Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 98 Popups


  • Please log in to reply
2 replies to this topic

#1 lvanlith

lvanlith

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 25 July 2006 - 09:17 AM

My 98 system has problems. AdAware locks up on deleting & Spybot can't delete all of them. It is hard to get system to go to safemode. Here is my hijack log. Please let me know if I should just reformat.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:49 AM, on 7/25/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DESKTOP\VIRUS SCANS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\CFG32O.DLL
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\CFG32R.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Necutray] LEXAREJ0.EXE
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [68up4r11] C:\WINDOWS\SYSTEM\68up4r11.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [keyboard] C:\\KYBRDED_7.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DMONWV.DLL,SHStart
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [sys02560163747] C:\WINDOWS\sys02560163747.exe
O4 - HKLM\..\Run: [win3207374756016] C:\WINDOWS\win3207374756016.exe
O4 - HKLM\..\Run: [EYQTBVYA] C:\WINDOWS\EYQTBVYA.exe
O4 - HKLM\..\Run: [w002d77c.dll] RUNDLL32.EXE w002d77c.dll,I2 001d98d30002d77c
O4 - HKLM\..\Run: [ms04016374756] C:\WINDOWS\ms04016374756.exe
O4 - HKLM\..\Run: [win3208747560163] C:\WINDOWS\win3208747560163.exe
O4 - HKLM\..\Run: [ms05163747560] C:\WINDOWS\ms05163747560.exe
O4 - HKLM\..\Run: [sys09475601637] C:\WINDOWS\sys09475601637.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\AutoRun.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

BC AdBot (Login to Remove)

 


m

#2 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 03 August 2006 - 02:10 PM

Hi lvanlith and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem. Although I am experienced with computers, I am currently a Trainee in Malware removal and, as such, ALL of my fixes will be vetted by malware experts. Please accept our apologies for the delay.

If you still require help then if you have not done so already, please do the initial cleanup steps in the following instructions: Preparation Guide For Use Before Posting a HijackThis Log

I would like you to produce a list of installed programs to assist me in any cleanup.
  • To do this open your HijackThis
    • Click on Open the Misc Tools section or Config… button, depending on how you are set up.
    • If you used the Config... option then click the Misc Tools tab
    • Select Open Uninstall Manager , a list of your installed programs will be displayed.
    • Select the Save List… button and save the file to your desktop.
  • Please post a copy of this list and an up-to-date HijackThis log from Normal mode in your reply
GT :thumbsup:

#3 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 August 2006 - 06:24 AM

Hi Ivanlith,

As I have not heard from you I am recommending that this thread be considered closed.

GT :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users