0

This is my sister's old home business computer. P200, Win98, 256 mb ram.
It would make a good boat anchor.

I knew it was having problems so I told her I would try to help. I ran CWShreadder three times in safe mode and found 2 Trogans. CWS now says its clean.

Ran updated Ad-ware and found only 12 issues. Also Ran Spybot which fix several issues.

The following is a the HJT log: :lol: Your feedback is grealty appreciated!

Logfile of HijackThis v1.97.7
Scan saved at 10:05:29 PM, on 6/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\TECH LOG FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [QAGENT] D:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\drivers\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\drivers\WingMan Software\LwEmon.exe /noui"
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF
O4 - Startup: Media Manager Indexer.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
=====================================================

Please also make recommendations as to crapware she is running that is bogging down her already snail slow system.

2
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by ajelliott
0

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nov

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = nov

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = nov

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)


O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF


Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTAFC5MV\DOCUMENTS.PIF ...delete this file


to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

0

just a few things that i would fix ,so they don't run at startup if I owned Old Betsy.
I would also uninstall Norton System Works .


O4 - HKLM\..\Run: [RealJukeboxSystray] "D:\REALJUKEBOX\tsystray.exe"

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Acrobat Assistant.lnk = D:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe

0

My sister just returned from London on vacation. I have waited to run these fixes to get her verification before making any major changes to her computer.

We now have the changes and I have showed her the HJT logs. I will post the updated log once we get a chance to run the fixs.

Thank you for your help and support on this one.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.