Post by: leonlojup on July 17, 2005, 05:59:44 PM
Yesterday I began having problems with the machine not wanting to boot correctly and had to use "go back" to find a good setup. I also found, with Adaware the file IF01.exe which was deleted.
I have run scan disk to check all clusters on the drive, with no errors. I have defragged today. Below is a copy of the HiJack log which I ran earlier today. Would appreciate any assistance. Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 12:10:59 PM, on 7/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .qt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed
Post by: guestolo on July 17, 2005, 08:36:01 PM
Is it the free version?
I've never used GoBack, but is recommended you disable it when running Scandisk and Defrag
Post by: leonlojup on July 17, 2005, 08:59:30 PM
Is it the free version?
Yes it is the free version. I have the updater disabled because with W98SE it causes a crash. Does not seem to effect W98.
Appreciate your comments. From what I have been able to determine if I disable Go Back, I lose all of my past "check points".
I will continue to check though to see if I can disable it without losing anything.
Thanks.
Post by: guestolo on July 17, 2005, 09:34:29 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Here's a bit more recommendation
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe <-not needed on startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your add/Remove programs and remove
Viewpoint <-may be more than one instance
Restart your computer afterwards
Back in Windows, I still suspect AVG may be corrupt
You may want to uninstall it and reinstall it and make sure it's fully updated and run a full system scan
Post back one last hijackthis log and let me know how things are running
Could you ensure you are posting the whole hijackthis log
Typically there are more entries below this line
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
Post by: leonlojup on July 18, 2005, 01:43:43 AM
<Here's a bit more recommendation
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe <-not needed on startup>
Well I disabled this one in MSCONFIG so it did not show up on the next run.
<O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your add/Remove programs and remove
Viewpoint <-may be more than one instance
Restart your computer afterwards>
Did all of the above. I also removed most of Adobe as it would not receive any files anyway.
<Back in Windows, I still suspect AVG may be corrupt
You may want to uninstall it and reinstall it and make sure it's fully updated and run a full system scan>
I did that also. Removed the old AVG 7.0 and downloaded the file avg70free_323a539.exe 11.7 M. I installed the new AVG 7.0, went and got the latest update which is 7.0.323 267.9.0 7/16/05 and ran it on the system. Took 23 minutes to scan 28811 files, no viruses.
Also ran AdAware again with no hits. I routinely go into internet properties when I get off the net and trash all cookies, delete all offline files and clear the history files. I have found that if I do that I nearly never get any hits on AdAware or SpyBot.
I rebooted the system before I ran the last hijack log.
<Post back one last hijackthis log and let me know how things are running
Could you ensure you are posting the whole hijackthis log
Typically there are more entries below this line
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed >
Here is the last hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:23:58 AM, on 7/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .qt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed
and that is the last line in the log file.
System seems to be stable, but not the fastest, but this is a 500 Mhz system which is almost 4 years old now. Any hints on making it faster?
I do have a duplicate entry in MSCONFIG which I can't seem to delete. Is there some special inconation that I have to speak to do that? VBG.
Really appreciate all of the help. Thanks in advance.
I shall make a donation. I have some money in PayPal and if I can get them to turn lose of it I will donate it.
Please let me know if I should do anything else.
Leon.
Post by: guestolo on July 18, 2005, 11:40:35 PM
You could try running this little utility
Let's see what it cleans
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Give the link time to load or try it twice, it may be busy
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Restart your computer
How's everything running?
Post by: leonlojup on July 19, 2005, 08:33:48 AM
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0>>
Did it. Cleanup found about 89 whatevers and got rid of them.
Machine seems to be running fine now.
Any other thoughts?
I really appreciate your help, thank you very much.
Post by: guestolo on July 20, 2005, 09:32:56 PM
I would suggest the following for extra protections
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
Post by: leonlojup on July 20, 2005, 11:46:59 PM
I have also downloaded the program for Zone Alarm (Firewall), but have not installed it as yet, because I am trying to wade through the 272 page manuel (pdf format) so that I can determine how to install/configure the free version for W98SE.
I have made lots of notes on this problem and others that you have helped with. I have a relative with an XP machine that has problems and I am going to try to help using the tips and instructions that you have given others. I will post a HJT log for that machine when I can.
Thank you again for all of your assistance.
Post by: guestolo on July 21, 2005, 12:27:49 AM
Not as much a resource hog as Zonealarm
But the newest version has some problems with 98SE
Recommendation is to stay with their previous version
If you would like a link, let me know, I'll post a direct link for download to the previous version
Post by: leonlojup on July 21, 2005, 12:36:06 AM
Thank you again.
Post by: guestolo on July 21, 2005, 12:40:50 AM
I'll be right back
Post by: guestolo on July 21, 2005, 12:44:17 AM
Hope you like the program, should be easy to figure out
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Just install and restart the computer
http://207.33.111.31/spf/spf5.5b2710.exe (http://\"http://207.33.111.31/spf/spf5.5b2710.exe\")
Post by: leonlojup on July 21, 2005, 07:08:59 PM
I ran adaware and it hung up for a long time in about the middle, but finally finished with no major things noted.
Here is theh latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 6:54:55 PM, on 7/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .qt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
I think 017 is new. Also when it ran, it hung up on 015 (the screen at the top) for about a minute before completing. I recall yesterday that you said that you though it should list something beyond 014.
Hope you can help.
Post by: leonlojup on July 22, 2005, 01:18:09 PM
Seems something had tried to Hijack AOL and nothing I do will pinpoint it.
Another comment, when I run Adaware it will hang up about middle way through on a TypeLib file, but eventually will complete. Shows no errors. But when I close Adaware my hard drive goes like crazy for about 3.5 minutes (I timed it) as if it is writing stuff everywhere.
This (drive working overtime as if writing stuff) also happens when I complete a defrag and that has been happening a long time before this problem.
I am communicating with you via another older computer here so I can do whatever you wish on the "suspect" machine with no problem.
Thanks again.
Post by: leonlojup on July 22, 2005, 01:25:38 PM
But I did do some reading on various files that you and others have suggested they use, trying to learn more about this process. This was done just before I had the AOL problem and I visited sites like Major Geeks, Tom Coyote, Etc. Don't know if that is helpful or not.
Thanks.
Post by: leonlojup on July 22, 2005, 11:44:15 PM
Post by: guestolo on July 22, 2005, 11:58:19 PM
What did they have you do with your hijackthis log?
That may give some incite to your problems, but not sure
That's why it's not a good idea asking for help at more than one forum
Everyone doesn't get the whole story of what was repaired or removed
Post by: leonlojup on July 23, 2005, 12:05:24 AM
I have not asked anyone else for any help other than here.
Post by: guestolo on July 23, 2005, 12:08:46 AM
It seems to be an AOL problem
You may want to Uninstall AOL's software completely and then reinstall
See if the computer can connect afterwards
By the way
The scan with Hijackthis may take longer after you installed SpywareBlaster and IE-Spyad
Both adds entries to the registry that hijackthis checks
Thus, the scan seems to freeze
Seems to happen more often with users of 98 machines
Post by: leonlojup on July 23, 2005, 12:15:21 AM
Thanks.
Post by: guestolo on July 23, 2005, 12:18:48 AM
After you uninstall AOL
Restart your computer
You can try running a Free reg cleaner through your machine
Here's a link to a free one
RegSeeker 1.45
http://www.hoverdesk.net/freeware.htm (http://\"http://www.hoverdesk.net/freeware.htm\")
Open the RegSeeker Folder and double click on RegSeeker.exe
Click on
"Clean the Registry" on the left menu
Ensure there is a check in "Backup before Deletion" on the bottom left
Then click OK on the right
Let it finish scanning
When it's done
Click "Select All" Near the bottom
and then Right click in the Results pane and click
"Delete Selected Items"
Exit RegSeeker
Restart the computer
Make sure your programs are all working, I've never had a problem with it, this is just precautionary
Post by: leonlojup on July 23, 2005, 12:43:31 PM
Machine seems sluggish though and the hard drive really wants to work overtime, seems to be running alot especially when I load AOL and when I run Adaware or Defrag.
Is there a site where I can go to read up on this aspect of keeping my machine clean and hopefully being able to help others?
Here is a copy of the latest HJT log, which no longer sports the 014 entry or anything below that. Does that sound strange to you?
Logfile of HijackThis v1.99.1
Scan saved at 12:12:24 PM, on 7/23/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .qt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
I think that AOL companion will disappear on the next run as I stopped it from running after I ran the log.
Any other hints, tips or suggestions?
Really would like to learn more about this subject.
Thanks.
Post by: leonlojup on July 24, 2005, 10:09:50 AM
I tried yesterday to access Trend Mirco's Housecall, and after 2 hours of trying to get a summary I had to stop the program. I will try again later today if I get the time.
Any other thoughts, comments would be appreciated.
Thanks again for all your hard work and effort.
Post by: guestolo on July 24, 2005, 12:25:18 PM
Take a look at this link
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm (http://\"http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm\")
http://www.bleepingcomputer.com/forums/tutorial42.html (http://\"http://www.bleepingcomputer.com/forums/tutorial42.html\")
Glad you installed Sygates'
It's a great program
I should of linked you to the homepage so you could of done some readup
But I didn't want you to install the newest version until there was a fix for the 98 problem
I don't believe it's been rectified as of yet
Trend Micro's is a good online scanner
But you could try one at Panda's or BitDefenders
The links are in my signature below
Post back the findings if any bad guys are found
Post by: leonlojup on July 26, 2005, 08:42:35 PM
I can run Grisoft and SpyBot in SAFE MODE and they run OK and show no errors.
I have had issues with the "CloseProgram" folder where I have to delete several programs and leave only Explorer and systray before I can get online. I thought this was a one time thing, but seems now if I want to get online I have to open "closeProgram" and close all other programs to get online. Any thoughts?
The programs are:
RNAAPP
SHWICON
AOLTRAY
GBMENU
STARTER
If you want me to post another HJT log let me know. Any other items that you want done, just ask.
Thanks.