#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    1
    Rep Power
    0

    help lost control of my pc


    I came upon this site searching for solutions for my pc that has been running at cpu 100% and is very slow. I am using windows 98 and used highjack this. Can someone tell me if there is something that I need or can delete?


    thank you

    Logfile of HijackThis v1.97.7
    Scan saved at 23:20:08, on 04-06-06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
    C:\WINDOWS.000\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS.000\SYSTEM\RPCSS.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\TASKMON.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS.000\SYSTEM\INTERNAT.EXE
    C:\WINDOWS.000\LOADQM.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS.000\RunDLL.exe
    C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
    C:\PROGRAM FILES\SYMPATICO\GESTIONNAIRE D'ACCèS\APP\ENTERNET.EXE
    C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
    C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by www.Sympatico.ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    F0 - system.ini: Shell=
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.homepageware.com/perl/redir/rd.cgi?bg&p=build204ngi&t=1006038233&b=200&l=&id=9579f94064fd11d5b1d40050ba0d5fb6&r=nn4&h=http%3A%2F %2Fwww.ca.yahoo.com"); (C:\Program Files\Netscape\Users\brigitte_boyer\prefs.js)
    O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
    O2 - BHO: (no name) - {CBDC07C0-3855-11D8-B1DD-0050BA0D5FB6} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {7848AF20-3853-11D8-B1DD-0050BA0D5FB6} - (no file)
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS.000\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
    O16 - DPF: {8BD21D10-EC42-11CE-9E0D-00AA006002F3} (Microsoft Forms 2.0 TextBox) - http://activex.microsoft.com/activex...s/mspert10.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20...eInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security1.norton.com/SSC/Shar.../bin/cabsa.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.axis.com/products/camera_...CamControl.ocx
    O16 - DPF: {3E82AD03-5696-11D3-80E1-0008C773BE28} - http://radioshow.rcsworks.com/rsinst...RadioTuner.Cab
    O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - http://simgolf.ea.com/teleport/simgo...sGolfTeleX.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...914.7991550926
    O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} - http://office.microsoft.com/france/T...lery/msotd.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/tech...ActiveData.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_01) -
    O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - http://www.panormania.com/cabs/svideo.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt0_x.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    With a name like gerrythegreat you better be able to fix your own cpu

    Just kidding! Run hijack again and put a check by the following lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by www.Sympatico.ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    F0 - system.ini: Shell=
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.homepageware.com/perl/redir/rd.cgi?bg&p=build204ngi&t=1006038233&b=200&l=&id=9579f94064fd11d5b1d40050ba0d5fb6&r=nn4&h=http%3A%2F %2Fwww.ca.yahoo.com"); (C:\Program Files\Netscape\Users\brigitte_boyer\prefs.js)

    However, before you do this make sure you have unzipped hijack to a permanent folder so it will create a backup. I'm not exactly sure about the "ProxyOverride = 127.0.0.1" part since that is what your localhost should be set to. I would try keeping that one for now. Do you know what this process is, it looks normal but..??

    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

    After all that boot into safe mode with networking, and d/load adaware and update it. Then scan your computer. You should also run a virus scan if you have norton or something like that. If not do an online virus scan. Hope this helps buddy!
    -Shane
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Here is the site for an online virus scan:

    http://housecall.trendmicro.com/

IMN logo majestic logo threadwatch logo seochat tools logo