSR.DLL
C:\WINDOWS\SYSTEM\RaCLTS5.DLL
C:\WINDOWS\SYSTEM\RcCLTS5.DLL
C:\WINDOWS\SYSTEM\RlCLTC5.DLL
C:\WINDOWS\SYSTEM\RlCLTS5.DLL
C:\WINDOWS\SYSTEM\RmCLTC5.DLL
C:\WINDOWS\SYSTEM\RoCLTC5.DLL
C:\WINDOWS\SYSTEM\RsCLTS5.DLL
C:\WINDOWS\SYSTEM\RvCLTC5.DLL
C:\WINDOWS\SYSTEM\SeGR.DLL
C:\WINDOWS\SYSTEM\SeLWAPI.DLL
C:\WINDOWS\SYSTEM\SfGR.DLL
C:\WINDOWS\SYSTEM\SiGR.DLL
C:\WINDOWS\SYSTEM\SjGR.DLL
C:\WINDOWS\SYSTEM\SkDOCVW.DLL
C:\WINDOWS\SYSTEM\SlGR.DLL
C:\WINDOWS\SYSTEM\SqGR.DLL
C:\WINDOWS\SYSTEM\StGR.DLL
C:\WINDOWS\SYSTEM\UbBUI.DLL
C:\WINDOWS\SYSTEM\UcBUI.DLL
C:\WINDOWS\SYSTEM\UkBUI.DLL
C:\WINDOWS\SYSTEM\UlBUI.DLL
C:\WINDOWS\SYSTEM\UvBUI.DLL
C:\WINDOWS\SYSTEM\VnWWDM32.DLL
User Agent String---
{3A7FE963-8EAA-4400-89E4-9BAD73B8937A}
I thought you'd want to know.
Thanks!
Was able to delete the first two files you told me in HijackThis. Then proceeded to Safe Mode and had to do 2 tries because the machine is not responding very well. On the second try I got in. But once in there I didn't know where to go to find that file you mentioned:
C:\PROGRA~1\Seek Admin Bend<folder
and not wanting to mess anything, I retreated. Navigate to it? HOW? Meantime, I was able to get back to normal Windows and I'm going to run the KillMe program. I'm still getting vendor attemps as I'm going online, trying to phone in, so they're trying.
Thanks for your patient help!
Make sure you follow all the steps for deletion using VX2finder. Also let me know if kill2me found anything.
Open Windows Explorer then go to your hard drive then Program Files & you will find that folder there.
I followed the steps as carefully as I could, and it didn't work. I still have the C:\Program Files\WinToolsWToolsA.exe
and it tries to phone my computer when I get on the Net and at the end of the day, it won't let me shut down and I still get the blue screen of death. There's a difference, though, after having been able to eliminate some of the other ones. If I hit the space bar as the screen of death is coming up, sometimes, I can boot out, sometimes I cannot and have to do a hard shut down. I cannot go on like this, so I'm asking, anyone got any ideas?
Crunchie, I ran Kill2 Me and it said that Look2Me was gone if it ever was there (????), I don't understand that because I was told it was there by the updated version of Spybot (though it didn't remove it). Hijackthis this cannot or will not remove this WinTools thing no matter how many times I run it and tell it to fix it, so I need a hand.
Here's my log (I ran Hijackthis today, before I came to the forum):
Logfile of HijackThis v1.97.7
Scan saved at 5:03:22 PM, on 6/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38106.526712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Thank you very much for all your help! I'm not dumb, just a newbie. :o
I got them. They were all lurking in C:\Program Files\Coomon Files\Win Tools
Norton's website gave the list of which files constituted the package (togther they act like a trojan!) and once I knew where they were hiding, what they were called, and that I had to go into Safe Mode to delete them and how to do it, I did and my machine has been singing ever since. Praise God!
(Someone with a lot of patience gave some pointers and I was able to get it done.)
Thank you all for your help!
If anyone else gets HuntBar, the files to delete are:
WToolsb.dll
WToolsc.cfg
WToolsd.cfg
WToolsp.cfg
No other remedy worked, no software removed them, nothing fixed them. They had to be manually deleted. There will also be a WinTools Easy Installer (you can use Add/Remove for that one.)
you'll find them in Win Tools.
Take care!
Very cool, goodtaste!
Thanks for the informative follow-up; I'm sure it will help others in the future.
Marking as solved...
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.