Could someone please look over an HJT log?
I've noticed a few reroutings and I don't want the pesky little bugs on here. I'm still getting the occassion illegal operation, fatal error, and freeze up, but the computer is ancient. Any suggestions on what type of computer and accessories (Dell,HP, etc.) could withstand 3 rommates abusing it with tons of school work? Thanks for looking over and for any suggestions you may have.
Jen
Logfile of HijackThis v1.98.1
Scan saved at 11:34:12 AM, on 8/29/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\TOOLS_95\IMGICON.EXE
C:\TOOLS_95\IOWATCH.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alltel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Web Eraser.lnk = C:\Program Files\NetMeeting\NETMEET.HTM
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
Jen
Logfile of HijackThis v1.98.1
Scan saved at 11:34:12 AM, on 8/29/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\TOOLS_95\IMGICON.EXE
C:\TOOLS_95\IOWATCH.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alltel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Web Eraser.lnk = C:\Program Files\NetMeeting\NETMEET.HTM
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
0
This discussion has been closed.
Comments
Most of us regulars here are not using "name brand" boxes, but are using custom built systems we made ourselves. Rather then spending a bunch of money for a name brand box (which always come with so many extra background crap processes that tie up resources...) go to a local custom computer store, the small kind. For the same kind of money as you would spend for a name brand box you will get something just as good or even better, and most of the small computer shops take pride in their work so you will get a well built system. Ask them to install Windows XP Service Pack 2, as there are some good new features to help prevent drive-by spyware installations.
Also, if yuou have not done so, in Spybot, there is an Immunize feature. Use that to help block known many problems from getting on your computer in the first place. ALso, go to our Security downloads page (link in my sig) and grab SpywareBlaster. It helps block a couple of thousand known problems! Make sure to use the "update" feature of both programs to get the latest definitions. Finally, one more measure of protection is to use a custom hosts file. This is explained and a good custom file is available for download here: http://www.mvps.org/winhelp2002/hosts.htm download the Zip file they have there, and extract it to C:\WINDOWS for yur Windows 98 machine (or Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC if you get a new computer with XP.) Some of the blocked sites will overlap with the protection of Spybot and Spyware Blaster, but better to be doubly protected, then not at all, right?
I'll close this thread since your log looks clean, PM me if you need it reopened to ask another question.
Dexter...