Hey everybody... I'm 20, a college student. This is the week right before finals week and my computer is being so dumb. I have 2 25 page papers due next week and my computer is giving me crap. I didn't wait until the last minute to write these papers-- We just got the assignment on wednesday, and i've been researching till now- but moving onto the problem:

I have windows ME, i dont know if thats the problem, but just to let you know. I will click on something, anything, and the computer will make a couple of noises like its crankin something out, but then it goes back to normal. It kind of reminds me of a person with selective hearing. I'm like, hey, do this for me. and the computer is like, what? no i didnt hear that so i wont do it. screw you, owner! I have this adaware thing that supposedly removes spyware and extra crap, but i cant seem to get stuff off my computer. like, there are 'bargains' 'caspro' 'bridge' webrebates' and i will go into add/remove, and they wont budge at all. im so lost. someone please help me. i need my computer, and all of my information is on this one. :eek:

Tam

welcome to the group :wave:

download, install in own folder, run, and post the log from hijackthis (http://www.spywareinfo.com/~merijn/index.html).

Logfile of HijackThis v1.97.7
Scan saved at 5:50:26 PM, on 4/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSUPD.EXE
C:\PROGRAM FILES\LICENSE OPTION BODY\FORKAXISBYTE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LQLQWOMQ.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\MDANG\HXIUL.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\MDANG\CLIENT\HELPEXP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\EMSW.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/index.html?http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=www.bsu.edu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
O2 - BHO: (no name) - {1001A7C3-7F02-B702-4A2C-A22173BE04EE} - C:\PROGRAM FILES\SIZE CDROM\BORE DOWNLOAD.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Blahchinaudio - {4D20FD6A-A176-CA21-BFC1-0B68108EA1F0} - C:\PROGRAM FILES\SIZE CDROM\BORE DOWNLOAD.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [glue wait] C:\PROGRA~1\LICENS~1\forkaxisbyte.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\mdang\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\mdang\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\RunOnce: [FinishEvidenceUninstall] c:\autoexecuted.bat
O4 - Startup: maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffer s_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37950.2973148148
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab

I dont know what the hell that contextualsearch **** is, but ever since i *tried* to download this fake music downloading thing, that crap has been popping up and causing problems on my computer... bleh

You do have some junk in your log that you need to get rid of. Download cwshredder (http://www.spywareinfo.com/~merijn/index.html) run it and post a new hijackthis log.

CWShredder v1.57.0 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Windows ME (4.90.3000 )
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: mdang

Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page,about:blank
Infected data: http://default-homepage-network.com/start.cgi?hklm
Found Hosts file: C:\WINDOWS\hosts (904 bytes, A)
Hosts file: 216.177.73.139 auto.search.msn.com
Hosts file: 216.177.73.139 search.netscape.com
Found CWS.Control (if filesize is over 50k) file: C:\WINDOWS\control.exe (2144 bytes, A)
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (8712 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=hpfsched
Found System.ini file: C:\WINDOWS\system.ini (2265 bytes, A)
Found line in System.ini: shell=Explorer.exe

- END OF REPORT -

run cwshredder again and click on fix.

Scan saved at 6:06:51 PM, on 4/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSUPD.EXE
C:\PROGRAM FILES\LICENSE OPTION BODY\FORKAXISBYTE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LQLQWOMQ.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\MDANG\HXIUL.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\MDANG\CLIENT\HELPEXP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\EMSW.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\PROGRAM FILES\WEBREBATES\WEBREBATES.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/index.html?http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=www.bsu.edu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
O2 - BHO: (no name) - {1001A7C3-7F02-B702-4A2C-A22173BE04EE} - C:\PROGRAM FILES\SIZE CDROM\BORE DOWNLOAD.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Blahchinaudio - {4D20FD6A-A176-CA21-BFC1-0B68108EA1F0} - C:\PROGRAM FILES\SIZE CDROM\BORE DOWNLOAD.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [glue wait] C:\PROGRA~1\LICENS~1\forkaxisbyte.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\mdang\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\mdang\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\RunOnce: [FinishEvidenceUninstall] c:\autoexecuted.bat
O4 - Startup: maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffer s_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37950.2973148148
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab

The junk that is actually junk, anyway.

Thanks for your help Dan, if you're done? Cause you left?

But anyone who knows what's going on... could you help me? :disgust: Damn computer