Solve : Help if possible...Microsoft Must Close, IE Errors, Virus??

1.	Solve : Help if possible...Microsoft Must Close, IE Errors, Virus??
Answer» I am NOT an expert with computers as you probably already gather.... would really apprieciate help on getting this poor machine running right again in...I'm not afraid to ask questions and will...So please get me going in the right direction and what to do...I'll do anything except suggesting to give up and through this computer in the garbage... Running Windows 98... Did update anything I could from Microsoft for my system.. My Norton is So far outdated...I need to get rid of it for something free... Should I go on??? Another challenge...I am one of the fortunate people that have been layed opff...So I am broke and need to use programs that I could download for free... Welcome to CH. To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name. Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC and run the tool again to ensure everything has been removed. Delete Nortonremoval tool from your Desktop. . ---------- Install Avast Home Free. Avast! Home Free Edition ---------- Download TrendMicro HijackThis.exe (HJT) to the Desktop. Double-click on HJTInstall. Click on the Install button. It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Upon install, HijackThis should open for you. Click on the Do a system scan and save a log file button HijackThis will scan and then a log will open in notepad. Copy and then paste the entire contents of the log in your post. Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required. Mach. is running like MUD...lol Probably will have to do all over again... What I did as the deleting and loading went on... I downloaded the Norton removal for Windows 98... When a message came up to delete or not the quarintined items...I freaked and said no... Remember YEARS ago had a worm or something and didn't know if it would come crawling backout...Hope you could tell Anyway did all that you wanted me to do.. Thanks for helping...and hope I could get this working...Let me know what's next... If you see anything else that I could toss I'd be greatful...I don't use the netscape crap... Deb Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:01 PM, on 10/8/08 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\NAV\HOTKEY.EXE c:\windows\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE C:\CYBERTRIO\SHOWMODE.EXE C:\PROGRAM FILES\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\Program Files\Mediascape\OnScreen Display\OSD.exe C:\WARNER\WARNER.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) F1 - win.ini: run=c:\windows\OPTIONS\systools\cyxid98.exe N1 - Netscape 4: user_pref("browser.startup.homepage", "http://HOME.netscape.com/"); (C:\Program Files\Netscape\Users\lukesan\prefs.js) O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE" O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE O4 - HKLM\..\Run: [CyberTrioModeInfo] C:\CyberTrio\ShowMode.exe O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe O4 - HKLM\..\Run: [SystemWizard Sniffer] C:\Program Files\Common Files\SystemSoft\sniffer.exe O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Mediascape\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [OnScreen Display] C:\Program Files\Mediascape\OnScreen Display\OSD.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Warner] C:\Warner\Warner.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [krmfgr] C:\WINDOWS\krmfgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\RunServices: [Winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O12 - Plugin for .mov: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPQTW32.DLL O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll O15 - Trusted Zone: http://.windowsupdate.microsoft.com O15 - Trusted Zone: http://.windowsupdate.com O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/ActiveX/MSSurVid.cab O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/arcadegames/fallingstars/wtinst.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/175041be21b875c1b718/netzip/RdxIE601.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/solotriv/solotriv.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://gamingclub.microgaming.com/gamingclub/FlashAX.cab O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {84B40160-54E0-4D2F-AC18-A6D31A9AC732} (NavWin Class) - https://jump.navahonetworks.com/navaho/dialerx.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.4.9/applet/monopoly/monopoly-en_US.cab -- End of file - 8593 bytesOpen HijackThis and select Do a system scan only. Place a check MARK next to the following entries: (if there) - R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) - O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL (file missing) - O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE - O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE - O4 - HKLM\..\Run: [krmfgr] C:\WINDOWS\krmfgr.exe - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - O4 - HKLM\..\Run: [EarthLink Installer] " /C - O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup - O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') - O15 - Trusted Zone: http://.windowsupdate.microsoft.com - O15 - Trusted Zone: http://.windowsupdate.com Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "QuickenSEMessage"=- "BillMinder"=- "krmfgr"=- "TkBellExe"=- "EarthLink Installer"=- "CriticalUpdate"=- Locate fixme.reg on your Desktop and double-click it. Answer YES when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then: Double-click the CCleaner shortcut on the desktop to start the program. Click on the Options block on the left, then choose Cookies. Under Cookies to Delete, highlight any cookies you would like to retain permanently Click the right arrow > to move them to the Cookies to Keep window. Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours Click Cleaner on the left then Run Cleaner on the right to run the program. Important: Make sure that ALL browser windows are closed before selecting Run Cleaner Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry. Exit CCleaner after it has completed its process. . Restart the computer! ---------- Download and install SUPERAntiSpyware Free for Home Users Start SuperAntiSpyware and click Check for updates If you encounter any problems while downloading the updates, manually download and unzip them from here Once the update is finished, on the main screen, click Scan your computer Check Perform Complete Scan Click Next to start the scan. . When finished Superantispyware will list all the infections found. Make sure everything found has a check next to it and press Next Then click Finish It is possible that the Superantispyware asks to reboot the PC in order to delete some files. Locate the SuperAntiSpyware log as follows: Click: Preferences Click the Statistics/Logs tab Under Scanner Logs, double-click SuperAntiSpyware Scan Log . It opens in your default text editor (such as Notepad) Post the SuperAntiSpyware log in your reply.Did the system scan... checked and clicked fix check Came up with an error.. modmd5_6??? from Auto???.."/C ERR#5-Improper call Thought I could Copy and paste but couldn't... Then I clicked OK and exited....I could redo it if you want...cant read my writting... Then did the next step.... Adding this stuff to registry and It came out successful.... Now ready to download CCleaner Slim....but I thought to let you know about error and registry before I do this ...I'll wait for responce It should be OK if the registry file was successful. Just go on with the rest of the steps and we will go from there. Did it...3 hours to scan... Do you think that should do it? You are a very patient guy...And I thank You I have a couple little questions...dumb ones.. 1.Should I delete HJT Installation and Setupeng... 2.Noticed when scanning saw some programs... Vbox Installer, Symantec TBYB Norton Anti Virus 200 for Win9y... 3. A9installer_880461 2009 Microsoft Security Warning that poped up yesterday before the cleaning...could I just delete this stuff? Other then that ..I'll check tomorrow to see if you have anything else for me...Thanks.... Should I delete all of these? SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/08/2008 at 11:56 PM Application Version : 4.21.1004 Core Rules Database Version : 3593 Trace Rules Database Version: 1580 Scan type : Complete Scan Total Scan Time : 03:01:57 Memory items scanned : 160 Memory threats detected : 0 Registry items scanned : 2452 Registry threats detected : 21 File items scanned : 6888 File threats detected : 2 Adware.SmartPops HKLM\Software\Classes\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\ProgID HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\VersionIndependentProgID HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\Programmable HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\InprocServer32 HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\InprocServer32#ThreadingModel HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\TypeLib HKCR\SP.SmartPops.1 HKCR\SP.SmartPops HKCR\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0} C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL Adware.IST/SideFind HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} Adware.IST/ISTBar (Slotch Bar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{386A771C-E96A-421F-8BA7-32F1B706892F} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ISTactivex.dll [ ] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ] Adware.Avenue Media/Internet Optimizer HKU\.DEFAULT\SOFTWARE\Policies\Avenue Media HKLM\SOFTWARE\Policies\Avenue Media Adware.Starware C:\WINDOWS\DESKTOP\WEATHER_DIR.EXE Yes you can delete any installers and anything else you are done with, they are no longer needed. Any problems that remain are most likely not malware related. I suggest posting in the Windows forum if you need help on any other issues that remain. OK...Again thankyou...I hope I don't need to use you again... I'll have to go to the windows forum.. I will keep this folder open till all is done and give you the outcome. The machine is still running slow and things keep running...ByeHello again...I am having trouble with the avast and Super antiantispyware. I posted a message in the windows forum..and was told to have you help with configuring the settings for them or said you would show up soon...What you look at all the posts!...Busy guy Anyway......My computer keeps freezing and the programs keep running and slowing up everything...It's driving me coo coo... Dummy me needs help getting these set right...Thanks

Answer»

I am NOT an expert with computers as you probably already gather.... would really apprieciate help on getting this poor machine running right again in...I'm not afraid to ask questions and will...So please get me going in the right direction and what to do...I'll do anything except suggesting to give up and through this computer in the garbage...

Running Windows 98...
Did update anything I could from Microsoft for my system..
My Norton is So far outdated...I need to get rid of it for something free...
Should I go on???

Another challenge...I am one of the fortunate people that have been layed opff...So I am broke and need to use programs that I could download for free...
Welcome to CH.

To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.

.
----------

Install Avast Home Free.

Avast! Home Free Edition

----------

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.
Click on the Do a system scan and save a log file button
HijackThis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Mach. is running like MUD...lol
Probably will have to do all over again...
What I did as the deleting and loading went on...
I downloaded the Norton removal for Windows 98...
When a message came up to delete or not the quarintined items...I freaked and said no...
Remember YEARS ago had a worm or something and didn't know if it would come crawling backout...Hope you could tell
Anyway did all that you wanted me to do..
Thanks for helping...and hope I could get this working...Let me know what's next...

If you see anything else that I could toss I'd be greatful...I don't use the netscape crap...
Deb

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:01 PM, on 10/8/08
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NAV\HOTKEY.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE
C:\CYBERTRIO\SHOWMODE.EXE
C:\PROGRAM FILES\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\Program Files\Mediascape\OnScreen Display\OSD.exe
C:\WARNER\WARNER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
F1 - win.ini: run=c:\windows\OPTIONS\systools\cyxid98.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://HOME.netscape.com/"); (C:\Program Files\Netscape\Users\lukesan\prefs.js)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [PNPCHK] PNPCHK.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\ONLINE SERVICES\PRODIGY\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [CyberTrioModeInfo] C:\CyberTrio\ShowMode.exe
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [SystemWizard Sniffer] C:\Program Files\Common Files\SystemSoft\sniffer.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Mediascape\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OnScreen Display] C:\Program Files\Mediascape\OnScreen Display\OSD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Warner] C:\Warner\Warner.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [krmfgr] C:\WINDOWS\krmfgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [Winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O12 - Plugin for .mov: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPQTW32.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/ActiveX/MSSurVid.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/arcadegames/fallingstars/wtinst.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/175041be21b875c1b718/netzip/RdxIE601.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://gamingclub.microgaming.com/gamingclub/FlashAX.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {84B40160-54E0-4D2F-AC18-A6D31A9AC732} (NavWin Class) - https://jump.navahonetworks.com/navaho/dialerx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.4.9/applet/monopoly/monopoly-en_US.cab

--
End of file - 8593 bytesOpen HijackThis and select Do a system scan only.

Place a check MARK next to the following entries: (if there)

- R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
- O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL (file missing)
- O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
- O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
- O4 - HKLM\..\Run: [krmfgr] C:\WINDOWS\krmfgr.exe
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [EarthLink Installer] " /C
- O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
- O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
- O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
- O15 - Trusted Zone: http://*.windowsupdate.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"QuickenSEMessage"=-
"BillMinder"=-
"krmfgr"=-
"TkBellExe"=-
"EarthLink Installer"=-
"CriticalUpdate"=-
Locate fixme.reg on your Desktop and double-click it. Answer YES when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Download CCleaner Slim and save it to your Desktop.
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
Complete the installation then:

Double-click the CCleaner shortcut on the desktop to start the program.
Click on the Options block on the left, then choose Cookies.
- Under Cookies to Delete, highlight any cookies you would like to retain permanently
- Click the right arrow > to move them to the Cookies to Keep window.
Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
Click Cleaner on the left then Run Cleaner on the right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
Exit CCleaner after it has completed its process.

.
Restart the computer!

----------

Download and install SUPERAntiSpyware Free for Home Users

Start SuperAntiSpyware and click Check for updates

If you encounter any problems while downloading the updates, manually download and unzip them from here

Once the update is finished, on the main screen, click Scan your computer
Check Perform Complete Scan
Click Next to start the scan.

.
When finished Superantispyware will list all the infections found.
Make sure everything found has a check next to it and press Next
Then click Finish

It is possible that the Superantispyware asks to reboot the PC in order to delete some files.

Locate the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log

.
It opens in your default text editor (such as Notepad)

Post the SuperAntiSpyware log in your reply.Did the system scan...
checked and clicked fix check

Came up with an error..
modmd5_6??? from Auto???.."/C ERR#5-Improper call
Thought I could Copy and paste but couldn't...
Then I clicked OK and exited....I could redo it if you want...cant read my writting...

Then did the next step....
Adding this stuff to registry and It came out successful....

Now ready to download CCleaner Slim....but I thought to let you know about error and registry before I do this ...I'll wait for responce
It should be OK if the registry file was successful. Just go on with the rest of the steps and we will go from there.
Did it...3 hours to scan...
Do you think that should do it?
You are a very patient guy...And I thank You
I have a couple little questions...dumb ones..

1.Should I delete HJT Installation and Setupeng...
2.Noticed when scanning saw some programs...
Vbox Installer, Symantec TBYB Norton Anti Virus 200 for Win9y...
3. A9installer_880461 2009 Microsoft Security Warning that poped up yesterday before the cleaning...could I just delete this stuff?

Other then that ..I'll check tomorrow to see if you have anything else for me...Thanks....

Should I delete all of these?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2008 at 11:56 PM

Application Version : 4.21.1004

Core Rules Database Version : 3593
Trace Rules Database Version: 1580

Scan type : Complete Scan
Total Scan Time : 03:01:57

Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 2452
Registry threats detected : 21
File items scanned : 6888
File threats detected : 2

Adware.SmartPops
   HKLM\Software\Classes\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\ProgID
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\VersionIndependentProgID
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\Programmable
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\InprocServer32
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}\TypeLib
   HKCR\SP.SmartPops.1
   HKCR\SP.SmartPops
   HKCR\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0}
   C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL

Adware.IST/SideFind
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

Adware.IST/ISTBar (Slotch Bar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{386A771C-E96A-421F-8BA7-32F1B706892F}
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ISTactivex.dll [ ]
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.Avenue Media/Internet Optimizer
   HKU\.DEFAULT\SOFTWARE\Policies\Avenue Media
   HKLM\SOFTWARE\Policies\Avenue Media

Adware.Starware
   C:\WINDOWS\DESKTOP\WEATHER_DIR.EXE
Yes you can delete any installers and anything else you are done with, they are no longer needed.

Any problems that remain are most likely not malware related. I suggest posting in the Windows forum if you need help on any other issues that remain. OK...Again thankyou...I hope I don't need to use you again...
I'll have to go to the windows forum.. I will keep this folder open till all is done and give you the outcome. The machine is still running slow and things keep running...ByeHello again...I am having trouble with the avast and Super antiantispyware. I posted a message in the windows forum..and was told to have you help with configuring the settings for them or said you would show up soon...What you look at all the posts!...Busy guy

Anyway......My computer keeps freezing and the programs keep running and slowing up everything...It's driving me coo coo...

Dummy me needs help getting these set right...Thanks

Solve : Help if possible...Microsoft Must Close, IE Errors, Virus??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment