help lost control of my pc

Dev Shed Forums Sponsor:

Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!

June 6th, 2004, 10:29 PM

gerrythegreat

Registered User

Join Date: Jun 2004

Posts: 1

Time spent in forums: < 1 sec
Reputation Power: 0

help lost control of my pc

I came upon this site searching for solutions for my pc that has been running at cpu 100% and is very slow. I am using windows 98 and used highjack this. Can someone tell me if there is something that I need or can delete?

thank you

Logfile of HijackThis v1.97.7
Scan saved at 23:20:08, on 04-06-06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS.000\SYSTEM\RPCSS.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\INTERNAT.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS.000\RunDLL.exe
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\PROGRAM FILES\SYMPATICO\GESTIONNAIRE D'ACCèS\APP\ENTERNET.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by URL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
F0 - system.ini: Shell=
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.homepageware.com/perl/redir/rd.cgi?bg&p=build204ngi&t=1006038233&b=200&l=&id=9579f94064fd11d5b1d40050ba0d5fb6&r=nn4&h=http%3A%2F%2Fwww.ca.yahoo.com"); (C:\Program Files\Netscape\Users\brigitte_boyer\prefs.js)
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: (no name) - {CBDC07C0-3855-11D8-B1DD-0050BA0D5FB6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {7848AF20-3853-11D8-B1DD-0050BA0D5FB6} - (no file)
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS.000\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {8BD21D10-EC42-11CE-9E0D-00AA006002F3} (Microsoft Forms 2.0 TextBox) - URL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - URL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - URL
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - URL
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - URL
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - URL
O16 - DPF: {3E82AD03-5696-11D3-80E1-0008C773BE28} - URL
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - URL
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - URL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - URL
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - URL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} - URL
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - URL
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - URL
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - URL
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_01) -
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - URL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - URL
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - URL
O16 - DPF: Yahoo! Poker - URL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - URL
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - URL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - URL
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - URL

June 7th, 2004, 12:15 PM

seack79

Contributing User

Join Date: May 2004

Posts: 885

Time spent in forums: 3 Days 22 h 17 m 22 sec
Reputation Power: 222

With a name like gerrythegreat you better be able to fix your own cpu

Just kidding! Run hijack again and put a check by the following lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by www.Sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
F0 - system.ini: Shell=
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.homepageware.com/perl/redir/rd.cgi?bg&p=build204ngi&t=1006038233&b=200&l=&id=9579f94064fd11d5b1d40050ba0d5fb6&r=nn4&h=http%3A%2F%2Fwww.ca.yahoo.com"); (C:\Program Files\Netscape\Users\brigitte_boyer\prefs.js)

However, before you do this make sure you have unzipped hijack to a permanent folder so it will create a backup. I'm not exactly sure about the "ProxyOverride = 127.0.0.1" part since that is what your localhost should be set to. I would try keeping that one for now. Do you know what this process is, it looks normal but..??

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

After all that boot into safe mode with networking, and d/load adaware and update it. Then scan your computer. You should also run a virus scan if you have norton or something like that. If not do an online virus scan. Hope this helps buddy!
-Shane

June 7th, 2004, 12:16 PM

seack79

Contributing User

Join Date: May 2004

Posts: 885

Time spent in forums: 3 Days 22 h 17 m 22 sec
Reputation Power: 222

Here is the site for an online virus scan:

http://housecall.trendmicro.com/

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: