Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 2290 | Replies: 3
 |
•
•
Join Date: May 2004
Location: Victoria, Canada
Posts: 42
Reputation: 
Rep Power: 5
Solved Threads: 0
Light Poster
This is my sister's old home business computer. P200, Win98, 256 mb ram.
It would make a good boat anchor.
I knew it was having problems so I told her I would try to help. I ran CWShreadder three times in safe mode and found 2 Trogans. CWS now says its clean.
Ran updated Ad-ware and found only 12 issues. Also Ran Spybot which fix several issues.
The following is a the HJT log: :lol: Your feedback is grealty appreciated!
Logfile of HijackThis v1.97.7
Scan saved at 10:05:29 PM, on 6/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\TECH LOG FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [QAGENT] D:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\drivers\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\drivers\WingMan Software\LwEmon.exe /noui"
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF
O4 - Startup: Media Manager Indexer.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
=====================================================
Please also make recommendations as to crapware she is running that is bogging down her already snail slow system.
It would make a good boat anchor.
I knew it was having problems so I told her I would try to help. I ran CWShreadder three times in safe mode and found 2 Trogans. CWS now says its clean.
Ran updated Ad-ware and found only 12 issues. Also Ran Spybot which fix several issues.
The following is a the HJT log: :lol: Your feedback is grealty appreciated!
Logfile of HijackThis v1.97.7
Scan saved at 10:05:29 PM, on 6/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\TECH LOG FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [QAGENT] D:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\drivers\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\drivers\WingMan Software\LwEmon.exe /noui"
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF
O4 - Startup: Media Manager Indexer.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
=====================================================
Please also make recommendations as to crapware she is running that is bogging down her already snail slow system.
Thank you,
:lol: AJE
________________________________________________________________
" Persistence can change failure into extraordinary achievement."
:lol: AJE
________________________________________________________________
" Persistence can change failure into extraordinary achievement."
•
•
Join Date: Aug 2003
Posts: 7,814
Reputation: 
Rep Power: 26
Solved Threads: 338
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF
Now reboot into safe mode and delete the following files and folders if found .
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF ...delete this file
to delete the above files and folder you will need to do the following
go to
Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF
Now reboot into safe mode and delete the following files and folders if found .
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF ...delete this file
to delete the above files and folder you will need to do the following
go to
Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log
Boo!!!!! Sarcastic Jack
Malwarebytes startUpLite Program Works wonders for me .
http://www.malwarebytes.org/startuplite.php
Malwarebytes startUpLite Program Works wonders for me .
http://www.malwarebytes.org/startuplite.php
•
•
Join Date: Aug 2003
Posts: 7,814
Reputation:
Rep Power: 26
Solved Threads: 338
just a few things that i would fix ,so they don't run at startup if I owned Old Betsy.
I would also uninstall Norton System Works .
O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
I would also uninstall Norton System Works .
O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
Boo!!!!! Sarcastic Jack
Malwarebytes startUpLite Program Works wonders for me .
http://www.malwarebytes.org/startuplite.php
Malwarebytes startUpLite Program Works wonders for me .
http://www.malwarebytes.org/startuplite.php
•
•
Join Date: May 2004
Location: Victoria, Canada
Posts: 42
Reputation:
Rep Power: 5
Solved Threads: 0
Light Poster
My sister just returned from London on vacation. I have waited to run these fixes to get her verification before making any major changes to her computer.
We now have the changes and I have showed her the HJT logs. I will post the updated log once we get a chance to run the fixs.
Thank you for your help and support on this one.
We now have the changes and I have showed her the HJT logs. I will post the updated log once we get a chance to run the fixs.
Thank you for your help and support on this one.
Thank you,
:lol: AJE
________________________________________________________________
" Persistence can change failure into extraordinary achievement."
:lol: AJE
________________________________________________________________
" Persistence can change failure into extraordinary achievement."
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
