My Computer Problem On Opening

[THEMAN101]

When i open my computer, usually (almost always) the system freezes. It does not show the contents of the folder. I have like a gigabyte of space left on my system.

Also if i go to the Run program and type int "C:\" i can access the local drive but is there a way that i can stop this from crashing.

 

[steamwiz]

Please Download hijackthis from

http://tomcoyote.org/hjt

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

 

[THEMAN101]

ok heres the log

Logfile of HijackThis v1.97.3
Scan saved at 5:30:49 PM, on 10/18/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\IOMEGA CD-RW\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\IOMEGA CD-RW\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://yahoo.sbc.com/dsl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

http://www.freehqmovies.com/enter.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

http://www.yahoo.com/

F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", "

http://www.xupiter.com/toolbar2");

(C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.google.com");

(C:\WINDOWS\Application Data\Mozilla\Profiles\default\ak6yew70.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "" (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ak6yew70.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,8,0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,8,0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ZZZ_HPI_Boot] C:\Program Files\HP PhotoSmart\Photo Finishing Software\HPI_Boot.EXE
O4 - HKLM\..\Run: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\Run: [BearShare] C:\DUSTIN'S FOLDER\THE ARTS OF MUSIC AND ART\BEAR SHARE1\BEARSHARE\BEARSHARE.EXE /m
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [gqesymdi] C:\WINDOWS\SYSTEM\gqesymdi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\IOMEGA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [dev5_ap1] "C:\PHPDEV5\APACHE\APACHE.EXE" -k start -n dev5_ap1
O4 - HKLM\..\RunServices: [PHPGeekUtil] "C:\APACHE\APACHE.EXE" -k start -n PHPGeekUtil
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -

http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx

O16 - DPF: Yahoo! Chat -

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://akamaidownload.apple.com/530x3824/binaries/iTunesSetup.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -

http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -

http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37884.5943865741

O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) -

http://usa-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess1043.cab

O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) -

http://usa-download.nocreditcard.com/download/Object/DialerHTML/EGHTMLDialer.cab

O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} -

http://directplugin.com/dialers/109446.exe

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: Yahoo! Chess -

http://download.games.yahoo.com/games/clients/y/ct1_x.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) -

http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) -

http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://download.yahoo.com/dl/sbcy/yinst.cab

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -

http://download2.abetterinternet.com/download/cabs/FON19106/flash.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -

http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab

 

[steamwiz]

Close all browser windows - run hijackthis and tick to fix :-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

http://www.freehqmovies.com/enter.html

N1 - Netscape 4: user_pref("browser.startup.homepage", "

http://www.xupiter.com/toolbar2";);

(C:\Program Files\Netscape\Users\default\prefs.js)

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe - not required - resource hog


O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe

O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime - not required at startup


O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE - not required - resource hog


O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) -

http://usa-download.nocreditcard.com/download/Object/Di...

O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) -

http://usa-download.nocreditcard.com/download/Object/Di...

O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} -

http://directplugin.com/dialers/109446.exe

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -

http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab

I have No idea what these 2 are, do you ?

O4 - HKLM\..\Run: [gqesymdi] C:\WINDOWS\SYSTEM\gqesymdi.exe

O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe


I would at least go to msconfig/startup and stop them running at startup - ticking then in hijackthis will take out the run key.
If they are up to no good - which I suspect they are, you will have to delete the files manually after removing the run key.

---
I suggest you then Download and install SpyBot,

http://security.kolla.de/

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

Remove everything pre-ticked in Red

good luck

steam

 

[tb525]

I have No idea what these 2 are, do you ?

O4 - HKLM\..\Run: [gqesymdi] C:\WINDOWS\SYSTEM\gqesymdi.exe

O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

Both are Baddies..Remove the entries with Hijack, reboot and delete the files.

gqesymdi.exe = WurldMedia
BELT.exe = Abetterinternet

 

[lb63640]

Abetterinternet is an adware type of nasty. Go to Symantec and get the removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/adware.betterinternet.html

WurldMedia is a redirector for Internet sites. Follow the instructions found at Symantec for removal:

http://securityresponse.symantec.com/avcenter/venc/data/adware.wurldmedia.html

 

[xkjdhdg]

You have way to much stuff running go to start, run, in the box type 'msconfig' Then select the start-up tab. Uncheck the following: Acrobat Assistant,MSGSRV32.EXE,MOTMON.EXE,AHQTB.EXE, DIRECTCD.EXE,YPAGER.EXE, YCOMMON.EXE, YBROWSER.EXE, PowerReg .
You need to go download a good spyware program like a2 - a-square at

http://www.gmsisogt/en/

it is free. Next you need a firewall go to

http://www.sygate.com

and gewt the free version.
It sounds like spyware but you will know more whne stop all these things that are running. Anything you can start from a short cut don't let it start at boot up unless you need it to like virus software. I am talking about messagers, pagers, cd burning software, movie makers, browsers, and tool bars. I would delete every toolbar.