Tech Support banner

Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter #1
Hello!

I have Windows 98, and no anti virus software. I think that I have a virus because, my computer is being incredibly slow and certain pop ups keep coming up. Internet Explorer keeps on closing due to 'Illegal Operations', more so than usual. I am not very good on computers so would really appreciate any help anyone has to offer.

Thanks,

Liz

xxx
 

·
Premium Member
Joined
·
14,311 Posts
Hi Liz and welcome to TSF.

Please read the topic here and follow the steps there. When ready, post your HijackThis log here.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #3
Hiya, sorry for my ignorance. I only saw the 'Read this first' thing after I had posted my thread, which made me feel a little stupid! I hope I've done this correctly. Apparently I had two viruses and the internet scanner got rid of one, but was unable to access the other virus. Thank you so much for you help.

I got this log from the HijackThis thingy.


Logfile of HijackThis v1.99.1
Scan saved at 19:12:29, on 04/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
C:\WINDOWS\SYSTEM\S3MON.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS NETWORK UTILITY\WLANCFGG.EXE
C:\PROGRAM FILES\SURFACCURACY\SACC.EXE
C:\PROGRAM FILES\MIVPPE\TNECC.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE
O4 - HKLM\..\Run: [S3Mon] S3Mon.exe
O4 - HKLM\..\Run: [InvokeSvc.exe] C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Myryccxi] C:\PROGRAM FILES\MIVPPE\TNECC.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [test] 
O4 - HKCU\..\RunOnce: [test] 
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 38.9.211.2

Hope that's right! Thanks, again.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • Surf Accuracy
    ISTsvc

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Myryccxi] C:\PROGRAM FILES\MIVPPE\TNECC.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [test] 
O4 - HKCU\..\RunOnce: [test] 



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\SurfAccuracy\
    C:\PROGRAM FILES\MIVPPE\
    C:\PROGRAM FILES\ISTsvc\

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Online scan
    [*] Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
9 Posts
Discussion Starter #5
Hello!
I hope this is right! Thanks for all the help. My computer is working a lot better, it is quicker and Internet Explorer is not being as disruptive.

New HijackThis Log:-

Logfile of HijackThis v1.99.1
Scan saved at 14:02:29, on 05/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
C:\WINDOWS\SYSTEM\S3MON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS NETWORK UTILITY\WLANCFGG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE
O4 - HKLM\..\Run: [S3Mon] S3Mon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InvokeSvc.exe] C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 38.9.211.2

Online Scan (I think!):-
Incident Status Location

Adware:adware/ist.yoursitebar No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
Spyware:spyware/dyfuca No disinfected C:\PROGRAM FILES\Internet Optimizer
Adware:adware/ist.istbar No disinfected Windows Registry
Adware:Adware/IST.ISTBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.dll



Anti-spyware Log:-
Started Scanning
Files and Directories
Found 'LimeWire20.dll' in 'c:\Program Files\LimeWire'
Found '' in 'c:\Program Files\ISTsvc'
Found '' in 'c:\Program Files\YourSiteBar'
Found '' in 'c:\Program Files\Internet Optimizer'
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'adtech.de' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'valueclick.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'serving-sys.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}'
Found '' in 'SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}'
Found '' in 'SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\YSBactivex.Installer'
Found '' in 'SOFTWARE\Classes\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas.
Checking for 'c:\Program Files\LimeWire\LimeWire20.dll' in startup areas.
Cleaning 'c:\Program Files\LimeWire\LimeWire20.dll'
Checking for 'c:\Program Files\ISTsvc' in shortcut areas.
Checking for 'c:\Program Files\ISTsvc' in startup areas.
Cleaning 'c:\Program Files\ISTsvc'
Checking for 'c:\Program Files\YourSiteBar' in shortcut areas.
Checking for 'c:\Program Files\YourSiteBar' in startup areas.
Cleaning 'c:\Program Files\YourSiteBar'
Checking for 'c:\Program Files\YourSiteBar\yoursitebar.xml' in shortcut areas.
Checking for 'c:\Program Files\YourSiteBar\yoursitebar.xml' in startup areas.
Cleaning 'c:\Program Files\YourSiteBar\yoursitebar.xml'
Checking for 'c:\Program Files\YourSiteBar\imagemap_normal.bmp' in shortcut areas.
Checking for 'c:\Program Files\YourSiteBar\imagemap_normal.bmp' in startup areas.
Cleaning 'c:\Program Files\YourSiteBar\imagemap_normal.bmp'
Checking for 'c:\Program Files\YourSiteBar\version.txt' in shortcut areas.
Checking for 'c:\Program Files\YourSiteBar\version.txt' in startup areas.
Cleaning 'c:\Program Files\YourSiteBar\version.txt'
Checking for 'c:\Program Files\Internet Optimizer' in shortcut areas.
Checking for 'c:\Program Files\Internet Optimizer' in startup areas.
Cleaning 'c:\Program Files\Internet Optimizer'
Finished Cleaning


Sorry if it's not right! I've tried my best.

Thanks, again!

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
You did well. Have more confidence in yourself :sayyes:

Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in :

    C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll

  2. Click the Open button.
  3. Click YES when prompted to restart your computer.

Please post a new HJT log after you have rebooted.
Also let me know if you're still experiencing any more difficulties with your machine
 

·
Registered
Joined
·
9 Posts
Discussion Starter #7
I'm really thankful for all the help!

Logfile of HijackThis v1.99.1
Scan saved at 16:23:15, on 05/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
C:\WINDOWS\SYSTEM\S3MON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS NETWORK UTILITY\WLANCFGG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE
O4 - HKLM\..\Run: [S3Mon] S3Mon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InvokeSvc.exe] C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 38.9.211.2


The computer seems to be working fine now. Apart from the internet access, which I think is to do with the router. It won't allow two computers to go on the internet at the same time! Which, is disappointing because that's the whole point of the router! It says there is a conflicting IP address or something. As I say, I'm not good on computers!

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Your log is clean. Well done


However, there still remains a few bits of housekeeping ...

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Now that I've got that out of the way, let me see if I can help you with your routing problem.
Go to start > run - type winipcfg <Press Enter>
This window should appear..

Notice the drop down selection box where the adapter type name is displayed.
Select PPP Adapter. You'll then see your IP address as shown above.
Right-click on the title bar of the IP Configuration window and select Copy
Then paste all the winipcfg information into your next post

Go to your other computer & do the same (assuming that your other PC is Win98. If not tell me.)
 

·
Registered
Joined
·
9 Posts
Discussion Starter #9
Thanks so much, hopefully nothing else will infect my system! :smile:

My other computer is a Windows XP.

This is the thingy from my computer.


Windows 98 IP Configuration

Ethernet adapter :

IP Address. . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . :

Ethernet adapter :

IP Address. . . . . . . . . : 169.254.149.193
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . :

Ethernet adapter :

IP Address. . . . . . . . . : 192.168.2.20
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.2.1

Ta!

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
It appears that you have two ethernet adaptors on this machine. :smile:

Go to the XP machine & do this..

Go to Start > Run - type cmd <Press Enter>
type ipconfig /all <Press Enter>
I need these details:
  • IP address
  • subnet mask
  • default gateway
  • DNS servers
 

·
Registered
Joined
·
9 Posts
Discussion Starter #11
Righteo!

IP Address: 0.0.0.0
Subnet: 0.0.0.0
Ip Address: fe80::5445:5245:444F%5
DNS: 38.9.211.2
4.2.2.1
fec 0:0:0:ffff::1%1
2%1
3%1

Both internets were plugged in when I got this info.

Thank you for helping again!

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Go to the XP machine & do this..

Go to Start > Run - type ncpa.cpl
Describe what you see in the next window
 

·
Registered
Joined
·
9 Posts
Discussion Starter #13
Erm... it comes up with Network Connections

It has the Dial up connection and ...

Local Area Connection
Network cable unplugged, Firewalled
Intel (R) PRO / 100 VE Network Connection

Wireless Network Connection
Acquiring network address, Firewalled
Belkin 54Mbps Wireless USB Network Adapter

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Right click on Local Area Connection & select Properties
Under the General tab, scroll down to Internet Protocol (TCP/IP)
Double click on it to bring up this page..





Tick - Use the following IP address

IP address = 192.168.2.21
subnet = 255.255.255.0
Gateway = 192.168.2.1

Tick - Use the following DNS Server address

Preferred DNS Server - 38.9.211.2
Secondary DNS Server - 38.9.212.2

Click OK to exit. You may need to reboot before it can be used.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #15
Ok, done that! Unfortunately the XP still won't work, whilst this computer is connected to the internet.

We've had so many problems with the Belkin router (some our own fault!)

Oh well!

Thanks for all your help!

xxx
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Do you wanna try somemore? I'm still game.. :sayyes:

Do you know the IP address of your router? Is it 192.168.2.1?
If you're not sure, try typing 192.168.2.1 into the address bar of IE
 

·
Registered
Joined
·
9 Posts
Discussion Starter #17
I am still up for trying to fix it! Right now I am on my way out because, I am a Student and I need to go and drink a lot of alcohol. :chgrin:

I'll find the IP address thingy tomorrow!

See ya!

xxx
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top