Link to home
Start Free TrialLog in
Avatar of wskesler
wskesler

asked on

HijackThis Log

I've cleaned a lot of spyware, adware, and viruses from a PC running Win 98.  It still freezes temporarily or runs slow sometimes.

Here's the HJT log.  Can someone look through it and tell me what looks like a potential problem in it?

Logfile of HijackThis v1.99.1
Scan saved at 12:32:40 PM, on 04/20/2006
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGW.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {16053E0E-8AE3-FE17-C1AF-F98ADEA7FA9C} - C:\WINDOWS\SYSTEM\KTR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Windows Plug and Play Service 32 BIT] WINMANAGER32.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Windows Plug and Play Service 32 BIT] WINMANAGER32.EXE
O4 - HKLM\..\RunServices: [CurtainsSysSvc] c:\program files\cox\applications\app\AuthSL.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FB} - http://download.energy-factor.com/plug/dscert_652.exe
Avatar of Harisha M G
Harisha M G
Flag of India image
Hi, here is the result of your logfile:

http://hijackthis.de/logfiles/cac5f1e789d405034a83fd82231373dc.html

Remove the "Nasty" entries and also the "Possibly Nasty" entries that you don't recognize


---
Harish
ASKER CERTIFIED SOLUTION
Avatar of Harisha M G
Harisha M G
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of wskesler
wskesler

ASKER

I've scanned the PC multiple times with updated Spybot and Ad-Aware SE.  Also installed, updated, and ran AVG antivirus.  All found lots of stuff that I deleted.  Not sure about some of the entries found in the HJT log, as this is a friend's teenager's PC (explains all the garbage).

Ewido doesn't support Win 98, but I did use just now load and run Avast...it found about 15 more things that it removed.  I'm worried about what it couldn't repair, though...

File Name: C:\\Windows\System.Dat
Malware Name: Win32:Volage-G (wrm)

Also, AVG scans find and can seem to remove a problem with C:\Windows\System\iniwin32.dll
SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of blue_zee
blue_zee
Flag of Portugal image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of r-k
r-k
For the files that could not be fixed by AV programs, boot into DOS mode, then rename the offending files, then boot in normal windows mode and re-run the scan. That should fix those.
Avatar of wskesler
wskesler

ASKER

Thx for all the help so far.  Did most of what was recommended, and all of the scans that I run now come up clean.  When I start the PC, I can open and close Excel, Word, etc. multiple times with no problem.  Once I open Internet Explorer (which works fine), close it, and try again to open another application the PC just freezes, though.
SOLUTION
Avatar of r-k
r-k
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of wskesler
wskesler

ASKER

Thanks for all the help.  I split up points based on recommendations that progressively solved the problems.  Thanks again.