HJT log

I've got an older Toshiba laptop, running windows 98. For the last six months it's gotten slower and more unreliable. Here is a HJT log.

Logfile of HijackThis v1.99.1

Scan saved at 1144 AM, on 5/2/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\WINDOWS\SYSTEM\TPWRMGR.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\PROGRAM\SOFFICE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TFunckey] TFunckey.Exe
O4 - HKLM\..\Run: [TPwrMgr] TPwrMgr.Exe
O4 - HKLM\..\Run: [TDspOff] TDspOff.Exe B
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] (value not set)
O4 - HKLM\..\Run: [NAV DefAlert] (value not set)
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\irmirk.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [THotkey] THotkey.Exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: rdpr.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O11 - Options group: [TB] Toolbar

Hello,radio geek & Welcome

Now first thing you should do is update IE you are
running a way out of date IE also download & run
both Ad-aware Se & Spybot

could you please update and run both Spybot S+D and Adaware, as per these instructions.

as for the logfile

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

This one here any idea what it is if no then don't fix for now anyone
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\irmirk.exe
O4 - Startup: rdpr.exe

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\irmirk.exe<---This file

do a file Search for this here
rdpr.exe<---This file if found delete it

& here is a prog to clean up junk files

popular programs for doing this, is a freeware program calledCrap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.

you should also run a Scandisk & Defrag

HGD

I ran both Ad-aware and spybot before running HJT. As far as an IE upgrade let me give you a little background. I've been fighting this computer for about four months. Three weeks ago it totally crashed. It would never boot up to windows. I have a thread going under the "windows 98" forumn if you need to follow what happened in the past. I've reloaded Windows four times. Every time it takes me back to IE4. When I upgrade to IE6 it seems to cause alot of troubles so I'm running Firefox right now. I've got enough problems right now, so I haven't upgraded yet. I'm might have to so I can download any upgrades from Microsoft. I will try your other instructions and if you want me to load IE6 let me know. As far as the line "O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart" I believe I get an error, everytime I reboot, that is related to this. I should also tell you I just reloaded Windows on Friday and didn't turn on the computer until yesterday.

I just followed your instructions. When I rebooted I did get an error relating to "winup2date.dll". The error was "a dynamic link library (dll) initialization routine failed".
I also downloaded and installed "crapcleaner". When I try to run it I get an "illegal operation error". I have ran "registry mechanic" to clean up the registerys. Also I have done a defrag and scandisk within the last week or so, but I have to run them in safe mode or they will not complete.

Hey,radio geek

Ok please go to Safe Mode do a search
for that file see if you can delete it

HGD

Ok I got rid of that file. I also got crap cleaner to run. Ran another Ad-Aware, Spybot S&D and thru in a spyware doctor and registry cleaner just for fun. Tonight I will do a defrag. I also updated IE and installed microsofts security patches.

Now I ran Housecall. It came up with 5 viruses here they are:
TROJ QLOGIC.A C:\Windows\Start menu\progra...
TROJ QLOGIC.A C:\Windows\wqbwq.dat
TROJ SMALL.KZ C:\Windows\qool.exe
TROJ QLOGIC.A C:\Windows\irmirk.exe
TROJ QLOGIC.A C:\Windows\Program Files\Hijack this\ Back..
The first, second, third, and fifth are listed as non cleanable and the fourth is listed as cannot access. I deleted the non cleanables and I'm going to try to get rid of irmirk.exe again.

Tried to get rid of irmirk.exe again. As far as your instruction "Delete the following files\folders IF still present:
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\irmirk.exe<---This file", I wasn't sure were you were going with it. I went into safe mode, did a file search for "irmirk.exe". Found it, deleted it, emptied the recycle bin, then restarted the computer. It's right back in the Hijack this log.