MY PC is running real slow and driving me absolutely NUTS :grit: . Could you help please. Jayne posted in the XP-forum and she told me about Hijack - would that help me as well? (I run ME and not XP...)
Anyway, she said I shouldn't run Hijack before consulting the forum, so here I am.
Please HELP, I'm pretty desperate.

Leah

Hi monkey4ever, Welcome to CTH!

Let's have a look...
Download, unzip and run a scan with HijackThis. When the scan is finished, don't make any changes just save the log and then copy & paste it in a reply.

http://www.spywareinfo.com/files/hijackthis.zip

Hi Leah- welcome to CTH. Yep, Hijack This will run on WinME but wise words from Jayne. Hijack This is a diagnostic program and should not be taken lightly. Deleting a valid entry can cause huge problems.

Go here (http://www.spywareinfo.com/files/hijackthis.zip) and download and run a scan with Hijack This. Dont make any changes, just click on Save Log, copy it and post it back in this thread.

LOL..go for it Tom :D

Hi, it's Leah again.
Finally had the time to run hijack. here's the log: (all gibberish to me, really, so I hope you folks can help me out ;)

Thanks in advance,

Leah

Logfile of HijackThis v1.96.4
Scan saved at 9:41:50 PM, on 9/2/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINME\SYSTEM\KERNEL32.DLL
C:\WINME\SYSTEM\MSGSRV32.EXE
C:\WINME\SYSTEM\mmtask.tsk
C:\WINME\SYSTEM\MPREXE.EXE
C:\WINME\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINME\SYSTEM\ZONELABS\VSMON.EXE
C:\WINME\SYSTEM\RESTORE\STMGR.EXE
C:\WINME\EXPLORER.EXE
C:\WINME\TASKMON.EXE
C:\WINME\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINME\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINME\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINME\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficswarm.com/cgi-bin/swarm.cgi?120788&ebeeea8cfa8574d394156a5b5181c7b9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {11990E9F-2A4D-11D6-9507-02608CDD2841} - (no file)
O2 - BHO: SearchSquire3 - {907CA0E5-CE84-11D6-9508-02608CDD2841} - C:\WINME\SYSTEM\SEARCH~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINME\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINME\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINME\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINME\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [bidumrn] rundll32 C:\WINME\SYSTEM\bidumrn.dll,Init 1
O4 - HKLM\..\Run: [lixpxwh] rundll32 C:\WINME\SYSTEM\lixpxwh.dll,Init 1
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SearchSquire3] C:\WINME\SYSTEM\SearchUpdate3.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINME\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINME\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunOnce: [*bidumrn] rundll32 C:\WINME\SYSTEM\bidumrn.dll,Init 1
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} (Squire Class) - http://update.searchsquire.com/SearchSquire3.CAB



Hi Leah- welcome to CTH. Yep, Hijack This will run on WinME but wise words from Jayne. Hijack This is a diagnostic program and should not be taken lightly. Deleting a valid entry can cause huge problems.

Go here (http://www.spywareinfo.com/files/hijackthis.zip) and download and run a scan with Hijack This. Dont make any changes, just click on Save Log, copy it and post it back in this thread.

Hi Leah, You have a couple of suspicious files that we haven't seen before, could you email me zipped copies of the following files to analyze?
C:\WINME\SYSTEM\bidumrn.dll
C:\WINME\SYSTEM\lixpxwh.dll
You can email them here: tbeck41@adelphia.net.

You also have a known hijacker..(Search Squire)

First, download and install Spybot - Search & Destroy, from http://www.tomcoyote.org/spybot
Open Spybot and press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.

Reboot when finished and then run another scan with HijackThis and post the new log in a reply.