25 replies to this topic

[Number2]

Hi everyone. First time poster, Semi-long time reader.
I have a fairly old pc with a fairly old OS, and so I wouldn't be too surprised to hear that my computer is dieing and needs to be upgraded.

I told some friends and they recommend this site to ensure it's the computers fault for the random inconviences and not spyware or malware.
So I signed up and followed all instructions and guides from other posts to get rid of spyware and now I ask for someone(s) to take a look and help me with my HJT log and computer.

Logfile of HijackThis v1.99.1
Scan saved at 10:15:26 PM, on 3/21/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGW.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGW.EXE
C:\WINDOWS\DESKTOP\CLEANERS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab


Compared to other HJT logs, I think mine looks fairly clean. However, the problem STILL persists...
Now the major problems are::
1) my monitor randomly turning off into an unrecoverable state (forcing me to restart)
and
2) my cd drive slowly dieing out and becoming illiterate (forcing me to return many borrowed/bought cds).

It maybe hard for me to say it... But I need a professionals advice and help.

~Number2

[krit86lr]

Hi Number2, and welcome to the forum.

I don't do the HJT log analysis's, but I wanted to welcome you here. AndyManchesta usually handles the HJT log's and he will be back either in a few hours, or tomorrow.

Tarun, rridgely, and DjLizard also help with HJT logs. I say this so that you know who the professionals are.


Have a nice day, and welcome.
K

[AndyManchesta]

Hi Number2, Welcome To The Forum

With this being Windows 98 it does limit our options for tools or fixes to use, The first thing I notice in your log is 2 Anti-Virus programs starting with Windows. This could lead to alot of conflicts on the system if they are both providing Real Time protection. Its fine to have more than one if only one is providing the Real Time protection feature and the other(s) are used only as On Demand scanners where you start them manually when needed and close them after a scan.

Its up to you which one you want to use full time, If you have paid for Kaspersky and AVG is the free version then that is maybe the best one to keep running with Windows and offering the protection, As AVG is free it can either be uninstalled and installed again another time or disabled from Startup so it doesnt run with Windows.

To uninstall AVG use the Add/Remove programs screen (Click Start, Select Settings, and Select the Control Panel. Double Click the "Add/Remove Programs" icon to open it. Click AVG, The program name will highlight (in blue) and the "Add/Remove" button will activate. Click the "Add/Remove" button and confirm you want to remove it).

To disable AVG from starting with Windows and keep it on the pc as a On Demand scanner which you can start manually when needed. Goto Start > Run > type MSCONFIG in the open box and then press Enter or OK. Click the startup tab (on the far right of the screen) . This shows you whats starting with Windows.

Uncheck the boxes for AVG (AVG7_CC & AVG7_AMSVR) You can also uncheck WinampAgent if you do not use Winamp that often as its running all the time on your system , You can repeat the steps to re-enable them anytime you want. After making any changes press Apply then OK , you will get a pop up message showing you need to reboot to make the changes. Click Yes and the system will reboot.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer after completing the below steps.


You have a line in the log which indicates Trojan Vundo has been on the pc at some stage, Ive never seen that infection on a Win98 machine but it does appear to be a leftover entry and not a threat. The main Vundo fixtool that is used on forums isnt compatible with Win98 so just to be sure its been removed can you run Symantecs Vundo Fixtool

Download from HERE and save it to your desktop.

Locate the file that you just downloaded.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. If it shows the system is infected then reboot and run the fixtool again to make sure it then shows clear.


Run Hijack This and choose Do A System Scan then place a check next to this entry

O2 - BHO: (no name) - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - (no file)

Close all open browser and other windows except for Hijack This and press the Fix Checked button

Finally run a scan at Panda which I can see you have already used as it may show if there is any remaining issues.

Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.


If the problems continue and the scanner we used above shows clear you may want to run the System File Check feature in Windows to make sure none of the system files are damaged.

You must use an original Windows 98 CD to use SFC

Click Start, and then click Run.
Type SFC and then click OK. This launches the System File Checker dialog box.
In The Select A Option area place a check next to Scan for Altered Files
Click Start and then follow the onscreen prompts, make sure you have the original disk incase its required

Please post the Pandascan log and let me know if you have any problems or questions regarding any of the above steps.

Cheers

Andy

[Number2]

Hi Andy,

So far so good. I did pretty much everything you suggested and asked however there is one thing that I can't do. The pandascan.

Why? Everytime I attempt to scan, it starts out fine, but somewhere during the scan, the screen turns off by itself (even though the monitor power is still on).

I tried doing the scan in safemode hoping it would help... Still, no dice.

Other than that everything else is done.

~Number2

[AndyManchesta]

Hi Number2

Can you check your Control Panel and see if Power Options is in the menu , I know it is on NT based systems but Im not sure about Win98, On mine if I press Power Options it has a area called Settings for Always On Power Scheme, on mine the default is to turn off the Monitor after 20 minutes. If you have a similar entry change it to Never , On the same page I have a Hibernate tab , If its similar on yours can you uncheck the box for Enable Hibernation on that tab and if you make any changes press Apply and OK . It may not be connected to this and the option may not be supported on Win 98 but its worth checking.

If you still have problems with Panda try one of these two scanners .

Run BitDefender Online Scanner

• Please go HERE to run BitDefender's Online scan.
  
• Read the terms and then clickI Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Reboot the PC again

or

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

Your pc maybe clean but Id like to at least get one online scanner to complete the scan

Cheers Andy

[Number2]

Hi Andy!

I'm pleased to tell you that I FINALLY somehow got my computer to successfully complete and save the Pandascan log - I love karma -

Pandascan log ::

Incident Status Location

Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\SYSTEM\VX0.NLS
Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM\ide21201.vxd
Adware:adware/savenow Not disinfected C:\WINDOWS\SYSTEM\baur5s9q.dat
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM\ritsacnk.dat
Adware:adware/ncase Not disinfected C:\TEMP\salm_kyf.dat
Spyware:spyware/bridge Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.inf
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\Application Data\Sskknwrd.dll
Adware:adware/blazefind Not disinfected C:\WINDOWS\Key2.txt
Spyware:spyware/adclicker Not disinfected C:\WINDOWS\usta32.ini
Adware:adware/lop Not disinfected C:\PROGRAM FILES\C2Media
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch
Adware:adware/e2give Not disinfected C:\PROGRAM FILES\E2G
Adware:adware/topconvert Not disinfected C:\PROGRAM FILES\TopConverting
Adware:adware/comedy-planet Not disinfected C:\PROGRAM FILES\Comedy-Planet
Adware:adware/dyfuca Not disinfected C:\PROGRAM FILES\Internet Optimizer
Adware:adware/wintools Not disinfected C:\PROGRAM FILES\COMMON FILES\WinTools
Potentially unwanted tool:application/funweb Not disinfected HKEY_CLASSES_ROOT\FUNWEBPRODUCTS.KILLEROBJMANAGER.1
Adware:adware/purityscan Not disinfected Windows Registry
Dialer:dialer generic Not disinfected HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\caeohlsu.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\caeohlsu.default\cookies.txt[.realmedia.com/]
Spyware:Spyware/ShopNav Not disinfected C:\WINDOWS\SYSTEM\SearchHook.dll
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\exclean.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\SYSTEM\instsrv.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[exdl.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[javexulm.vxd]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[msexreg.exe]
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[instsrv.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\netut80ex.vxd[exclean.exe]
Adware:Adware/Lop Not disinfected C:\WINDOWS\Application Data\Debug boob five\zxeyntjw.exe
Adware:Adware/Lop Not disinfected C:\WINDOWS\Application Data\Debug boob five\ldluvcnm.exe
Adware:Adware/Lop Not disinfected C:\WINDOWS\Application Data\Road open mail regs\Burn Shim.bk!
Adware:Adware/Lop Not disinfected C:\WINDOWS\Application Data\Road open mail regs\Ball Style.bk!
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\caeohlsu.default\cookies.txt[]
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\caeohlsu.default\cookies-1.txt[]
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Key2.txt
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\adp8034_CDT5.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\SurfSideKick 2\SskCore.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\SurfSideKick 2\Ssk.exe


Anyways, I'm kind of wondering why neither spybot NOR adaware detected any of these so called "infections"
I thought the scan would be semi-clean... but clearly it isn't... I'd really like to know whats going on
And yes, I did run spybot again and it said I was clear of immediate threats... Whats going on?!

P.s I attempted the other scans, but I don't think my computer could handle any of them. The computer self restarted.
p.s.s Spybot won't let me turn off teatimer lol, the error message says "Error::Text exceeds memo capacity"

~Number2

[AndyManchesta]

Hi Number2

Id recommend uninstalling Spybot if it will not let you turn Teatimer off, It can be put back on once the system is clean. Each scanner has a different database of malware so I'm not suprised that Spybot is showing clear when there is still clearly infections on your system. I can see you have tried Ad-Aware SE but can you install the VX2 cleaner they have and see if it detects any problems.

It would help to see the contents of your Add/Remove screen as some of the junk might have uninstallers especially programs like SurfSideKick

Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
Once in the "Configuration" panel, click "Misc Tools" button.
Then click the "Open Uninstall Manager..." button.
The "Add/Remove Programs Manager" panel should appear.
In this panel click the "Save list" button.
Save the "uninstall_list.txt" file to your desktop.
Then copy and paste the contents of the "unistall_list.txt" file into your next reply.

Here's the setup instructions for Ad-Aware and the VX2 cleaner but skip the main install if you already have it installed.

• Download Ad-Aware SE from Here
  
  Install Ad-Aware using the default settings, When it gets to the final part of the installation it will show a screen displaying 'Ad-Aware SE Personal has been successfully installed', on this screen you will see three checkboxes, uncheck 'Perform a full system scan now' and 'Open the help file now' but leave a check next to 'Update definition file now' then click Finish.
  Ad-Aware will then open and perform a Web update to update its definitions, once thats complete it will open Ad-Aware's main menu screen, When you get to this stage please close Ad-Aware as we will be running it abit later.
  
  
  
• Next download Ad-Aware SE VX2 Cleaner Add-On from Here
  
  When its finished downloading run the 'vx2cleaner_inst.exe' file and keep clicking Next on the install screen to allow it to install onto your system in the default location, when thats done press Finish.
  
  
  
• Download CWShredder from Here. Save it to your desktop but no need to run it yet.

Run Ad-Aware SE and click Add-Ons from the main menu screen, Left click VX2 Cleaner then press the Run Tool button, then click OK to start the tool. If it detects the infection Select Clean System then it will ask you to reboot and perform a smart scan to remove the final traces, Click Close, and exit Ad-Aware.

Reboot the system and run Ad-Aware again, from the main menu screen click Start, then click Perform Full system scan and Next, follow the prompts on screen and let the scan finish.
When the scan has completed, select Next. In the Scanning Results window, select the "Critical Objects" tab. Right-click on the screen and choose Select all objects. Click Next to remove the infections found, and click OK at the prompt, then close Ad-Aware.

Run CWSredder and press the Fix button, Once its finished scanning and displays the results close CWShredder.


I will check the files Panda detected now and make another reply but if you can post the contents of the Add/Remove list it will make it abit easier.

Cheers

Andy

[Number2]

Hi Andy.

The uninstall_list that you asked for ::

¶Ã»R¤T°êOnline ¥Dµ{¦¡ 1.173
101 Dalmatians StoryBook
3D Maze Man
Adaptec DirectCD
Adaptec Easy CD Creator 4
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Illustrator 8.0
Adobe Photoshop 5.0
AOpen FM56-P 56K Modem
a-squared Free 1.6
AVG Anti-Virus 7.0
CCleaner (remove only)
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Conexant SoftK56 Modem
EarthView V3.3.1
Fatal Fury (Remove only, requires CD)
HijackThis 1.99.1
Japanese Language Support
Kaspersky Anti-Virus Personal
Lavasoft VX2 Cleaner
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Shockwave Player
Mall Tycoon
Messenger Plus! 3
Microsoft Global IME for Chinese (Simplified)
Microsoft Global IME for Chinese (Traditional)
Microsoft Global IME for Chinese (Traditional) ChangJie
Microsoft Global IME for Japanese
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook 2000
Microsoft Web Publishing Wizard 1.6
Midisoft Sound Bar
Milton Bradley Classic Board Games
Monopoly
Monopoly Junior
Monopoly Tycoon
Mozilla Firefox (1.0.7)
MSN Messenger 7.0
Netscape Communicator 4.7
Netscape Navigator
NJWIN - NJStar CJK Viewer
Operation
OPTi 931 Audio Drivers
Panda ActiveScan
Parker Brothers Classic Card Games
PC Camera
PolyMedia SDK Trial Version
QuickLink MessageCenter III
QuickTime 3.0
RealJukebox
RealPlayer G2
RollerCoaster Tycoon
S3 Gamma
S3 Refresh
Scrabble
SpeedFan (remove only)
SpywareBlaster v3.5.1
Starcraft
The Game Of Life
Third Grade Adventures
TreeSize 1.75
Tweak UI
Üc¶H-©ú¬P¤T¯Ê¤@2002
USB PC Camera 301P
Wheel of Fortune 2003
Who Wants To Be A Millionaire
Winamp (remove only)
Windows Media Player 7.1
WinZip
Yahoo! Toolbar

Majority of these items are rarely used anymore. I keep the games and such incase family or younger relatives wish to play games on my computer. The 2 items with weird symbols are old chinese games, so we can ignore those... As for the rest, I'm not sure if it'll help much but it's what you asked for.

By the way, thanks for your advice and help, so far it's helped me ALOT, and my system seems to have increased in speed by 60zillion% you're the greatest Andy

~Number2

[AndyManchesta]

Thanks for the Add/Remove log, Panda found alot of files that should have Add/Remove screen entries but they are not in your list so we can just remove the files.

You need to Uninstall Messenger Plus because you have the LOP infection which would of been installed with that program if you accepted the sponsor. You can reinstall it again once the pc is clean but when installing choose the 'I refuse to give my support' option.

After removing Messenger Plus and the Sponsor reboot the pc.

Can you download the attached Batch file (Fix.zip) and save it to your desktop, Extract and double click Fix.bat to run the script after the reboot, It will attempt to remove all the files Pandascan found and then open Notepad when its finished showing if any files remain.

I've left these 3 folders out of the fix incase they are connected to your games but if the games are not from any of them you can remove these folders

C:\PROGRAM FILES\comedy-planet
C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\MyWebSearch


Can you post back the results of the batch file (files.txt) after its finished the scan. Its also saved into c:\drive if needed.

Thanks

[krit86lr]

I apologize for imposing, but I can't resist.

Your title is so cute!!! And kinda sad. Andy's awesome, and he's good at helping people. You're computer won't die. : )

(Well, if it does die, it will be from age) ; )

[AndyManchesta]

Ive updated the fix script to suit Win98 as I'm abit unsure if it will understand the %systemroot% and remove directory tags in the first batch, If you downloaded the last one, remove it and run this file ,

Cheers

[Number2]

krit86lr, on Mar 23 2006, 10:11 PM, said:

I apologize for imposing, but I can't resist.

Your title is so cute!!! And kinda sad. Andy's awesome, and he's good at helping people. You're computer won't die. : )

(Well, if it does die, it will be from age) ; )

Haha thanks! And yes, Andy is awesome ever since Andy helped, my computer crash rate has actually gone down by 110% and speed up by -- a really high %

Anyways, here's the files.txt you asked for Andy::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Found ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**\System\baur5s9q.dat**
**\System\ritsacnk.dat**
**\System\SearchHook.dll**
**\usta32.ini**
**\adp8034_CDT5.exe**
**\TEMP\salm_kyf.dat**
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Remaining ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**\System\baur5s9q.dat**
**\System\ritsacnk.dat**
**\System\SearchHook.dll**
**\usta32.ini**
**\adp8034_CDT5.exe**
**\TEMP\salm_kyf.dat**
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Remaining ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**\System\baur5s9q.dat**
**\System\ritsacnk.dat**
**\System\SearchHook.dll**
**\usta32.ini**
**\adp8034_CDT5.exe**
**\TEMP\salm_kyf.dat**

In the first Fix.bat you gave me, it only detected salm_kyf.dat

Edit: Oh yeah, after uninstalling and reinstalling spybot, it ended up working and detecting/fixing all the problems it missed.

~Number2

[AndyManchesta]

Looking at the log it appears it didnt understand the delete command,

does it show that Im not great with Win98

Can you do the same with this file Ive attached as Ive changed the command again, If it still doesnt remove them they maybe in use but we can use a program called Killbox if they are.

Just to make sure there is no more problems can you run another scanner

TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
  
• Click Scan now. It's free!
  
• Read and put a Check next to Yes I accept the terms of use.
  
• Click the Launching HouseCall>> button.
  
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
  
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  
• Please be patient while it installs, updates, and scans your system.
  
• Once the scan is complete, it will take you to the summary page.
  
• Under Cleanup options, choose clean all detected infections automatically.
  
• Click the Clean now>> button.
  
• If anything was found you may be prompted to run the scan again, you can just close it when it gets to that stage.

Thanks

[Number2]

Hi andy.

No can do with the TrendMicro scan... I got as far as the first step and nothing would happen after that.

As for the fix.bat scan::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Found ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**\System\baur5s9q.dat**
**\System\ritsacnk.dat**
**\System\SearchHook.dll**
**\usta32.ini**
**\adp8034_CDT5.exe**
**\TEMP\salm_kyf.dat**
**\TEMP\salm_kyf.dat**
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Remaining ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Files Remaining ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'm guessing a 4th scan will be needed?

[AndyManchesta]

No , Third time lucky It found them and then showed none of them remained so thats what it should of done the first time, If you run it again it then should show no files and no remaining .

There's some removal tools for the files that Panda found so they might be worth running as they are only small and will clear any of their registry entries that are still on the pc.

BargainBuddy
180 Search
Internet Optimizer
Wintools

EDIT: just noticed you couldn't run Trend, try Kaspersky

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop.

[Number2]

Hey Andy.

Just when I thought my computer was rid of all nuisances... It just HAD to prove me wrong.

Neither the Trend Micro nor Kaspersky Online scanner worked for me. In both cases, the scans made my screen go blank, as if my computer was off and I had left my monitor on. However, my computer was still on, and my monitor was still on but it didn't show anything. Just a blank and black screen.

Panda scan didn't work for me either - not that it did the first try - but it did work before...

Infact, believe it or not, I even had some serious trouble typing this out on my computer since the screen kept on going blank after I typed to about this point...

I'm right now sending via my friends computer since his works fine.
I'm getting really tired of having to restart my computer and I think my computer is pretty upset about it too.


Anyways as for the other removal tools you had given me, they worked great, 3/4 of them didn't detect the files being on my pc but at least it was worth a try and it did get rid of the 180search.

I think i'll post my HJT log again to see if it'll be of any help... Spybot/Ad-Aware both showed my computer was clear after I uninstalled and reinstalled and updated them.

So one last look at my HJT and if there are no more solutions to fix my computers main problems... I'm afraid... :sniff: It will have to be :sniff: put down ::

Logfile of HijackThis v1.99.1
Scan saved at 12:03:27 PM, on 3/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\DESKTOP\CLEANERS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

P.s even HijackThis "crashed" my computer But I knew my computer well enough to blindly manage to save my log on my network to my "newer" computer.
Friends suggested all this was happening because of low RAM... What do you think?
P.s.s :crying: Even leaving my computer on doing nothing for about 10min makes it "crash"

Desperately asking for help to save a computers old life,

~Number2

[AndyManchesta]

Sounds like a sick pc Can you try adjusting the monitor settings then visiting Windows Updates and see if there is anything available for you, if it continues run a scan at PC Pitstop.

Visit This Page and follow the steps, on the screensaver part set more time for the Screensaver to wait before showing and on the Power Schemes part change the 'Turn off monitor' settings to Never then click Apply and OK to check if its connected to the blank screen.


Visit Windows Updates -- http://windowsupdate.microsoft.com/


Then register (it's free, don't worry) with PCPitStop and run the full tests here:

http://www.pcpitstop...top/default.asp

Click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:

Quote

TechExpress link for your current results:
http://www.pcpitstop.com/techexpress.asp?i...HK0WE3HLEWRE99Q

hopefully if it can complete the test it will give some clues on whats causing the problems.

Andy

[Andavari]

After the malware is dealt with and removed some of your Win9x crashes "may" be elleviated using the VxD Bug Fix, absolutely no guarantee's though.

[Number2]

Hi Andy,

TechExpress link for my current results:
http://www.pcpitstop...T8K0WNC4SJSXX6Q

If only I was a little less computer illiterate I might be able to see the problem...

~Number2

[AndyManchesta]

The only part that looks related might be the RAM , with it being 64MB and shows there is six slots for RAM on your board and five are empty so it would be good to upgrade that at sometime if you can,

There's a few things that can be removed from the Add/Remove screen.

LiveUpdate 1.6 (Symantec Corporation) Symantec Corporation
LiveReg (Symantec Corporation) Symantec Corporation
Panda ActiveScan Panda Software S.L.
Kaspersky On-line Scanner Kaspersky Lab

Ive included Symantecs as it doesnt look like its on the pc now but keep them if it is.

Its probably worth running scandisk by following the steps Here to check the drive for problems

Can you also reset the settings for the restricted sites zone

Open a I.E window > click Tools from the top bar > then Internet Options and click the Security tab, Goto the Restricted Site zone and press Default Level then press Apply and OK,

Have you tried Andavari's link ?