Hey guys im helping with my grandma’s computer and im pretty sure theres something on the system I have done a Hijack this log that needs reviewing thanks
The HJT was run from safe mode and as such not much use for analysis.
Yeah I forgot to mention that the computer cannot be booted normal because it Blue screens on every startup so the only other option was safe mode or safe mode with networking ect.
Perhaps you need to track down the cause of the BSOD, try a google search on the BSOD, Stop error number, there is often a common title to the BSOD, usually in CAPITALS with under_scores_between_the_words.
This from hijackthis.de
[X] - O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL [X] - O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL [X] - O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [X] - O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL [X] - O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [X] - O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL [?] - O4 - HKLM\..\Run: [Instpath] C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1FTC40QE\NewSoftware2007Install[1].exe /p [?] - O4 - HKLM\..\Run: [hrtzxlu] c:\windows\system32\hrtzxlu.exe hrtzxlu [X] - O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [?] - O4 - S-1-5-18 Startup: SCRABBLE Complete Registration.lnk = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\{FD2AAF2D-A1AF-4FD9-AB85-21980C5F7210}\{B36649A3-D0DD-4706-B042-F5B384529C7A}\ATR1.exe (User 'SYSTEM') [?] - O4 - .DEFAULT Startup: SCRABBLE Complete Registration.lnk = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\{FD2AAF2D-A1AF-4FD9-AB85-21980C5F7210}\{B36649A3-D0DD-4706-B042-F5B384529C7A}\ATR1.exe (User 'Default user') [?] - O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [X] - O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm090MLUS [?] - O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab [?] - O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab [X] - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Much of this is classed as adware, though not I would say the issue of the BSOD. Google the file names of these entries to get some idea of what they are and the risk involved, etc. getting no hits on the google search for a file name in itself is suspicious as it the case with at least one of the above.
There is also a lot of Symantec stuff remaining.
There doesn’t appear to be a firewall active, though that may be because of running HJT from safe mode. Also no mention of avast ???
Hi Justin-xp,
On your Grandma’s computer go to start and at execute give in: “eventvwr.msc” (without “”).
Report what errors you got there in event viewer.
Download Slient Runners from here: http://www.silentrunners.org/Silent%20Runners.vbs
or when she has a XP machine: http://www.silentrunners.org/Silent%20Runners%20RED.vbs
Run it and post what it find as an attachment, info how to: http://www.silentrunners.org/sr_scriptuse.html
polonus