random error messages on startup

This could be more of an issue for the Software Forum, but let's see if we can rule out malware.

Please follow the steps below:



- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Well you do have malware problems. Whether they are the cause of your error messages remains to be seen.

The first thing you need to do is goto Add/Remove programs and uninstall MessengerPlus! 3. It has put a whole bunch of nasty stuff on your PC including a LOP infection.

Then do the below to reconfigure so stuff Spybot is ignoring.

Fixing SpyBot's Ignore Products Bug:
I want you to run SpyBot and get into the Advanced mode by selecting Mode and then
Advanced mode. Then select Settings and the in the left column select Ignore Products.
In the right window pane make sure the All products tab is selected. Then in that
window, right click your mouse and choose "Deselect all". Now in the left pane click
at the top on SpyBot S&D and then choose Search for Updates. Download any updates
required. Now click Check for Problems. Fix any that are found.

After doing the two above items, post a new HJT log so we can continue with the cleanup.


Also do you know if the below is something you or you PC manufacturer put on your PC?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

 

I decided to try to give you the rest of the cleanup before waiting to see your new HJT log. So finish the removing Messenger Plus 3 and do the SPybot scan as directed in my previous message and then continue with these steps. If the other steps worked correctly, some items below may already be gone.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lnepeccqhihnepmlxwszbpak.net/9S1XLUYAkhdSEPMia6RhhHyB7Hm2eKNIcwORvz9icfhGzIGYkQ/VizcjPhncbEcf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twtvcvfgfavr.org/9S1XLUYAkheYRnVxVqMBXN6IN1cm7H8P0PkJ8sASFtI.asp
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {78277484-E03E-B59B-6AE0-C64ED3F49CBD} - C:\WINDOWS\system32\qqpo.dll
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [bashokaybaithide] C:\Documents and Settings\All Users\Application Data\TEST LIVE BASH OKAY\media64.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKCU\..\Run: [Phone rdr] C:\DOCUME~1\Declan\APPLIC~1\ProcGram\Kind stop idol.exe
O4 - HKCU\..\Run: [Henl] C:\Program Files\uouo\awtu.exe
O4 - HKCU\..\Run: [Iuvhm] C:\WINDOWS\system32\m?dtc.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\All Users\Application Data\TEST LIVE BASH OKAY <--- the whole TEST LIVE BASH OKAY folder
C:\Documents and Settings\Declan\Application Data\ProcGram <--- the whole ProcGram folder
C:\Program Files\NEWDOT~1 <--- the whole NEWDOT~1 (probably real name is NewDotNet or similar) folder
C:\Program Files\uouo <--- the whole uouo folder
C:\WINDOWS\system32\qqpo.dll
C:\WINDOWS\system32\temp532.exe
C:\WINDOWS\iccontrol.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

What about my question about the R1 & O14 lines?

 

Is this next search line valid?
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

Okay! You HJT log is clean now. What problems are you still having?

 

Okay! Have HJT fix the R1 line since you do not recognize it.

It would be better to always post the exact and complete error messages you see.

Try the below to see if any required system files are missing. sfc is System File Check.

Open a command prompt windows by clicking Start, Run, and enter cmd and click OK. Enter the below command follow by the enter key and describe what happens.

sfc /scannow

Let me know if this finds anything wrong. You may be asked to insert your WinXP CD if it need it to fix files. Hopefully your CD matches your WinXP SP2 installation.

 

You're welcome. Now to help keep you clean, see the below:

How to Protect yourself from malware!