[Baldman]

Hi, this computer was give to me by my sister to use temporarily since my old one isn't working anymore. This is all I know of it:

Windows ME
Petium III 733 MHz
128 MB RAM
20 GB HD
She installed a CD burner not sure on the specs.

She stopped using it cause it was really sluggish, not sure if burner was working, sound doesn't work, and it was infected with a bunch of viruses. Since she didn't want to deal with it she bought a laptop. I forsee myself using this computer til the end of this year.

The computer starts up and I sit there after Windows load and the desktop is shown. The mouse is centered and I'm pretty sure all the startup programs are done loading, since I have very few programs checked off for startup. The mouse will start doing its hourglass thing for no reason even if I don't touch a thing. When I move my mouse it will often veer off course or head in the opposite direction even. I have no clue why it's doing that. I've gotten rid of a lot of the viruses but it sort of feels like something huge is running in the background.

I used: Ad-aware, Spybot S&D, AVG, HijackThis!.
The only thing I can't get rid of are files that won't let themselves be deleted cause they say it's in use, even in Safe Mode. Ad-aware used to detect them but haven't in last 2 scans but AVG is still detecting them:

C:\_RESTORE\TEMP\A0124960.CPY
C:\_RESTORE\TEMP\A0133703.CPY then the ending goes 705.CPY, 707.CPY, 709.CPY... til 729.CPY
AVG labels it I-Worm/Klez.E

Logfile of HijackThis v1.99.1
Scan saved at 1:16:13 AM, on 6/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WMCONNECT\WWM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\SCANNERS\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab


Could that be the only thing that's causing this weird and slow behavior? Anyone know how I can get rid of that?

Any help is appreciated. Thanks

[Advertisements]

Hi Baldman

Your log looks clean to me

C:\_RESTORE\TEMP\A0124960.CPY
C:\_RESTORE\TEMP\A0133703.CPY then the ending goes 705.CPY, 707.CPY, 709.CPY... til 729.CPY

You only have to :

Disable system restore: Instructions here.

Reboot

Run AVG again

Enable system restore.

Problem solved?

[Marianna]

Hi Baldman

Your log looks clean to me

C:\_RESTORE\TEMP\A0124960.CPY
C:\_RESTORE\TEMP\A0133703.CPY then the ending goes 705.CPY, 707.CPY, 709.CPY... til 729.CPY

You only have to :

Disable system restore: Instructions here.

Reboot

Run AVG again

Enable system restore.

Problem solved?

[Baldman]

Unfortunately it didn't work Not only that but all the files in that folder are gone and now none of my scanning programs are picking anything up.

Darn computers I had a nice problem free boot and decided to shut down the computer, now the mouse is acting weird again and it's laggy like. Any other spyware scanner suggestions? I can't get housecall to run cause i'm on dialup and whatever's lagging me interferes with long downloads.

Edit:
I have a theory now about this computer. I also noticed something weird since i've been using this computer sometimes the (2) cd drives aren't 'on' So I'm testing the idea that my sister or her friend installed the cd burner drive wrong or the burner drive is a piece of crap.

I detached ide, jumper and audio wire from the burner and this is my 1st boot. Everything's running as it should be. I'm guessing on it being a hardware issue but not sure why the burner drive would slow down the entire system. I'll post more when I have another boot. Until then I'll enjoy the problem free boot for a day or 2

Edited by Baldman, 21 June 2005 - 08:20 PM.

[Marianna]

Unfortunately it didn't work  Not only that but all the files in that folder are gone and now none of my scanning programs are picking anything up.

that is correct, the folder should be empty the "nasties" are now gone and that is the reason your scanning program doesn't pick up anything

You could download Stinger: http://vil.nai.com/vil/stinger/

and run it.

Download CCleaner HERE and install it.

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

Then open it and select the items you wish to clean up.

In the Windows Tab:

I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

Then click the "Run Cleaner" button

[Marianna]

Due to the lack of feedback this Topic is closed.

Should you need it reopened, please e-mail a moderator.
Everyone else please begin a New Topic.