Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Jan 2007
    Posts
    3
    Points
    1

    Default My First HJT Log Post 1-29-07

    Hi. I was instructed to post my HJT Log here and get advice from you guys -- this is actually my 2nd scan log -- I fixed one checked item (04 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe) advised by Help2Go Detective after my first scan, followed the rest of the Detective's instructions, ending with a final reboot. The Detective said one of you experts will analyze my latest log and post a response -- I look forward to hearing back from you advising me whether or not there is anything else I need to fix! Thanks so much for your help, here's my 2nd log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:35:43 PM, on 1/29/2007
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\SK9910DM.EXE
    C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\NETGEAR\MA111V2 USB ADAPTER\MA111V2.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\HJT\HIJACKTHIS[1].EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/home.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
    F1 - win.ini: run=hpfsched
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/s...vest/gwCID.CAB
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Hi:

    You got me puzzled, this entry you say you removed:

    04 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

    I dropped that line into your current log and ran it through our Detective and it did not come up as something suggested for removal. While it considered unnecessary, the Detective does not suggest removal.

    The Detective also did not like this entry:

    O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe


    It is OK to leave.

    I am not seeing any problems in the log. Are you having any problems ??

    I hope you understand that you have a "very old" PC operating system. Really no way to make it safe on the internet. I suggest that you don't do internet banking/buying with this machine. Microsoft is no longer releasing any "patches" for it. Suggest that you look into updating to XP, if it meets the requirements of XP. Hopefully XP will cheaper today than yesterday since the new MS Vista is being sold starting today.

    BG

  3. #3
    Member
    Join Date
    Jan 2007
    Posts
    3
    Points
    1

    Default Thanks! And . . . I know . . . :-(

    Hi, Basement Geek -- thanks so much for your response! The Detective DID tell me that first 04 file was not necessary to keep, and SUGGESTED that I could get rid of it to free up some system resources, so I went ahead and deleted it -- the Detective didn't call it "suspicious," though, in terms of it being mal/spy-ware. Nothing bad has happened since I deleted it, so I guess I'm okay. I won't delete the other one you mentioned as being sketchy, since you don't think it's probably harmful. Thanks.

    You asked me if we're having any problems. Well. How do I answer that briefly??? This is my Mom's computer I'm working on, and she only uses it for e-mail, Word documents, Quicken and the occasional download or Excel doc. She doesn't do her banking on-line, and mostly only does research on products on-line, rarely buying anything. She's also gone half the year, so it's really just her "winter computer."

    However, sometime over the last 2 years, her system started really wacking out -- very unresponsive, windows, webpages and applications taking forever to open and close, frequent crashes and disconnects from the internet, etc. I didn't know what to do to help her beyond the standard clean-up stuff, scandisk, defrag, adaware, nav, etc. But after doing some researching, I decided to start to try to "tweak" her operating system based on some advice I found on-line from a guy named Jack Gulley. Things got a little better, then worse, and I finally decided to remove AOL from her system to see what effect that would have (her computer was useless the way it was, so I figured I had nothing to lose.)

    VOILA! Suddenly, her system is acting relatively normal again. As a final stab at locating stuff that might be causing a problem, I decided to do a Hijack This scan (I'm sort of using her computer as a guinea pig at this point to try new things I haven't tried before, since she's probably not going to have it much longer . . .)

    And that's how I got here. I TOTALLY GET that her ME has to go, and she needs to buy a new computer with a new operating system on it. However, I have been advised by almost every geek type I know NOT to buy Vista yet. So, we shopped for XP computers the other day, and all the stores we went to claimed they only had "one XP system left" and tried to push us (hard) into purchasing it. I don't do that -- get pushed into buying something before I've made my own educated decision about the product in question, so we didn't.

    The nice thing about this ME computer is that it's a Gateway and came with a LIFETIME TECHNICAL SUPPORT agreement that Gateway is completely willing to honor -- so I'm not real motivated to jump into a new computer situation where we'll have to buy tech support on an annual basis.

    So, for now, we're going to stick with this Gateway ME situation for Mom, and see how it goes. I've got her signed up for Copper.Net as her ISP (on a $1/month promotion, $9.95 after 3 months) for now and we're going to hang onto her AOL subscription for a few more weeks (she can check her AOL mail on the web) and then cancel AOL completely.

    One thing I know for certain is that I now believe what everyone says about AOL -- especially in an ME environment -- and will fight tooth and nail to never allow her to use it again on any computer.

    She wants to upgrade to Optimum Online or DSL next, anyway. I think we're going to wait until her next computer to do that.

    I'd love to hear what you have to say about buying an XP computer vs. a Vista one -- should we wait a year for the Vista, or buy an XP soon-ish, basically is the question. Gateway has a $499 XP deal that's good and we can order it directly from them -- we'd keep Mom's current monitor, keyboard, mouse and printer and just get the new tower -- but I don't know how long they'll be offering that deal. (Alas, Gateway has discontinued the "lifetime" aspect of the tech support, so we'd basically have to buy it at an annual rate, but that's not SO bad.)

    Glad to hear that you didn't see any other problems in our HJT log. Thanks for reviewing it and posting. I really appreciate it.

    Now I just have to solve the mystery of why we still seem to get disconnected from the internet more than we'd like (and sometimes don't get a dial tone when trying to dial in the first time). Those problems didn't go away with the AOL removal, although they're nowhere near as bad as they used to be, that's for sure! (It's so weird, sometimes we get a "zzzt!" noise right before we get disconnected -- with AOL, we almost ALWAYS heard the "zzzt!" noise, less often on Copper.Net. It's like an electrical zap kind of noise, like a short in the ciruit or something. I'm going to try to swap out her phone-to-modem connection wire, and disconnect a portable phone system that's sort of near the computer and see what happens. Verizon says there is "no noise on the line" as far as they can tell, so I'm sort of stumped. I guess there's a chance it could be the modem itself, but I think I had a techie friend of mine check that last year and I think he said that wasn't it.)

    Any further advice you'd like to give me, I'd be happy to hear. I'm the "family computer guru," but am mostly learning on my feet -- I'm really more of a "competent user," aspiring to geekdom in my spare time . . . oh, hey, I also have a Compaq Presario computer that someone gave me that has Linux on it -- any chance you know whether or not you think I can get away with making that my own new computer (to replace my own Gateway Win98SE machine) without loading Windows on it? Haven't even plugged it in yet, but want to get an idea of what I'm facing. I've been told that I can use Firefox browser and Open Office with Linux (free software, yippy!), but have no idea how realistic it is of me to think I can survive as a user in a Linux environment after having been a Windows user for so long (although I did start out in DOS and Win 3.1 before getting spoiled by all the clicking . . . )

    Thanks again. My name's Jody, by the way. Nice to "meet" you! I'll make sure my Mom knows that she shouldn't buy or bank on the 'net with this computer. Don't think it'll be an issue.

    Oh, yeah, and I've applied all the available ME patches from Microsoft at this point, so at least she's as up-to-date as she can be in that department.

    I'm sort of hoping we can get at least a few more months out of this system for her (6 months? a year?). And I WISH that XP computers were on sale because of the Vista debut, but even the few that we found in stores were not being sold at sale prices. Hard to believe, but so far, that's what we've found. (We've onlyi been to 2 stores so far, though -- Best Buy and Comp USA.)

    Thanks for making my first HJT experience so positive! I really appreciate your interest and advice. Happy New Year!

    Jody in New Jersey/
    conniebob424ATcopper.net

    P.S. -- Speaking of connectivity issues -- any idea why my 98SE computer might be experiencing THIS weird problem: I can connect to the internet fine (dial-up, Copper.Net), but after I sign off, my dialtone on my telephone line completely disappears (and Verizon also says there's nothing wrong with MY telephone line, either). In order to sign on again, I have to remove the telephone-to-modem connection and count to 20, then reconnect it to get a fresh dialtone, and then I can sign in again. Also, if I want to use the telephone, i.e. to get a dialtone to allow me to make a call, I have to leave the modem disconnected completely -- or I guess I could probably get a fresh dialtone for a phone call if I were to disonnect the modem and count to 20 and plug it back in again, but I haven't tried that. Weird, huh? Ah, the world of dial-up, such an adventure . . . thanks thanks J

  4. #4
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    It is going on Midnight here and I have been here about 9 hours and getting very tired.

    I will try to address some of your questions:

    The Detective DID tell me that first 04 file was not necessary to keep, and SUGGESTED that I could get rid of it to free up some system resources, so I went ahead and deleted it --
    Wasn't needed or required-probably never miss it.

    finally decided to remove AOL from her system to see what effect that would have (her computer was useless the way it was, so I figured I had nothing to lose.)
    Good move -AOL is not an ISP, it is just a gateway, middle man if you will, to an ISP/internet. Very bloated/resource hog.

    On the Copper.Net, I know of it, not really heard anything bad about it. I have Juno & Netzero dial up off and on for years and like them.

    However, I have been advised by almost every geek type I know NOT to buy Vista yet
    Agree- look for a system that has XP Pro, as it will be MS support longer than XP home version. I am going to wait until my XP pro is no longer supported. Vista requires a "big" system/PC.

    Gateway has a $499 XP deal that's good and we can order it directly from them -- we'd keep Mom's current monitor, keyboard, mouse and printer and just get the new tower
    I think I would go for all new stuff. keyboard and mouse are cheap. If this is the original monitor, it is OLD and may not last much longer. Check the printer manufacture web page to make sure the it can be used with XP.

    Can't help you with your question on Linux.

    Speaking of connectivity issues -- any idea why my 98SE computer might be experiencing THIS weird problem....
    Please start a separate question in our PC help forum, on this problem.

    BG

  5. #5
    Member
    Join Date
    Jan 2007
    Posts
    3
    Points
    1

    Default Appreciation

    Okey dokey. Didn't mean to "overload" you :-). Hardly even expected a reply on all that other stuff, especially so soon! Just figured I'd toss it in there and see what your quick, general opinions might be. I so appreciate your help. I WILL set up a new topic on my other connectivity issues, and take under consideration all your savvy advice regarding operating systems and computer systems. Thanks again. Jody

  6. #6
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    From the Help2Go team, you are welcome -Happy Surfing :wink:

    Since this issue appears resolved ... this Topic is closed.

    Please read and load the free programs that we use to protect our own PC's. They are free and they will have little or no impact on your PC's performance:

    http://www.help2go.com/article152.html

    If you need this topic reopened, please request this by sending a moderator a PM with the address of the thread. This applies only to the original topic starter.

    Everyone else please begin a New Topic.

    Basementgeek