Please Help! I can't even run I.Explorer - -

Search your registry for
D6A2BB61-1D18-4AEB-AB27-836D3893B350
and you'll want to remove any entries that match since it was placed there by EID.DLL (whatever that happens to be).

 

Okee dokee

It has definitely identified the bad guy

C:\WINDOWS\SYSTEM\WDM.DLL'<<--that's the bad guy

We can dance around and do what ever you want to do

NEXT:
Go back up a couple and download Win98fix.zip

Disconnect from the NET<<--IMPORTANT

Now, ensure that Win98Fix.zip is unzipped

-DoubleClick on: 'RunFix.reg' file, Answer 'yes'
to the prompt!
-Restart computer!

Find and delete:
C:\WINDOWS\SYSTEM\WDM.DLL <---this file

Let's do some final cleanup
Download CWShredder to desktop
CWShredder

With just CWShredder open let it FIX all problems
RESTART your computer

Download and Install the free version of Ad-Aware
After installation-CHECK FOR UPDATES
Do a scan and restart if bad guys are found
RESTART your computer and post back with another hijackthis log
Peace

EDIT----Happy 39th Anniversary, that's a llllllllong time, congrats
The wife and I are just over 16, we have some catching up to do

 

<< Newt >>
You suggested: "Search your registry for D6A2BB61-1D18-4AEB-AB27-836D3893B350 and you'll want to remove any entries that match since it was placed there by EID.DLL (whatever that happens to be). "

I hate to admit it, but I don't know how... Hints please?

---------------------------
<< Indmusic>>
(Actually, 16 doesn't seem so long ago - really. The apparent speed of time passing by grows exponentially, so enjoy every minute - and that includes Monday mornings!)

Did all of what you suggested, and I think the PC is working 100% OK now. Here is the latest HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 9:07:39 AM, on 8/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE "
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab


Any offenders?

Thanks!

Alex
(Just wondering outloud: How and where do you guys learn to discern among the good the bad and the indifferent when I imagine new bad ones 'pop up' frequently? )

 

Hello Alex,

To search the Registry:

Start > type regedit > ok > in the registry window > click edit > find > type in the key value that Newt referenced into the space provided in the dialog box, or better yet, copy/paste the key.

I don't see any "badies ".

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

Unless you're constantly creating cd's, no point in startup on boot, this and Direct Cd as well.

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe Useless - disable on startup.

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm For startup programs Compare your startups

Regards - Charles

 

Everything has been working fine and is staying that way. All I need now is to get (buying it is OK) a good anti-virus software that doesn't mess up my PC as others have.

But I digress - The main reason for this message is TO THANK YOU ALL!

Alex

 

Good to hear that all is well with you Alex.

I run the free version of AVG on both PCs at my house and it is working well. I had Norton and the AV portion of that also worked fine but put more load on my system than I liked so I removed it and switched about 5-6 months ago and no problems.

 

Hi Alex,

I didn't re-read through this entire thread again and can't remember if it was addressed, but is there a reason you are so far behind on Windows Updates? Getting up-to-date sure would help plug alot of security holes.

Have you tried eTrust AV/Firewall? It's what I use and recommend.

 

Newt -
I'll try AVG.

noahdfear -
I hadn't realized that I was that far behind with updates. You see, I had to reload WinME from scratch, on a reformatted hard disc, several months ago (w/original disc - about 3-yr old) because of bad viruses.

Immediately after that, I down loaded whatever updates were available from MS, or at least I thought I had. I also bought Norton anti-virus and installed it. The PC ran fine for a while and then, out of nowhere, I started having problems. This time, instead of re-reloading the OS again, I asked for help here, and the rest is history. I will check for updates again.

Alex