1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Crashes and Slowing Down

Discussion in 'Earlier Versions of Windows' started by wynn455, Oct 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. wynn455

    wynn455 Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    8
    Computer had been giving me a Hell Of A Time. Can You Please Help?

    Heres My Hijack Log.

    Logfile of HijackThis v1.97.3
    Scan saved at 8:48:15 AM, on 10/17/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPPROPTY.EXE
    C:\PROGRAM FILES\COMMON FILES\EACCELERATION\EANTHOLOGY.EXE
    C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE
    C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?pgdoc about:blank (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
    O1 - Hosts: 3510794918 auto.search.msn.com
    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
    O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HP LaserJet ToolBox] hppropty.exe
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
    O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.5324884259
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 67.17.215.133,206.165.6.11
    O19 - User stylesheet: C:\WINDOWS\Web\win.def
    O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

    Thanks
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi wynn455

    Go here and donload CWShredder and let it do its' thing:

    http://www.spywareinfo.com/~merijn/cwschronicles.html

    ....you'll have to scroll down down the page some for the download. After cleaning up with CWShredder, post your log again and we'll clean up whatever is left.

    :)
     
  3. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    First a word about the items in RED . They are at best a cruel hoax. At worst, pure SCUMWARE!! They claim to be helpful in detecting spyware, popups, virus and so on, while they themselves are SPYWARE!!

    Depending on what is left after you run CWShredder

    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?pgdoc about :blank (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?pgdoc (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)

    O1 - Hosts: 3510794918 auto.search.msn.com

    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL

    O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
    O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE ┬ľk


    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

    The following three items and known resource hogs and don't need to be started up every time. They can be started from the Start > Programs menu on an as needed basis.

    O4 - Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE


    O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm

    O19 - User stylesheet: C:\WINDOWS\Web\win.def
    O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)


    Reference this item:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 67.17.215.133,206.165.6.11

    Registrant:
    Global Crossing (GBLX5-DOM)
    95 N. Fitzhugh Street
    Rochester, NY 14614-1212
    US

    Domain Name: GBLX.NET

    IF this is your ISP, leave it alone. IF NOT, have HJT fix it.



    Next reboot into Safe Mode and remove the following files and folders that are bolded

    C:\PROGRAM FILES\COMMON FILES\EACCELERATION\EANTHOLOGY.EXE
    C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE

    See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

    Reboot into normal mode


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334

    NiteHawk...... (y) (y) (y) (y)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172709

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice