Decided to clean up my old micron laptop. 233MHz mmx pentium, 48mb ram, (SO much!), 3gb hdd, cd-rom with BACKPACK External CD-RW drivers installed. The things been hijacked, seems to be in WORSE condition than the dell 8200, and has 1.49 gb free. I am going to install Microsoft AntiSPyware Beta and have a wireless pc card.

268 problems found with spybot, 33 unfixed.

Post a HJT log and let us look at it.

Logfile of HijackThis v1.99.0
Scan saved at 9:18:28 PM, on 1/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HRFVIP.EXE
C:\WINDOWS\TEMP\RE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
C:\WINDOWS\SYSTEM\OIGON.EXE
C:\WINDOWS\JAWA32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\OUTAEE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://activex.bicurioz.com/page/cs.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://activex.bicurioz.com/page/lp.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM\b0ro0m.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [fyexlzxkzi] C:\WINDOWS\SYSTEM\hrfvip.exe
O4 - HKLM\..\Run: [RE] C:\WINDOWS\TEMP\RE.EXE
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [r22X36Q] OIGON.EXE
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunOnce: [MONEYA4M.EXE] C:\WINDOWS\SYSTEM\MONEYA4M.EXE /k
O4 - HKCU\..\Run: [a1t7RWcpX] OUTAEE.EXE
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [MONEYA4M.EXE] C:\WINDOWS\SYSTEM\MONEYA4M.EXE /k
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .com/AttachedPrint/A0301600000001780000554468B4A76F0296071884: C:\PROGRA~1\INTERN~1\PLUGINS\NPWESTATP.DLL
O16 - DPF: BBSetup - http://bonzi.www.conxion.com/freebuddy/wd/bbsetup.exe
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

Disable Tea Timer in the Spybot Program

Have HJT fix the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://activex.bicurioz.com/page/cs.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://activex.bicurioz.com/page/lp.html
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM\b0ro0m.dll


O4 - HKLM\..\Run: [fyexlzxkzi] C:\WINDOWS\SYSTEM\hrfvip.exe
O4 - HKLM\..\Run: [RE] C:\WINDOWS\TEMP\RE.EXE
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [r22X36Q] OIGON.EXE
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\RunOnce: [MONEYA4M.EXE] C:\WINDOWS\SYSTEM\MONEYA4M.EXE /k
O4 - HKCU\..\Run: [a1t7RWcpX] OUTAEE.EXE
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\RunOnce: [MONEYA4M.EXE] C:\WINDOWS\SYSTEM\MONEYA4M.EXE /k
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Re-boot and post another log

Much more faster.Logfile of HijackThis v1.99.0
Scan saved at 10:32:56 PM, on 1/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HRFVIP.EXE
C:\WINDOWS\TEMP\RE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
C:\WINDOWS\SYSTEM\OIGON.EXE
C:\WINDOWS\JAWA32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\OUTAEE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\AIM95\AIMAUTO.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM\5bpbz6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunOnce: [da9yw9u.exe] C:\WINDOWS\SYSTEM\da9yw9u.exe /k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [da9yw9u.exe] C:\WINDOWS\SYSTEM\da9yw9u.exe /k
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .com/AttachedPrint/A0301600000001780000554468B4A76F0296071884: C:\PROGRA~1\INTERN~1\PLUGINS\NPWESTATP.DLL
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

Disable Tea Timer and fix:

O1 - Hosts: 66.40.16.227 www.yahoo.org

O4 - HKLM\..\RunOnce: [da9yw9u.exe] C:\WINDOWS\SYSTEM\da9yw9u.exe /k
O4 - HKCU\..\RunOnce: [da9yw9u.exe] C:\WINDOWS\SYSTEM\da9yw9u.exe /k

I knew those two were very suspicious....I'll let it charge and do it...it was barely useable-it took 45 minutes to start up, (not boot up), and now everything my cousin and I had remains intact. he gave it to my sister 2 or 3 year s back, but she hated laptops. I took over, had three pcs at once-another Micron XKE laptop, same specs, but 64mb RAM, (that thing was awesome!) and my old dell desktop 450MHz which I'm sure you've all heard about.
Please note that this laptop no longer is under warranty and no one except me actually uses it and cares about it....it dates back from late 1997. I have two partitions, one is 999mb free and not used, the other is 1.99gb and 400mb free. I'm shocked at its' utterly fast performance. I have
Windows Millenium, tried to put XP on it 3 years back, it needed more RAM...left it at Windows ME.Speaking of Millenium, can I go back to millenium instead of xp for my dell t450? It had millenium. ANd the reason why is simple-I want something that actually meets the recommended system requirements.

hopefully my laptop is clean..i got rid of the dell object
Logfile of HijackThis v1.99.0
Scan saved at 1:24:26 PM, on 1/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM\f10ua7o.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .com/AttachedPrint/A0301600000001780000554468B4A76F0296071884: C:\PROGRA~1\INTERN~1\PLUGINS\NPWESTATP.DLL

You are almost done:

Disable Tea Timer one more time and have HJT fix:

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM\f10ua7o.dll

Re-boot and re-post a new log.

I hope that will do it. How is the system running? We will need to put some protections on there, bit it will be a servicable PC for net browsing and Word Processing.

The system runs fine. Although I need a keyboard due to the mssing space bar and "n" key.

I don't know. I have a feeling that BHO and associated .dll is morphing. Try rebooting and running a HJT scan a few times and see if that entry changes. If it does, you still have problems. If not, then I'm just a worry wart... ;)

You are not a woory wart. It's the same CLSID and it is morphing.

finally!
Logfile of HijackThis v1.99.0
Scan saved at 11:00:10 AM, on 2/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .com/AttachedPrint/A0301600000001780000554468B4A76F0296071884: C:\PROGRA~1\INTERN~1\PLUGINS\NPWESTATP.DLL

You look clean.

Now get yourself a firewall:


Kerio (http://www.kerio.com/kpf_download.html)
Sygate (http://www.sygate.com/firewall/)
Zone Alarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp;jsessionid=BzJnZDxzyCUCcyZMB2t0Qco 5IgutuYlrOMI5snmy1ZptQ2vOr1l1!776180791!-1062696904!7551!7552!-2099742426!-1062696903!7551!7552)

You also need some good AV software.

How is it running.....

runs like new....any free av;s and firewalls? McAfee would slow it down, i'm guessing

The firewalls are listed above.

Free AV:

Avast (http://www.avast.com/eng/down_home.html)

or

AVG (http://free.grisoft.com/freeweb.php/doc/2/)

By the way, from now on you should charge your sister $25.00 per hour to fix her PC and $50.00 per hour when she does not follow your advice....

Firewall-ZOne Alarm free, virus scan-AVG. System runs well, wish it had more ram.

What is the model number and name of the PC?

Micron Transport Trek VLX Enhanced

did an AVG virus scan-57 viruses-all trojans