[OHIOSTEVE]

I got on the computer at 9:30 Am...I have already had to restart it 3 times. It just stops loading pages and locks up. I have had this issue for a while now and it keeps getting worse and worse. I tried to run the preliminary tests as described in the pinned thread but I am running windows ME and most of those simply do not work for me. Can someone walk me through getting to the point of running a hijackthis scan so I can post it? ANY help would be greatly appreciated....I am on an OLD HP XE783..... I need a new computer BUT this one will hve to do a while longer. SO again any help will be very much appreciated.

 

[OHIOSTEVE]

bump for help

 

[OHIOSTEVE]

anyone?

 

[Ried]

Hello again Steve. :smile:

It can prove to be difficult/time consuming to remove malware (if that is the case) from such an outdated OS. Most tools are no longer compatible--as you've just experienced.

Have you tried using your System Restore to back to a time before these issues started?

Download HijackThis to your desktop - this program will help us determine if there are any spyware/malware on your computer.

Alternate link

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

• If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
• If not, run a scan and save the log file.
• Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in your next reply.

 

[OHIOSTEVE]

Thanks REID:
I appreciate the help as I am completely computer illiterate...I tried to do the preliminaries but as I said they didn't work. Anyway here is the hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:52 AM, on 12/1/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_15\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_15\BIN\SSV.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab

--
End of file - 4173 bytes

 

[Ried]

You're welcome. : )

I'm not seeing any malware in the log. Could you please elaborate on your term 'constant restarts'? What exactly are you referring to--computer needs to be restarted, or the internet connection...?

 

[OHIOSTEVE]

It has gotten a bit better but not much....once the computer is on for a while it just freezes up. pages won't load...e-mail won't open. A restart fixes it. I have had to restart only once so far this morning however compared to every few minutes before.

 

[OHIOSTEVE]

BTW where in OHIO?

 

[Ried]

Northeast Ohio. :smile:

ME has a reputation for being 'buggy'. To be honest, it sounds as though a reformat and reinstall is needed.

Have you tried System Restore?

 

[OHIOSTEVE]

Northeast Ohio. :smile:

ME has a reputation for being 'buggy'. To be honest, it sounds as though a reformat and reinstall is needed.

Have you tried System Restore?

No.. I do not think I have ever set that up..or maybe I tried a long time back and it didn't work? Either way thanks for the help.. BTW I am just north of Dayton.

 

[Ried]

System Restore is not something you need to set up--it is running and monitoring your system:

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

Give it a try--it couldn't hurt. Have a look here for information about it.

If you would like to investigate other causes/solutions to these issues, then you'd do best discussing your issues with the folks in Windows 98 & ME Support

Good luck. :wave: