Jump to content


Photo

Have a tough one


  • Please log in to reply
11 replies to this topic

#1 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 July 2004 - 07:04 AM

Ok, i have been to 2 forums now and nobody seems to have any ideas on this one.

Default-homepage.network.com/newspynotice.html is the hijacker for this one.

Having major problems trying to clear out my friends computer. It is full of everything it seems. The main one is the hijacker that has taking over the IE browser here is my Log.
Logfile of HijackThis v1.98.0
Scan saved at 2:29:42 PM, on 7/24/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\WINDOWS\TEMP\SY9EHRX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\HijackTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.findology.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.findology.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {9C89DBB9-FC85-99AC-DB16-3DA5931A7BDE} - C:\windows\system\oegoumtp.dll
O2 - BHO: (no name) - {7966B4A7-FE37-D5E3-1A78-E3FC4E605D32} - C:\windows\system\uhbdfgyx.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-00221} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PRO 9.0\Bin\RegisterDropHandler.exe
O4 - HKLM\..\Run: [xxyyemwn] C:\WINDOWS\dfuaqwgi.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [Sy9ehrx] C:\WINDOWS\TEMP\SY9EHRX.EXE
O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PRO 9.0\Bin\RegisterDropHandler.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.5.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...en/IbmEgath.cab

It's a mess, thought i better leave it in more capable hands. Also i have temporarily installed my Norton if you notice.

#2 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 25 July 2004 - 08:02 AM

Download and run this fully working 30 day trial Trojan Hunter.
http://www.misec.net...nter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed
.................................................
Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.
Close Ad-Aware 6.
Download the free VX2 Cleaner here.
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
If your computer isnít infected, click "Close".
If your computer is infected:
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run a second scan to make sure the files have been removed from your computer.
.................................................................
And after that, please do the following:

........................................................................
Reboot and post a new log

............................................................................................................

Edited by billiebob, 25 July 2004 - 08:05 AM.


#3 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 July 2004 - 03:15 PM

Thanks Billiebob for the reply; I have been doing some massive changes with the computer as well as updating. The hijacker problem is gone but the system is extremely slow, can you help see what it is?

Logfile of HijackThis v1.98.0
Scan saved at 4:46:49 PM, on 7/25/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\BMCENTRAL\BMCLIENT.EXE
C:\WINDOWS\DESKTOP\HijackTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - C:\PROGRAM FILES\DOGPILETOOLBAR\ULTRABAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Dogpile Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://www.dogpile.c...nload/msxml3.ca

#4 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 25 July 2004 - 04:56 PM

Log looks good ,
These 2 are recomended fixes ,as they are ok ,but are suggested fixes .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

This one is a rescource hog.
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works


also I get conflicting results when i search/reserch this one .
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe

Check here
http://www.pestpatro...o/b/buttman.asp


Reboot and post a new log .

Edited by billiebob, 25 July 2004 - 07:10 PM.


#5 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 July 2004 - 11:39 AM

Ok, here is the new log, could the dogpile programs slowed down the computer by chance? It is much slower still.

Logfile of HijackThis v1.98.0
Scan saved at 1:29:57 PM, on 7/26/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\CYB2K.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - C:\PROGRAM FILES\DOGPILETOOLBAR\ULTRABAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Dogpile Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://www.dogpile.c...load/msxml3.cab

#6 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 26 July 2004 - 01:18 PM

It might,its not recomendet that you continue to add programs when we are try ing to fix your computer ..
like dogpile and this one .
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE

Press ALT+CRTL+DEL and then click on processes and see what one of these is usinf the most % of Your CPU.

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\CYB2K.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\HJT\HIJACKTHIS.EXE

Edited by billiebob, 26 July 2004 - 01:26 PM.


#7 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 July 2004 - 02:20 PM

Ok, sorry bout the program adds. The O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE is a program called Cybersitter that stops material and such from being displayed on the computer. He has a 13 year old son and wants it on there. The Dogpile was what he normally has his webpage set to before it was taken over, so he says. I do seem to remember that the system was slow before the Cybersitter was installed but not sure on the dogpile. The processes only show these in Windows 98.
Explorer
Systray
Navapm32
Aim
Atitask
Stimon
Aticwd32

#8 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 26 July 2004 - 03:38 PM

Sorry about that ,forgot it was win98 .

#9 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 July 2004 - 05:14 PM

:thumbsup: Well, i am most of the way fixed, thanks a bunch for the help. Maybe i will luck up and get it. Something has to be running because it was restarting system defrag.

#10 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 26 July 2004 - 06:49 PM

Yeah there is a few things running in the list ,
Explorer
Systray
Navapm32
Aim
Atitask
Stimon
Aticwd32

NAVAPM32 is Antivirus ,
ATICWD32 is for the tv out option in display properties .
AIM is AOL instent messenger ,
Stimon is one touch scanning for a scanner .
you can end task , all of them except EXplorer and Systray ,and run the defrag .

Edited by billiebob, 26 July 2004 - 06:51 PM.


#11 Topgun1969

Topgun1969

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 27 July 2004 - 10:17 AM

Thankyou! That has done the trick. Running good now. The scanner program i guess was slowing down what it could not find. There is no scanner connected. :D

#12 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 27 July 2004 - 12:02 PM

Good to hear all is well .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button