1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HijackThis log - grateful for any help (Resolved)

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by paul b, Aug 27, 2004.

Thread Status:
Not open for further replies.
  1. paul b

    paul b Techie7 New Member

    If anyone could look at this HijackThis log I'd be very grateful. The main problem we're having is that Internet Explorer is always redirected to Hitpointer (an adult site). However the PC seems to have lots of other problems too - inspite of having had up-to-date Norton AntiVirus, Spybot and AdAware scans. The other problems include: loads of windows suddenly trying to open up (identifiable only as blank rectangles in the task bar) and a notice about Ocraware failure every time the computer starts up.

    Thanks in advance for any advice

    Paul B


    - - -

    Logfile of HijackThis v1.98.2

    Scan saved at 23:15:36, on 26/08/04

    Platform: Windows 98 SE (Win9x 4.10.2222A)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL

    C:\WINDOWS\SYSTEM\MSGSRV32.EXE

    C:\WINDOWS\SYSTEM\MPREXE.EXE

    C:\WINDOWS\SYSTEM\mmtask.tsk

    C:\WINDOWS\SYSTEM\MSTASK.EXE

    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE

    C:\WINDOWS\SYSTEM\RPCSS.EXE

    C:\WINDOWS\EXPLORER.EXE

    C:\WINDOWS\SYSTEM\RNAAPP.EXE

    C:\WINDOWS\SYSTEM\TAPISRV.EXE

    C:\WINDOWS\TASKMON.EXE

    C:\WINDOWS\STARTER.EXE

    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

    C:\WINDOWS\SYSTEM\STIMON.EXE

    C:\WINDOWS\SYSTEM\SYSTRAY.EXE

    C:\WINDOWS\SYSTEM\QTTASK.EXE

    C:\PROGRAM FILES\PD\SHWICON.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

    C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE

    C:\WINDOWS\SYSTEM\HPWPSW.EXE

    C:\WINDOWS\SYSTEM\MYKNTBWH.EXE

    C:\WINDOWS\SYSTEM\DDHELP.EXE

    C:\WINDOWS\RunDLL.exe

    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE

    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

    C:\WINDOWS\SYSTEM\WMIEXE.EXE

    C:\WINDOWS\SYSTEM\PSTORES.EXE

    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe

    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE



    F1 - win.ini: load=HPWHRC.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

    O2 - BHO: TChkBHO Class - {72787F22-F1F5-11D7-85A3-444553540000} - C:\WINDOWS\SYSTEM\LSTIRX.DLL

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022] "C:\Program Files\PD\shwicon.exe" -t"The Company\USB Flash HDD Series Driver v1.17r022"

    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

    O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial

    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe

    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE

    O4 - HKLM\..\Run: [MYKNTBWH] c:\windows\system\mykntbwh.exe /install

    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe

    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe

    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE

    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE

    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Plus!\Microsoft Office\Office\OSA9.EXE

    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE

    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe

    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe

    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab

    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://66.230.134.150/d/auk.exe

    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025972.exe

    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/btmailcontrol013.cab

    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1176.exe

    O18 - Filter: text/html - {DB142980-776A-11D8-85A4-444553540000} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.15.DAT

    O20 - AppInit_DLLs: apitrap.dll;
     
  2. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    Hello,
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
    O2 - BHO: TChkBHO Class - {72787F22-F1F5-11D7-85A3-444553540000} - C:\WINDOWS\SYSTEM\LSTIRX.DLL
    O4 - HKLM\..\Run: [MYKNTBWH] c:\windows\system\mykntbwh.exe /install
    O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://66.230.134.150/d/auk.exe
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025972.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1176.exe
    O18 - Filter: text/html - {DB142980-776A-11D8-85A4-444553540000} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.15.DAT

    The following are optional fixes:
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

    System tray access for Quicktime. Not needed and causes slow downs

    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Plus!\Microsoft Office\Office\OSA9.EXE

    Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway. Different filenames used for different variants

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files:
    c:\windows\system\mykntbwh.exe
    C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.15.DAT

    Then reboot and post a fresh log
     
  3. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Hello Owen. Thanks very much indeed for your reply. Those fixes seem to have done the trick. The new HijackThis log is below.

    Cheers, Paul


    Logfile of HijackThis v1.98.2
    Scan saved at 23:29:36, on 30/08/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\PD\SHWICON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\HPWPSW.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE
    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

    F1 - win.ini: load=HPWHRC.EXE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022] "C:\Program Files\PD\shwicon.exe" -t"The Company\USB Flash HDD Series Driver v1.17r022"
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/btmailcontrol013.cab
    O20 - AppInit_DLLs: apitrap.dll;
     
  4. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    That log looks good. How are things running?

    P.S. Sorry about the response time.
     
  5. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Thanks for your message. I didn't think your response was slow, by the way, especially given how busy you must be. In fact I've been really impressed with how helpful you've been. All the problems I mentioned in my initial posting have now gone and, except for a few crashes, the computer seems to be running well except for one thing - sometimes when the Windows desktop first appears, the egg-timer icon won't go, and when you try to launch a programme a message comes up saying there's no disk space. Whereas there's actually about 3.7GB free. I have to force it to restart and it sometimes takes a couple of restarts before Windows starts properly. When it does start up properly it then runs fine. That's the only real problem I've noticed so far.

    Thanks,

    Paul
     
  6. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    Hiya,
    One of the biggest causes that will probably be causing you startup slow downs is Norton Systemworks. Its a good program, but if your computer isn't top of the range, it will cripple your system because it is very resource heavy. A stable computer like mine (its not the best in the world, its specs are quite rubbish really) just froze totally when I installed Norton Antivirus (trial) for testing. I also installed Norton Ghost and Iafter the installation finished, it totally froze and I left it for 20 mins and I had to resort to pressing the Reset button to get it working again.

    Could you follow the instructions for an Online Hardware Scan here and post the log here so that I can take a look at your Hardware specs.
     
  7. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Hi Owen,

    Thanks for your last posting. Sorry I didn't manage to reply before you went away. The results of the hardware scan are below.

    All the best,

    Paul

    -------------------------------------------------------

    OS Information:
    PropertyValue
    OS Name Microsoft Windows 98|C:\WINDOWS|
    Service Pack .
    OS Manufacturer Microsoft Corporation
    Windows Directory C:\WINDOWS


    Processor:
    PropertyValue
    Current Clock Speed 757
    Description AMD Duron(tm) Processor
    Manufacturer AuthenticAMD
    Name AMD Athlon processor


    Memory (RAM):
    PropertyValue
    Bank Label RAS 1 & 0
    Capacity 134217728

    Total Memory Deteced in Hardware: ~128 MB
    Memory Reported to Operating System: 127MB

    Disk Drives:
    PropertyValue
    Description Maxtor 6 E040L0
    Manufacturer (Standard disk drives)
    Model E040L0
    Media Type Fixed hard disk media
    Size 41110142976 (~38 GB)
    Number of Partitions 1

    Description FUJITSU MPA3035ATU
    Manufacturer (Standard disk drives)
    Model MPA3035ATU
    Media Type Fixed hard disk media
    Size 3500007424 (~3 GB)
    Number of Partitions 2


    Installed Printers:
    PropertyValue
    Name EPSON Stylus Photo 890
    Port Name EPUSB1:
    Driver Name EPSON Stylus Photo 890

    Name HP LaserJet 6L
    Port Name LPT1:
    Driver Name Absolutely Bogus WPS Printer Driver

    Name HP LaserJet 6L PCL
    Port Name FILE:
    Driver Name HP LaserJet 6L PCL


    Motherboard:
    PropertyValue
    Manufacturer Gigabyte Technology Co., Ltd.
    Model
    Name Base Board
    Part Number
    Product 7IXE4
    Serial Number 00000000
    Version 1.1


    BIOS:
    PropertyValue
    Manufacturer American Megatrends Inc.
    Name American Megatrends
    Release Date 19000821******.******+***
    Version


    Monitor:
    PropertyValue
    Description Plug and Play Monitor
    Name Plug and Play Monitor
    Screen Height 1024
    Screen Width 1280


    Keyboard:
    PropertyValue
    Description Standard 101/102-Key or Microsoft Natural Keyboard


    Pointing Device:
    PropertyValue
    Manufacturer KME
    Name KEYMOUSE SERIAL MOUSE


    Sound Card:
    PropertyValue
    Manufacturer Intel
    Description Audio for Intel(R) 536EP Serial Wave Device
    Device ID MODEMWAVE\INTEL(R)_536EP_V.92_MODEM\PCI&VEN_8086&DEV_1040&SUBSYS_10008086&REV_00&BUS_00&DEV_09&FUNC_00

    Manufacturer Creative Technology Ltd.
    Description Audio for Creative Sound Blaster AudioPCI 128D (WDM)
    Device ID PCI\VEN_1274&DEV_1371&SUBSYS_13711274&REV_06\BUS_00&DEV_0C&FUNC_00


    Video Card:
    PropertyValue
    Adapter Compatibility SiS
    Adapter RAM 8388608
    Description SiS 6326
    Installed Display Drivers sis6326m.drv
    Driver Version 4.0
    Driver Date 10/06/00 01:00:00
    Video Mode Description 1280 x 1024 x 65536 colors


    DirectX Installation:
    PropertyValue
    Version 6.01.09.0727


    Modem:
    PropertyValue
    Model Intel(R) 536EP V.92 Modem
    Name unimodem.vxd


    Network Adapters:
    PropertyValue
    Description PPP Adapter.

    External Ports:
    PropertyValue
    External Reference Designator Serial Port A
    External Reference Designator Serial Port B
    External Reference Designator Parallel Port
    External Reference Designator Keyboard
    External Reference Designator PS/2 Mouse
    External Reference Designator Floppy
    External Reference Designator IDE-1
    External Reference Designator IDE-2
    External Reference Designator USB

    Expansion Slots:
    PropertyValue
    Slot Designation PCI1
    Slot Designation PCI2
    Slot Designation PCI3
    Slot Designation PCI4
    Slot Designation PCI5
    Slot Designation ISA1
    Slot Designation ISA2
    Slot Designation AGP
    -------------------------------------------------------
     
  8. DJNafey

    DJNafey UK site moderator

    Re: HijackThis log - grateful for any help

    128Mb and a Duron 750MHz processor are more than adequate for running Windows 98 :)

    ....... but what's this all about?!

    Name HP LaserJet 6L
    Port Name LPT1:
    Driver Name Absolutely Bogus WPS Printer Driver


    Do you really have an Epson inkjet AND an HP laser printer running? If so, do you have two parallel ports or do you just switch the cables around when you want to swap printers?
     
  9. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Yeah - good question. When I got the Epson printer I kept my old HP printer going too as it's very fast compared with the Epson one and sometimes I need to churn out a load of letters that don't matter being in black and white. The HP printer is attached to the parallel port and the Epson printer uses USB. I've had no problems with this set up. I also have a scanner in parallel with the HP printer - and this does occasionally give me problems, but only when I am dumb enough to use both at the same time! However, I have absolutely no idea how the driver name 'Absolutely Bogus WPS Printer Driver' got in there! I didn't put it there, that's for sure.

    I'm glad to know the 128Mb and a Duron 750MHz processor are enough. Nonetheless, I seem to be getting far more random crashes and error messages in the last few months than I ever did before. Maybe it's the computer's age, I don't know.

    Cheers,

    Paul
     
  10. DJNafey

    DJNafey UK site moderator

    Re: HijackThis log - grateful for any help

    Oh yes, I should have read your log file a little more carefully!

    Click your Start Menu and go to Settings and then Printers. Do you have a printer listed that refers to the Absolutely Bogus WPS printer? If so, it might be worth deleting it as it may be that that Windows is trying to find and taking so long about. Also, it seems a weird name for HP to use so I'm wondering whether it came from somewhere else.

    Let us know whether it still has problems after that.
     
  11. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Sorry for another slow reply. I've done what you said and the computer does seem to be running better. Still no idea where the 'Absolutely Bogus WPS printer' came from but it's all running properly now. Thanks a lot.

    There's a new problem however, though only a minor one as it hasn't happened many times - the computer freizes and when I do CTRL + ALT + DEL I find that a programme called Ccapp is 'not responding'. If I force quit it I often find that Internet Explorer and my BTInternet/Yahoo dial-up programme have both also crashed, though they restart again fine after I've shut them down. I wondered if this is a familar problem.

    Thanks again.

    Paul
     
  12. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    Ccapp is related to Norton and Norton hogs a lot of resources. Its known for it. It takes up a lot of memory and in some cases can cause problems like this.
     
  13. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Thanks for your reply. Is it worth clearing more memory or is it something I just have to live with till I next upgrade the computer?

    Thanks,

    Paul
     
  14. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    I'd stop programs that you don't really need starting at startup to free up some resources. If it was up to me, I wouldn't run Norton Antivirus on a PC which is not top of the range if you understand what I'm saying, or else it will cause serious slow downs.

    If you do want to uninstall Norton for the time being, you can install the freeware AVG which is just as good. Look in the Hijack This Logs posts for more info.
     
  15. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    Yes, that makes sense. I'll have a go installing AVG. Thanks very much.

    Paul
     
  16. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    Report back on how it goes...
     
  17. paul b

    paul b Techie7 New Member

    Re: HijackThis log - grateful for any help

    It's miles better now - thanks very much indeed.

    Cheers,

    Paul
     
  18. owen

    owen D-A-L Team Member (UK)

    Re: HijackThis log - grateful for any help

    This thread has been Resolved and has been locked to prevent other users hijacking the thread and to help others know which threads have been Resolved and which are still being worked on.

    If you started this thread and the problem returns or the case has not been properly Resolved, please send a Private Message to an Administrator or a Moderator of this forum to have the thread opened again. If you have a different problem, please start a new thread.
     
Thread Status:
Not open for further replies.