Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Old Computer - Lots O' Problems


  • Please log in to reply

#1
chimpyboy

chimpyboy

    Member

  • Member
  • PipPip
  • 67 posts
So I'm trying to clean up an old computer (Win 95), and it's got lots of problems...I've run Norton AV and Spybot and CWShredder, which has cleaned out a lot of junk, but cannot install adawarese for some reason (probably cause the computer is old and crappy).

Anyway, here is the log, can anyone advise me on where to go from here?

Logfile of HijackThis v1.97.7
Scan saved at 10:15:43 AM, on 12/28/04
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\WRUSVQT\QURQWP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\QTMH.EXE
C:\PROGRAM FILES\WRUSVQT\PWQRUQ.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\kzpgapcv.exe
O4 - HKLM\..\Run: [bIpHSsox] C:\PROGRA~1\WRUSVQT\QURQWP.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [qtmh] c:\windows\qtmh.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [zzb] c:\Windows\System\zzb.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WebMail (HKCU)
O9 - Extra button: Weather (HKCU)
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.micr...N-US/msorun.cab
  • 0

Advertisements


#2
LineOFire

LineOFire

    Malware Expert

  • Retired Staff
  • 235 posts
Welcome to GeeksToGo. :tazz:

We apologize for the delay in response. The forums have been very busy lately.

This is the first time I have seen a Windows 95 HijackThis log. ;)

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Visit this site for instructions on how to remove CommonName:

http://www.commonnam...lt.asp?idx=10#4

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\kzpgapcv.exe
O4 - HKLM\..\Run: [bIpHSsox] C:\PROGRA~1\WRUSVQT\QURQWP.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [qtmh] c:\windows\qtmh.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [zzb] c:\Windows\System\zzb.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O14 - IERESET.INF: START_PAGE_URL=

Reconfigure Windows XP to show hidden files:
Double-click on the My Computer icon.
Select the View menu and then click Options.
After the new window appears select the View tab.
Scroll down until you see the Show all files radio button and select it.
Press the OK button and close the My Computer window.
Now your computer is configured to show all hidden files.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

WinFavorites

Please delete these folders using Windows Explorer(if present):

C:\PROGRAM FILES\WINFAVORITES
C:\Program Files\WRUSVQT

Please delete these files using Windows Explorer(if present):

c:\windows\msbb.exe
c:\windows\qtmh.exe
C:\WINDOWS\SATMAT.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\SYSTEM\kzpgapcv.exe
c:\Windows\System\zzb.exe

Now you can restart the computer normally.
Please run HijackThis again and post a fresh log, just so I can make sure that all the malware was deleted according to plan. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP