Solved computer is running slow, possible infection?

[Resolved] computer is running slow, possible infection?

My son's computer seems to be a bit slow and freezes unexpectedly, I wonder if there is one or more infections? Haven't used any other tools yet, just wanted to see if there is anything obvious in the hjt logfile since I don't yet understand what to look for. So anything obvious here??? Os is win98 se

Logfile of HijackThis v1.99.1
Scan saved at 1:05:23 PM, on 8/8/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\PNPCHK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\USB DISK WIN98 DRIVER\RES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.juno.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno Online Services, Inc.
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NETZERO\SEARCHENH1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe "
O4 - HKLM\..\Run: [winmqm32] rundll32 winmqm32.dll,run
O4 - HKLM\..\Run: [SA] C:\PROGRAM FILES\LOGITECH\QUICKCAM\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - User Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - User Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - User Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk705YYUS
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://my.juno.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/Toolbar/rr-toolbar.cab

 

Uninstall WebHancer via Add/Remove, then;

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HJT log.

 

I think I should have left that computer alone, it was slow but it did work....I turned it on this am and get two beeps, and a black screen. then a monochrome drawing of the floppy drive and arrows telling me to insert a floppy disk into the drive. and a row of function keys at the bottom of the drawing... arrows pointing th f1, s at the top of the screen:
1962 No operating system found. press f1 to repeat boot sequence

 

Did you press F1?

Make sure there isn't already a floppy disk inserted, or a cd.

 

yes, it goes to config/setup utility. Here's a screenshot:
http://s127.photobucket.com/albums/p122/mva5493/

It shows the hard drive but it is not the right size, that would be my fault. I got this computer about 2 years ago, full of infection...I reformatted the hard drive and reinstalled everything (it originally had w2k, I didn't like that so I put win98 on it) as you can see it is an older system so I thought win98 was about all it could handle. The hard drive is actually and 80g drive. I don't see any hd lights or hear the drive at all. I have opened it up to make sure that all of the cable are connected.

the conf/system utility starts if I hit f1 before the error......when I hit f1 after the error it tries to read the floppy and goes back the the same screen. It is attempting to access the a: drive without any input from me, just continually going back to the floppy and then the other screen.
127.photobucket.com/albums/p122/mva5493/?action=view&current=DSCN3750.jpg

 

Do you have a blank floppy disk and a floppy drive? If so, go here and download the Windows 98 OEM bootdisk setup file, saving it to your desktop. Insert the blank floppy and then double click the setup file. The required files will be written to the floppy. Now boot the Win98 computer from the floppy and select Command Prompt mode. At the A:\ prompt, type cd c: (or maybe it's cd c:\ ) and hit enter. If you arrive at a C:\ prompt, type dir and hit enter. Let me know what is displayed.

 

ok did the boot disk, at the a prompt when I change to c, it says invalid drive specification. don't know what happened the first time but I rebooted and tried again. Now I have c and all it's contents are still there with the dir command

 

I suspect the drive is going bad or possibly the ribbon cable. I know you mentioned checking the cable, but did you pull it out and reseat it? If not, try that and then attempt a normal startup.

 

I took it out completely... the computer is an older system, but the hd is maybe 3 years old. I am wondering about the cable or the port on the motherboard, I hear the hd..but the hd light is not coming on.

 

The C drive not being accessible at 1 boot and then accessible again after reboot suggests to me the harddrive may have problems, but I'm not a hardware guy either. I would try normal boot several times in hopes of one successful boot, then get the data on that drive backed up if successful.

 

yes it does look like that is the thing to do.....oh well at least I have some warning,hopefully I can get it all backed up first.

 

Keep me posted please. I'd like to know if it boots.

 

not sure if I still have a problem, but I checked the ribbon cable and it was twisted and crimped under the hd, I reinstalled windows (repair,not totally clean) and now the computer is booting and running windows98. I am now doing the panda scan will post the results after it finishes, it will take some time though, using 56k dial up on that computer.

 

here is the panda scan report:

Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\SYSTEM\Popular Screensavers.scr Adware:adware/24-7-search Not disinfected C:\WINDOWS\SYSTEM\unPPC.exe Adware:adware/dyfuca Not disinfected C:\WINDOWS\TEMP\cfout.txt Hacktool:HackTool/KillProcWin.A Not disinfected C:\WINDOWS\TEMP\CDASilentInstall0501.exe[simple_killw.exe] Adware:Adware/AbxSearch Not disinfected C:\WINDOWS\TEMP\rr-toolbar.exe[rr-toolbar.dll] Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf Spyware:Spyware/New.net Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[SHNT288.exe] Adware:Adware/WebHancer Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[wh.exe][whInstaller.exe] Adware:Adware/WebHancer Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[wh.exe][whSurvey.exe] Adware:Adware/WebHancer Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2M7TTZX7\CEDP-Stealer-Setup[1].exe[wh.exe][webhdll.dll] Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\valerie arthur@go[1].txt Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\valerie arthur@xiti[1].txt Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\valerie arthur@com[1].txt Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\valerie arthur@dist.belnk[2].txt Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\valerie arthur@gostats[2].txt Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\Cookies\valerie arthur@azjmp[1].txt Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valerie arthur@microsofteup.112.2o7[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\valerie arthur@burstnet[2].txt Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\valerie arthur@belnk[1].txt Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valerie arthur@2o7[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Cookies\valerie arthur@adopt.hbmediapro[2].txt Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\valerie arthur@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\valerie arthur@ig.com[1].txt Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\valerie arthur@ad.yieldmanager[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\valerie arthur@www.burstbeacon[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\valerie arthur@go[3].txt Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\valerie arthur@apmebf[1].txt Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\valerie arthur@hg1.hitbox[2].txt Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\valerie arthur@atwola[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\Cookies\valerie arthur@adrevolver[2].txt Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\valerie arthur@as-us.falkag[1].txt Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\valerie arthur@overture[4].txt Spyware:Cookie/Banner Not disinfected C:\WINDOWS\Cookies\valerie arthur@banner[1].txt Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\valerie arthur@belnk[2].txt Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\valerie arthur@as-eu.falkag[2].txt Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\valerie arthur@ads.pointroll[1].txt Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\valerie arthur@searchportal.information[3].txt Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\valerie arthur@revenue[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\WINDOWS\Cookies\valerie arthur@ads.addynamix[1].txt Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\valerie arthur@perf.overture[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\valerie arthur@doubleclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\valerie arthur@overture[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\valerie arthur@www.burstbeacon[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\Cookies\valerie arthur@adrevolver[1].txt Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\Cookies\valerie arthur@i.screensavers[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\valerie arthur@serving-sys[1].txt Spyware:Cookie/FastClick Not disinfected C:\WINDOWS\Cookies\valerie arthur@fastclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\valerie arthur@mediaplex[2].txt Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\valerie arthur@tucows[2].txt Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\valerie arthur@realmedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\valerie arthur@cgi-bin[2].txt Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\valerie arthur@statcounter[2].txt Spyware:Cookie/Bfast Not disinfected C:\WINDOWS\Cookies\valerie arthur@bfast[2].txt Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\valerie arthur@target[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\Cookies\valerie arthur@trafficmp[2].txt Spyware:Cookie/Valueclick Not disinfected C:\WINDOWS\Cookies\valerie arthur@valueclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\valerie arthur@com[3].txt Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valerie arthur@tribalfusion[2].txt Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\valerie arthur@atwola[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\WINDOWS\Cookies\valerie arthur@casalemedia[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\valerie arthur@burstnet[3].txt Spyware:Cookie/bravenetA Not disinfected C:\WINDOWS\Cookies\valerie arthur@bravenet[1].txt Spyware:Cookie/XXXCounter Not disinfected C:\WINDOWS\Cookies\valerie arthur@xxxcounter[1].txt Spyware:Cookie/XXXCounter Not disinfected C:\WINDOWS\Cookies\valerie arthur@xxxcounter[3].txt Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\Cookies\valerie arthur@sextracker[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\WINDOWS\Cookies\valerie arthur@citi.bridgetrack[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\WINDOWS\Cookies\valerie arthur@tradedoubler[2].txt Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\Cookies\valerie arthur@advertising[2].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\WINDOWS\Cookies\valerie arthur@cs.sexcounter[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\valerie arthur@server.iad.liveperson[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valerie arthur@bluestreak[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valerie arthur@questionmarket[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\valerie arthur@mediaplex[3].txt Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\valerie arthur@atdmt[1].txt Spyware:Cookie/Adtech Not disinfected C:\WINDOWS\Cookies\valerie arthur@adtech[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Cookies\valerie arthur@statse.webtrendslive[1].txt
Spyware:Cookie/Seeq Not disinfected C:\WINDOWS\Cookies\valerie arthur@www48.seeq[1].txt Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS\Cookies\valerie arthur@www47.buydomains[1].txt Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valerie arthur@zedo[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\Cookies\valerie arthur@adrevolver[4].txt Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valerie arthur@microsofteup.112.2o7[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valerie arthur@tribalfusion[3].txt Spyware:Cookie/Maxserving Not disinfected C:\WINDOWS\Cookies\valerie arthur@maxserving[1].txt Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\valerie arthur@xiti[2].txt Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valerie arthur@zedo[2].txt
Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Cookies\valerie arthur@overture[2].txt
Spyware:Cookie/Adserver Not disinfected C:\WINDOWS\Cookies\valerie arthur@z1.adserver[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\WINDOWS\Cookies\valerie arthur@bravenet[3].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\valerie arthur@as-us.falkag[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\WINDOWS\Cookies\valerie arthur@tradedoubler[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\valerie arthur@247realmedia[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\Cookies\valerie arthur@counter5.sextracker[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\valerie arthur@stats.drivecleaner[2].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valerie arthur@2o7[3].txt
Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\Cookies\valerie arthur@i.screensavers[3].txt
Spyware:Cookie/FortuneCity Not disinfected C:\WINDOWS\Cookies\valerie arthur@fortunecity[1].txt
Spyware:Cookie/HotLog Not disinfected C:\WINDOWS\Cookies\valerie arthur@hotlog[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valerie arthur@questionmarket[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\valerie arthur@www.myaffiliateprogram[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\valerie arthur@www.burstbeacon[3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\valerie arthur@go[2].txt
Spyware:Cookie/Bfast Not disinfected C:\WINDOWS\Cookies\valerie arthur@bfast[3].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\valerie arthur@atwola[3].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\valerie arthur@qksrv[2].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\valerie arthur@as-eu.falkag[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\WINDOWS\Cookies\valerie arthur@linksynergy[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\valerie arthur@ads.pointroll[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\Cookies\valerie arthur@counter4.sextracker[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\valerie arthur@server.iad.liveperson[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\valerie arthur@com[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\valerie arthur@ehg-dig.hitbox[2].txt
Spyware:Cookie/WebPower Not disinfected C:\WINDOWS\Cookies\valerie arthur@webpower[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\valerie arthur@apmebf[2].txt
Spyware:Cookie/Tickle Not disinfected C:\WINDOWS\Cookies\valerie arthur@tickle[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\valerie arthur@burstnet[4].txt
Spyware:Cookie/Casalemedia Not disinfected C:\WINDOWS\Cookies\valerie arthur@casalemedia[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\Cookies\valerie arthur@trafficmp[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\valerie arthur@statcounter[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\Cookies\valerie arthur@sextracker[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Cookies\valerie arthur@statse.webtrendslive[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\valerie arthur@mediaplex[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\valerie arthur@doubleclick[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valerie arthur@bluestreak[1].txt

 

I didn't realize that was so long sorry. I can see from that report that I will be having a chat with my son about the sites he visits as I don't want him going to those site and I don't think the are safe. He's just turned 18 but still....

 

Good to see you got it going. You amaze me! Might want to find a new ribbon cable.

Fix the following with HijackThis.

O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe "
O4 - HKLM\..\Run: [winmqm32] rundll32 winmqm32.dll,run
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...bridge-c18.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/...rr-toolbar.cab

Delete the following files. Let me know if you can't find any of them, or can't delete any. The command line in command prompt mode is very powerful, though you would likely have to use the 8.3 shortname for some.

C:\WINDOWS\SYSTEM\Popular Screensavers.scr
C:\WINDOWS\SYSTEM\unPPC.exe
C:\WINDOWS\TEMP\cfout.txt
C:\WINDOWS\TEMP\CDASilentInstall0501.exe
C:\WINDOWS\TEMP\rr-toolbar.exe
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf

Uninstall all old Java versions and update to the latest.
http://java.com/en/download/index.jsp

Open Internet Options, delete all Cookies and Temporary Internet Files, then set the cache size to 50 MB. On the Privacy tab, select Advanced and select; Override cookie handling, Allow first party, Block third party, and Always allow session cookies.

Empty the recycle bin, then run disk cleanup and reboot. If things still seem unresponsive and slow, use HijackThis to fix the following entry, reboot and see if it helps.

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

If it does, we need to see if the updated version of that patch has been installed.

Before you come down too hard on your boy, keep in mind that many of those cookies could have come via popups, and aren't true indicators of his browsing habits. If you really want to know where he's been, there are other ways .........

 

I am away from my computer right now, but I will take care of all of that when I get home. I am using my sister's (kli40475) machine at the moment. I didn't come down too hard on him, just told him that I won't fix it the next time I will leave it to him.

 

did all that was suggested posted, there is only one file I can't remove. C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf

computer seems to be working better than it was.

 

I went back to hjt and fixed kb891711, and immediately after I got a blue screen, fatal exception 0E has occired at 0167:bff9Dfff, the current application will be terminated. after clicking ok, I got explorer caused a general protection fault in module user.exe at 0012:000000167, followed bye Explorer cause an invaled page fault in module KERNEl32.Dll at 0167:bff9dfff. after all that I had to turn off the computer, ctrl +alt+del did nothing. After rebooting computer seems fine except, when I load internet explorer when closing a window I get another error msg... an error has occurred in internet explorer. IE will now close. If you continue to experience problems please restart your computer. Followed by the msg about sending a report to microsoft. And then ie has performed an illegal operation and will be shut down..

Brian have some of those errors before I changed anything but it just happen occasionally, he would choose not to send the report and ie would close. It would work fine if he restarted.. The error msgs I have listed happened everytime I opened ie, no other programs seem to have any problems.

 

Try booting from the startup disk to command prompt mode. At the C:\> prompt, type the following and hit enter.

deltree /y C:\WINDOWS\Downlo~1\f3initialsetup1.0.0.8-2.inf

Odd that fixing that entry would cause any problem. See if you can access the Windows Update Catalog at the Windows Update site. If so, search for all available critical upates for 98 and see if KB891711 is available. If so, download and save it. Then go to Add/Remove programs to see if the update is listed ...... uninstall it if it is. Reboot, then install the new one. Reboot when done.

On the IE send report error message, there should be an option to view the details. If you get it again, see what you can find.

Post a fresh HijackThis log.