Hijackthis log...please help!

[justkidzmom]

This dang thing!! Was running fine a few days ago...then "who knows" what happened. I always leave it on and when I checked it yesterday, the screen was black and stayed black when I tried to "wake" it. From then it was ALL downhill. I shut it down and tried to re-boot...it went to scandisk and froze. Shut it down and re-booted it about 30 (yes...30) times getting different messages every time. One message was "there is an unrecognized command in your config.sys file" ... another was something about a VFBACKUP file missing ... another was "a logical assertion has failed"... several fatal exceptions, etc. I tried starting it in safe mode and it would go to the windows screen and freeze. So, finally I gave up and unplugged the thing, took the cover off and "jiggled" all of the wires. I kept the cover off and booted it up and "ta-da", here I am. Thought I would supply the Hijack This log to see if anyone could find anything suspicious. Thanks for your help...here goes:

Logfile of HijackThis v1.97.7
Scan saved at 9:02:48 PM, on 4/15/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\EMPTY\AIM.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WORKFLOW] D:\INSTALLS\BRDJMP\WORKFLOW.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38020.777337963
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab

 

[Dingenium]

The line:

C:\EMPTY\AIM.EXE

Shouldn't this be in the Program Files\AIM\ directory? Why is in a root directory called Empty? Awfully suspicious....

 

[~Candy~]

Karol, let me move you to security, that is where most of the log gurus hang out, thanks for the email, but unfortunately, I can't help you on this one

 

[justkidzmom]

The line:

C:\EMPTY\AIM.EXE

Shouldn't this be in the Program Files\AIM\ directory? Why is in a root directory called Empty? Awfully suspicious....

Thanks...however that would be a question for someone who knows what they are talking about! NOT me!

P.S. This morning it was all froze up again so I turned the thing off and re-booted. Noticed that the little fan was not running so I "helped" it with a little push and now it is spinning. Could it be that the fan is going out and caused all of this??? Anyway, could use help with the fan thing and the hijack log! Thanks!

 

[Dingenium]

Surprisingly, many lockups with computers are caused when the power supply's "die hard." That is, the fan will stop running on the power supply or processor, and everything will lock. So, to answer your question, it is highly likely that the power supply (fan on the back you can see) is the main reason (or, at least a MAJOR reason) the computer is locking up.

 

[~Candy~]

Karol, fan on power supply or fan on cpu

 

[justkidzmom]

The fan on the cpu...the only one I can "easily" get my hands on! Anyway...the darn thing was "dead" when I got home from work again....no sounds at ALL and the screen was black, however, the green power light was still ON! Had to hold in the power button until it turned off. Then I re-booted and it had to go through the scandisk process again...geeze...what a pain!

 

[~Candy~]

KAROL!

STOP, ok before you fry the cpu. Turn the machine off and replace the cpu fan. They run about $12, the cpu, just a tad more major tads more

 

[justkidzmom]

k, now a "stupid" question...can I use the fan from the other pc that has the cdrom down right now or are they all different?

 

[~Candy~]

Probably different, but have a look.

 

[justkidzmom]

as in a "visible" look or is there info somewhere on the pc I should know about? Please remember...this is a real ssstttrrreeetttccchhh for me, touching the guts of this darn thing!

 

[~Candy~]

First off, are the cpus the same? Do they look the same? For example, a P4 fan isn't going to work on a PII, III, etc. Sorry, I've worked a lot with you, but it's impossible for me to remember what cpu is in what computer, and whose

 

[justkidzmom]

Candy...Sry, i am such an idiot! the one pc is a proteva (the one I am currently using) and the other pc is a packard hell (the one that the cdrom bit the dust on). Other than that...I have NO idea what to look for. Is there a website that I can go to or anyplace that would have the info I need...and also, am I (i said "I") capable of doing the switch? If they are NOT the same then I really will be lost and probably have to take it somewhere...ughhhh!

 

[~Candy~]

A glance will tell you if they even resemble each other. You know where the fan is ontop of one cpu, obviously, because you played with it. Look inside the other computer, to see if the fan ontop the cpu is the same size. That will get us started.

I have to log off and play domestic goddess, but others may have other ideas for you, but in my opinion, that would be the first thing I'd check

My best guess is that the packard hell may not even have a fan

 

[justkidzmom]

Yea, the packard hell has a fan! Now, they "appear" to be the same size. One difference I did notice: the fan in the proteva has three wires plugged into the board where it says cpu fan -- the fan in the packard hell has one wire that comes out of it but then it splits into two and connects to a connector instead of the board. Guess that answers my question??? They are different?