Rickrandom
2006-04-10, 21:56
I admit to serious ignorance on this subject. My own PC seems to be OK usually with appropriate protection, but I'm trying to sort out a friend's Win98SE PC (733 Celeron 128MB RAM).
I've tried scanning with Spybot 1.4, updated a few days ago, but it just crawls at the Coolwwwsearch, on about 7700 out of 37000. I've tried several times, but always slow. I mean it takes 2 hours to increase from 7755 to 8060. In the end I've always stopped it.
I thought it might help if I booted into Safe mode, perhaps to stop the thing that was slowing it down - no luck.
I ran AboutBuster, and that's now reported clean (I don't know if that's worth anything). It deleted lots of things, and at the third run it logged:
AboutBuster 6.01
Scan started on [09/04/06] at [16:28:49]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 16:36:36
I've run HiJackThis, with the log:
Logfile of HijackThis v1.99.1
Scan saved at 20:24:18, on 10/04/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {9FD846EF-6A74-8A53-3F0E-2C94011D4C95} - C:\WINDOWS\SYSTEM\IPKJ.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
I've run CWShredder, but I can't see where it put the log file (if there was one). I can look harder or re-run it if it's any help. Again I don't know if CWShredder is a good tool or about as useful as a chocolate fireguard. For all I know it might be spyware!
After all this, it's still agonsingly slow. I'm assuming that if it's that slow, it's not actually doing any good, as something is stopping it functioning, but maybe I should just run it for 24 hours or something?
I'm not sure what Spybot log file to upload. This is Checks.060409-1550.txt
--- Report generated: 2006-04-09 15:50 ---
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-04-08 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-07 Includes\Cookies.sbi (*)
2006-04-07 Includes\Dialer.sbi (*)
2006-04-07 Includes\Hijackers.sbi (*)
2006-04-07 Includes\Keyloggers.sbi (*)
2006-04-07 Includes\Malware.sbi (*)
2006-04-07 Includes\Revision.sbi (*)
2006-04-07 Includes\Security.sbi (*)
2006-04-07 Includes\Spybots.sbi (*)
2006-04-07 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-04-07 Includes\PUPS.sbi (*)
and this is Checks.060409-0939.log
09.04.2006 09:39:43 - ##### check started #####
09.04.2006 09:39:43 - ### Version: 1.4
09.04.2006 09:39:43 - ### Date: 09/04/06 09:39:43
09.04.2006 09:39:45 - ##### checking bots #####
Can anybody suggest what my next step should be? Get a new PC? Get a new friend? Become a Luddite?
Thanks in advance for any assistance.
I've tried scanning with Spybot 1.4, updated a few days ago, but it just crawls at the Coolwwwsearch, on about 7700 out of 37000. I've tried several times, but always slow. I mean it takes 2 hours to increase from 7755 to 8060. In the end I've always stopped it.
I thought it might help if I booted into Safe mode, perhaps to stop the thing that was slowing it down - no luck.
I ran AboutBuster, and that's now reported clean (I don't know if that's worth anything). It deleted lots of things, and at the third run it logged:
AboutBuster 6.01
Scan started on [09/04/06] at [16:28:49]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 16:36:36
I've run HiJackThis, with the log:
Logfile of HijackThis v1.99.1
Scan saved at 20:24:18, on 10/04/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {9FD846EF-6A74-8A53-3F0E-2C94011D4C95} - C:\WINDOWS\SYSTEM\IPKJ.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
I've run CWShredder, but I can't see where it put the log file (if there was one). I can look harder or re-run it if it's any help. Again I don't know if CWShredder is a good tool or about as useful as a chocolate fireguard. For all I know it might be spyware!
After all this, it's still agonsingly slow. I'm assuming that if it's that slow, it's not actually doing any good, as something is stopping it functioning, but maybe I should just run it for 24 hours or something?
I'm not sure what Spybot log file to upload. This is Checks.060409-1550.txt
--- Report generated: 2006-04-09 15:50 ---
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-04-08 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-07 Includes\Cookies.sbi (*)
2006-04-07 Includes\Dialer.sbi (*)
2006-04-07 Includes\Hijackers.sbi (*)
2006-04-07 Includes\Keyloggers.sbi (*)
2006-04-07 Includes\Malware.sbi (*)
2006-04-07 Includes\Revision.sbi (*)
2006-04-07 Includes\Security.sbi (*)
2006-04-07 Includes\Spybots.sbi (*)
2006-04-07 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-04-07 Includes\PUPS.sbi (*)
and this is Checks.060409-0939.log
09.04.2006 09:39:43 - ##### check started #####
09.04.2006 09:39:43 - ### Version: 1.4
09.04.2006 09:39:43 - ### Date: 09/04/06 09:39:43
09.04.2006 09:39:45 - ##### checking bots #####
Can anybody suggest what my next step should be? Get a new PC? Get a new friend? Become a Luddite?
Thanks in advance for any assistance.