[Deadinside]

Hello.

I Have ben having a problem maybe someone can help =D. I Have Windows 98 And for some reason whenever i click on Internet Explorer it takes 45 + Seconds to open. The Same thing Happens when i Click on My Computer on my Desktop or A Folder i have created on my desktop. I Have Ran Ad Aware 6 Personal and Spybot - Search and Destroy but i have seen no changes. There are alot of ads that have ben poping up recently aswell. I Did have IE Optimizer and managed to get rid of that, i also had Incredifind and got rid of that. Can someone please help? Its getting really frustrating!

-Thanks

Ryan

 

[dr20]

The first thing you should do is download Hijack This from the link below, create a log then copy its results here. Someone should read it for you.

http://tomcoyote.com/hjt/

 

[Deadinside]

Will do So

 

[Deadinside]

Ok. He are the Results.. Thanks

Logfile of HijackThis v1.97.7
Scan saved at 5:58:28 PM, on 3/28/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NAV\HOTKEY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\SXML3AM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
F1 - win.ini: run=c:\windows\options\systools\cyxid98.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D4F3-F66DA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSAIMF.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [SystemWizard Sniffer] C:\Program Files\Common Files\SystemSoft\sniffer.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [SXML3AM] C:\WINDOWS\SYSTEM\SXML3AM.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

 

[Deadinside]

Also is there anything Else i need to post -Info Wise?-

 

[dr20]

You've got some things that can be removed. You might want to place Hijack This in a folder somewhere permanently because that's where the backups will go.

Run the program and put a check to fix next to these entries:

R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe

O4 - HKLM\..\Run: [SXML3AM]

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

There are some other entries that could probably be removed as well but take these off first and see if it runs better. Make sure to close all browser windows first before doing that. You may even want to reboot. After that's done post the new log.

You have the Google toolbar which may help slow things down a little, at least as the browser initially opens. Do you prefer to keep that?

 

[Deadinside]

The google Toolbar Never slowed anything down before. Ill Run again and put the check next to those items. Ill post a new log afterwords

-Ryan

 

[Deadinside]

Ok, Now this is Weird. Same thing happend last night. My Desktop has just ben loaded with stuff..Thanks for everything.

 

[dr20]

You should take these off too:

F1 - win.ini: run=c:\windows\options\systools\cyxid98.exe

O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

 

[dr20]

Well you can restore them if you want. Go into Hijack This and backups and put them back. I know some of those entries like BXXS5.DLL and TWAINTEC.DLL are spyware, but it's up to you.

Here's more information on them:

http://www.pestpatrol.com/pest_info/Stomp/t/twain-tech.asp

http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

 

[buckaroo]

You want to remove these as well:

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D4F3-F66DA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSAIMF.DLL

O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

After rebooting, find and delete this file:

C:\WINDOWS\BELT.exe

Also,

This should stay:

O4 - HKLM\..\Run: [Essdc] essdc.exe

"Related to an ESS Solo soundcard. Seems as though it's required"

 

[dr20]

Thanks buckaroo, I found this on essdc.exe, they said it is related to sound but not necessary. Even so he could probably put that back if he wants.

http://www.djbdesigns.com/wtvzone/startup.html

 

[buckaroo]

Don't know how we missed this one either:

O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe

Fix it also.

After rebooting, find and delete this file:

c:\windows\options\systools\fntfix.exe

Probably a good idea to go here for an online AV scan:

http://housecall.trendmicro.com/housecall/start_corp.asp

 

[buckaroo]

After you're done with everything, post another log so we can see if anything's left over or if something else appeared.