# Looking for EASY ways to make my computer FASTER



## GhettoChild (Mar 4, 2004)

I just got rid of a hijacking trojan with CWShredder (It was globe finder) and my computer seems to be very slow lately and I was wondering if there is something I can do on my computer to make it faster. I mean this without having to spend money. I have windows98. I am not sure what I can do. I deleted a game that took over 100MB but that made little impact. I use AOL Instant messenger and when I run too many things and people message me the box comes up all distorted, it's done this more and more lately (Usually does when I'm playing a game called Graal) but now It does it when I am browsing the web. I also experience problems in e-mails (I haven't check since using CWShedder and this forum seems fine) but when I type it types VERY SLOWLY, like letter by letter...PLEASE HELP!!!!


----------



## Rockn (Jul 29, 2001)

You never mentioned anything about your system specs or OS, kind of hard to make suggestions without any input.


----------



## GhettoChild (Mar 4, 2004)

184 MB of RAM

32-Bit File System
32-Bit Virtual Memory
13% free System Resources


anything else needed?


----------



## GhettoChild (Mar 4, 2004)

Also my Explorer tends to freeze and usually you'd close it and you'd get the desktop recovery screen but now when my taskbar freezes and such and I look in task manager..Explorer is already gone?


----------



## john1 (Nov 25, 2000)

visit trend,
http://housecall.trendmicro.com/
you may still have something slowing it down.

You say you're using 98,
do you have it set to web pages?
i find that slows mine down.


----------



## john1 (Nov 25, 2000)

globefinder ... ?

maybe thats one of the newer ones coming from the CWS crew,
some of them are very difficult to clear up,
check over what you did again,
if typing letters is still slower than it should be,
then maybe theres still a problem


----------



## mobo (Feb 23, 2003)

Lets start here and then we can look elsewhere.

Please get Spybot S&D to clear out any spyware.
*  http://www.safer-networking.org/index.php?page=mirrors  *

Install the program and open it.

Before doing any scanning click*  Online  * and *  Search for Updates  *.
Put a check mark at and install *  all updates  *.
Click *  Check for Problems  * nd when the scan is finished have Spybot fix *  all  * it finds marked in * red *.

Then after * reboot  *:
Download 'Hijack This!'. * http://www.tomcoyote.org/hjt/ *or from * http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13*
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the " * scan  * " button will change into a " * save log * " button.
Press that, * save the log * , load it in Notepad, and copy its contents here. *  Most of what it lists will be harmless or even essential, don't fix anything yet.
 *.


----------



## Bob Cerelli (Nov 3, 2002)

Some ideas:

1) Download a good Spyware and Trojan Removal program.

Spybot Search and Destroy:
http://www.safer-networking.org/index.php?page=spybotsda

SpySweeper:
There is also a good spyware program at:
http://www.webroot.com/wb/products/spysweeper/index.php
This will also protect your home page from being hijacked.

Ad-Aware:
http://www.lavasoft.de/

With any of the above three programs, just like with Anti-Virus software, should have the latest updates installed before doing a scan.

2. Run MSCONFIG and remove any programs you don't need starting automatically.

3. Delete the contents of the TEMP directory and reboot. This can fill up and cause quite a degradation in performance.


----------



## GhettoChild (Mar 4, 2004)

Logfile of HijackThis v1.97.7
Scan saved at 11:33:57 PM, on 3/3/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\WINGATE\WINGATE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\NAVAGENT256.EXE
C:\WINDOWS\SYSTEM\YAHOO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\ILZAIMNM.EXE
C:\WINDOWS\SYSTEM\HHFPXKDH.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINGATE\WGENGMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1424.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [owsidbpg] C:\WINDOWS\ilzaimnm.exe
O4 - HKLM\..\Run: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoo.exe
O4 - HKLM\..\Run: [krzuikwr] C:\WINDOWS\SYSTEM\hhfpxkdh.exe
O4 - HKLM\..\Run: [ORUXBEI] C:\WINDOWS\ORUXBEI.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [WinGateEngine] C:\PROGRAM FILES\WINGATE\WINGATE.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoo.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064520565320
O16 - DPF: {376C54B9-93B3-EF5D-72FF-D2C8448AC6F9} (DownloadUL Class) - http://public.searchbarcash.com/cab/026/ckwsfqqk.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab


----------



## mobo (Feb 23, 2003)

Now rescan and put a check next to each of these then close all browser windows and click "fix checked"

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL

O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [owsidbpg] C:\WINDOWS\ilzaimnm.exe

O4 - HKLM\..\Run: [ORUXBEI] C:\WINDOWS\ORUXBEI.exe

O16 - DPF: {376C54B9-93B3-EF5D-72FF-D2C8448AC6F9} (DownloadUL Class) - http://public.searchbarcash.com/cab/026/ckwsfqqk.cab

Then reboot into safe mode and delete :
C:\WINDOWS\ORUXBEI.exe
C:\WINDOWS\ilzaimnm.exe
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\PROGRAM FILES\IESEARCHBAR


----------



## GhettoChild (Mar 4, 2004)

How do I reboot into safe mode with 98?


----------



## mobo (Feb 23, 2003)

http://www.computerhope.com/issues/chsafe.htm#01


----------



## NiteHawk (Mar 9, 2003)

Your biggest problem is the 13% free System Resources.

You have way too much starting up in your startups. PLUS you have at least two worms/trojans in there. Give me some time to go over your HJT log. While I'm doing that, here are three places you can go for an online virus scan.

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/


----------



## GhettoChild (Mar 4, 2004)

I am not going into safe mode, but I just restarted and i can get my System Resources to 49%-55%


----------



## NiteHawk (Mar 9, 2003)

Are you using AOL?
Since there is a lot of Verizon connection listings, I am assuming that you are inside the US and don't need the country code.


----------



## GhettoChild (Mar 4, 2004)

As you assumed I do live in the US. And I do use Aol Instant Messenger but my service isn't through AOL.

A game called Graal

www.graalonline.com

kills my computer when I run it. It's only 160MB and thats because i've had it a long time and have a lot of uploaded files from it.


----------



## GhettoChild (Mar 4, 2004)

I have to go to bed, I'll check these before school in...7 hours lol


----------



## NiteHawk (Mar 9, 2003)

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.
*
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL

O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1424.0\EN-US\MSNTB.DLL

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe*
_ Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray_
*O4 - HKLM\..\Run: [owsidbpg] C:\WINDOWS\ilzaimnm.exe

O4 - HKLM\..\Run: [krzuikwr] C:\WINDOWS\SYSTEM\hhfpxkdh.exe
O4 - HKLM\..\Run: [ORUXBEI] C:\WINDOWS\ORUXBEI.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [WinGateEngine] C:\PROGRAM FILES\WINGATE\WINGATE.EXE

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe

O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe

O16 - DPF: {376C54B9-93B3-EF5D-72FF-D2C8448AC6F9} (DownloadUL Class) - http://public.searchbarcash.com/cab/026/ckwsfqqk.cab

*

Next reboot into Safe Mode and remove the following files and folders that are *bolded*

C:\WINDOWS\*ilzaimnm.exe*
C:\WINDOWS\*ORUXBEI.exe*

C:\WINDOWS\SYSTEM\*hhfpxkdh.exe*

C:\Program Files\*Wingate*\Wingate.Exe
C:\Program Files\*Aws*\Weatherbug\Weather.Exe 1
C:\Program Files\*Iesearchbar*

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode.

Before you re-enable system restore I would strongly recommend that you do an online virus scan at least one and preferably 2 of the following sites:

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

Now download Spybot - Search & Destroy  (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Next Download Adaware (get the free edition) 
http://www.lavasoft.de/software/adaware/

Download, install it and open it. Click on the *Check for Updates Now* button and *connect*. Let it download and install the updates. Then press *scan now*. Let it remove what it finds. This will not be effective without the Updates.....please do NOT skip that step!

When done, reboot your PC

Last, run HJT again and post your log again to see if anything was missed.

Thanks


----------



## mobo (Feb 23, 2003)

Why all these ? Not viral or adware...

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1424.0\EN-US\MSNTB.DLL
4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe


----------



## NiteHawk (Mar 9, 2003)

Good question, Mobo.

Since his earlier post stated that his resources were at 13%, I went after not only virus/trojan/worms and spyware, but also anything that is not needed to be running 100% of the time in the background and consuming resources.

*O4 - HKLM\..\Run: [CountrySelection] pctptt.exe*
Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required

*O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe*
Modem related software, he is on DSL. Not needed. Consumes resources

*O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe" *
Both are DSL monitoring and remote diag software. Verizon does not use and doesn't have the software in place at their end. Not need. Consumes resources.
(Also IPInSight is spyware and is frequently downloaded and installed piggyback on a lot of P2P software; napster and morpheus to name a few)

*O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"*
More DSL monitoring and remote diag software. Verizon does not use and doesn't have the software in place at their end. Not need. Consumes resources

*O4 - HKLM\..\Run: [LoadQM] loadqm.exe*
Known resource hog. Systems run fine without it running

*O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe*
Not needed to be running all the time. Can be started via Start > Programs menu IF needed.

His original question was how to make his computer faster.

IF you feel differently about any of them feel free to let me know.


----------



## mobo (Feb 23, 2003)

No debate on those at all. What I was concerned about was after I posted a response you replied that there were at least two infections present and I wondered what they were...


----------



## NiteHawk (Mar 9, 2003)

Actually, some how I scrolled over and didn't see your reply and blindly went about going over the HJT log. My fault for duplicating your work.

These I believe to be viral in nature for several reasons. The random letters in the file name and the fact that nothing can be found on then using the usual sources. Just about every legit file has at least something on it somewhere on the web. The random lettering in the name means that you and I could have both been hit by the same virus, but have different file names.

C:\WINDOWS\ilzaimnm.exe
C:\WINDOWS\ORUXBEI.exe

C:\WINDOWS\SYSTEM\hhfpxkdh.exe

The last one, Wingate, is most definatly viral and a result of the LovGate.G virus.
C:\Program Files\Wingate\Wingate.Exe


No problem with your questions Mobo, it's one more way I learn.


----------



## mobo (Feb 23, 2003)

as well all do. Have a good night


----------



## NiteHawk (Mar 9, 2003)

You too.

Let me just add one thing in closing. If I make an error or give bad advise, I expect to be question and corrected. To me that is one of the HUGE benefits of a forum such as this. IF someone makes an error or mis-advises, there is always someone who will set the user straight.

As an old engineer I worked with years ago was fond of saying, "No one is goof proof!!"


----------



## GhettoChild (Mar 4, 2004)

Hey thanks.
I went through and looked for C:\WINDOWS\ORUXBEI.exe in safe mode and it couldn't be found...

*Goes To School*
I'll check this forum when I get back
Thx in advance


----------



## GhettoChild (Mar 4, 2004)

Also in the past I remember closing that "load" program you called a resource hog (long time ago) and it messed up. It would close when I restarted or something. You sure it'll run without it?

Also to let you guys/girls know, your helping a 5 year old compaq, I know the best advice is get a new computer, lol but the dads a little cheap 

Thx again


----------



## mobo (Feb 23, 2003)

Just do a search for it by start / search / C:\WINDOWS\ORUXBEI

Then repost a fresh log..


----------



## GhettoChild (Mar 4, 2004)

Logfile of HijackThis v1.97.7
Scan saved at 3:49:35 PM, on 3/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\WINGATE\WINGATE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\NAVAGENT256.EXE
C:\WINDOWS\SYSTEM\YAHOO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HHFPXKDH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAM FILES\WINGATE\WGENGMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1424.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoo.exe
O4 - HKLM\..\Run: [krzuikwr] C:\WINDOWS\SYSTEM\hhfpxkdh.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [WinGateEngine] C:\PROGRAM FILES\WINGATE\WINGATE.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoo.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064520565320
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab


----------



## mobo (Feb 23, 2003)

Recheck the log posted from nighthawk above and check the items he has listed there.


----------



## GhettoChild (Mar 4, 2004)

Logfile of HijackThis v1.97.7
Scan saved at 3:57:34 PM, on 3/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\WINGATE\WINGATE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\NAVAGENT256.EXE
C:\WINDOWS\SYSTEM\YAHOO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HHFPXKDH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAM FILES\WINGATE\WGENGMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoo.exe
O4 - HKLM\..\Run: [krzuikwr] C:\WINDOWS\SYSTEM\hhfpxkdh.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Norton Auto Protect32] NavAgent256.exe
O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoo.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064520565320
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab


----------



## GhettoChild (Mar 4, 2004)

The last 3 I kept because i felt they didn't cause much of a hassle


----------



## GhettoChild (Mar 4, 2004)

Ummm thanks...I deleted winpoET and now my internet won't work. I'm at my moms


----------



## Bob Cerelli (Nov 3, 2002)

Pretty sure that was not good advice. Hopefully you stil have the CD that came when the Internet was configured. Otherwise try going to the ISP's web site. Just had to do the same for someone that got a new computer.


----------



## GhettoChild (Mar 4, 2004)

My dad called Verizon and is having a new one sent.


----------



## NiteHawk (Mar 9, 2003)

Did you *delete* winpoet or just check it in HJT and have HJT fix it?? IF you just had HJT fix it, HJT creates backups in the folder that it is run from. Run HJT and click on the Config button and then click on Backups. Highlight the item you want to restore and click the Restore button. Then reboot. That item should be restored to your startups.


----------



## NiteHawk (Mar 9, 2003)

My sincere apologies for any problems caused due to Winpoet. For whatever reason at the time, I saw Winpoet and was _thinking_ BroadJump Client Foundation which is installed with many DSL packages and is truly not needed.

Again I am sorry for giving you the wrong file. As noted above you should be able to restore it from the HJT backups with no problem.


----------



## GhettoChild (Mar 4, 2004)

Where are these backups?


----------

