1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Found Trojans/syware etc.

Discussion in 'Earlier Versions of Windows' started by king_02891, Oct 5, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    Hello again,
    running win 98se;ie6.
    Okay I have all the latest programs, from this sites recommendations. /hijack this/spybot S&D/AdAware6/Clenspace7.0/popup stopper/and just downloaded /regprot/, i run them all regularly, i am even starting to understand what to delete from the /hijack this/ log., but i ran a virus scan from "House Call" and it came up with 15 infected files, it told how to remove them, saying to open task manager and click on the files that are runnung, and hit end task, they said to do ctrl/alt/delet/ to open this program, but when i do that i get the closing programs window, and none of the files are there, they also said if you can't use the task manager, to use a third party viewer , tried to find a free one but no luck, any recommendations? and how are they (the viruses) getting in? I also have zone alarm pro, mcaffe virus shield, and i'm behind a router, with a high speed digital connection. I also seem to be locking up an awful lot, and slow running and rebooting, guess i'm a mess huh? HELP!!
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Please post your hijack this log.
     
  3. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    orry i took so long, but when i went to my doc. to run hijack this, my computor totally crashed, and went to black screen, so had to reboot (again)
    Here's the hijack this log:

    Logfile of HijackThis v1.90.0
    Scan saved at 3:51:51 PM, on 10/5/03
    Platform: Windows 9x 4.10.2222
    MSIE version: 6.0.2800.1106

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.iwon.com/
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [AbsoluteControl] C:\PROGRAM FILES\ABSOLUTECONTROL\\AbsoluteControl.exeU
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: RoboForm (HKLM)
    O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
    O9 - Extra button: Save (HKLM)
    O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
    O16 - DPF: Yahoo! Blackjack (Java Runtime Environment 1.3.1_04) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
    O18 - Protocol: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6}
    O18 - Protocol: cmtp - {DB112C95-0A22-11D4-A600-005004BFAC1E}
    O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571}
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I myself, don't see anything wrong there.

    Do you want to describe your exact problems and where and when they occur and what you are doing, etc.
     
  5. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    well mostly, i can open up explorer to my homepage or go from one of my favorites and it'll open up, but a lot of times as soon as i try to go to another web page she locks up and won't go anywhere
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Can we get some system specs?

    Right click on my computer, properties, performance tab, what shows there.
     
  7. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    okay i'll do that in a minute, but i looked at the post by julieve (can't browse websites and did what it said and this file came up error can't load libraries, does that have anything to do with it?

    regsvr32 msjava.dll
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Can't find that post under that user name.....can you link it here?
     
  9. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    This may be more info than you want, but i think it's pretty complete.




    --------------------------------------------------------------------------------

    The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple PCs in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your PC by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.

    --------------------------------------------------------------------------------


    About Belarc

    PC Management Products

    Your Privacy



    Computer Profile Summary
    Computer Name: Cx2429233-a (in HEWLETTPACKARD)
    Profile Date: Sunday, October 05, 2003 16:21:02
    Advisor Version: 6.0g
    Windows Logon: king brown


    Click here for Belarc's PC Management products, for large and small companies.

    Operating System System Model
    Windows 98 SE (build 4.10.2222) 00101200 6573Z 03996000009501 1
    System Serial Number: 6540HPPAV3
    Processor a Main Circuit Board b
    500 megahertz Intel Celeron
    32 kilobyte primary memory cache
    128 kilobyte secondary memory cache Board: Asus HAWK 1.03
    BIOS: Phoenix Technologies LTD 1.03 08/20/99
    Drives Memory Modules c,d
    17.40 Gigabytes Usable Hard Drive Capacity
    4.57 Gigabytes Hard Drive Free Space

    MATSHITA DVD-ROM SR-8585 [CD-ROM drive]
    PHILIPS PCRW406 [CD-ROM drive]
    Generic floppy disk drive (3.5")

    IOMEGA ZIP 100 [Hard drive] -- drive 255
    Maxtor 91741U4 [Hard drive] (17.41 GB) -- drive 0 64 Megabytes Installed Memory
    Local Drive Volumes

    c: (on drive 0) 17.40 GB 4.57 GB free

    Logins Network Drives
    No details available

    Installed Microsoft Hotfixes Printers
    W98.TELNET (Windows 98 TELNET Update)
    DataAccess
    Q318202 (details...) on 05/29/02
    Q318203 (details...) on 05/29/02
    Internet Explorer
    SP1 (SP1)
    Win98.SE
    UPD238453 (details...)
    UPD239887 (details...)
    UPD256015 (details...)
    UPD259728 (details...)
    UPD260067 (details...)
    UPD273468 (details...)
    UPD273991 (details...)
    Win98
    UPD245729 (details...)
    UPD314147 (details...)
    UPD323172 (details...)
    UPD323255 (details...)
    Windows Media Player
    WM308567 (details...)
    WM320920.1 (details...)


    Click here to see all available security Hotfixes.

    Marks a HotFix that verifies correctly
    Marks a HotFix that fails verification
    (Failing hotfixes need to be reinstalled)
    An unmarked HotFix lacks the data to allow verification Acrobat PDFWriter on LPT1:
    Fax602 on FAX:
    Lexmark Z22-Z32 Series on LPT1:
    Lexmark Z25-Z35 on USB-Lexmark_Z25-Z35
    QuickLink III on FAX:

    Controllers Display
    Standard Floppy Disk Controller
    Cable Drive [Controller]
    Cable USB [Controller]
    Intel 82801AA Bus Master IDE Controller
    Primary IDE controller (dual fifo)
    Secondary IDE controller (dual fifo) Intel(R) 82810 Graphics Controller [Display adapter]
    NEC AccuSync 50 [Monitor] (13.8"vis, s/n 0652254YA, June 2000)
    Bus Adapters Multimedia
    Intel(r) 82801AA USB Universal Host Controller Master Riptide PCI Audio Device
    Riptide PCI Audio Legacy Resources
    Riptide PCI Game Controller
    Riptide Virtual Gameport
    Communications Other Devices
    Rockwell HCF 56K Data Fax PCI Modem
    D-Link DFE-530TX PCI Fast Ethernet Adapter
    Microsoft PPP over ATM Adapter
    Microsoft Virtual Private Networking Adapter
    Network Card MAC Address: 00:50:BA:07:76:4D
    Network IP Address: 192.168.0.100 / 24 Conexant PCI Modem Enumerator
    Standard 101/102-Key or Microsoft Natural Keyboard
    PS/2 Pointing Device [Mouse]
    InkJet Color Printer
    USB Root Hub
    Software Licenses

    Microsoft - Internet Explorer 55736-273-7451083-04756 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
    Microsoft - MediaPlayer 53199-417-8330086-04639
    Microsoft - MediaPlayer 69808-281-1027396-04012
    Microsoft - Money 38477-OEM-5674454-69441
    Microsoft - MSN6 54089-581-8926316-04915 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
    Microsoft - Windows 98 SE 18001-OEM-0077077-74017 (Key: VTXBY-99K94-9C6CW-Q2FR4-8Q4VQ)e
    Microsoft - Works 2000 51385-348-3383551-04414 (Key: FQK74-FXGMX-GP78V-XDWDC-YFQYD)
    Roxio Inc - Easy CD Creator 5 Platinum 2-epcjg-dlokl-kvypz

    Software Versions
    Ipswitch Inc, 81 Hartwel Ave, Lexington, MA - schedule Application Version 7,0,2,1 *
    AccessDiver Version 4.93 *
    Adobe Acrobat Reader Version 5.0.0.0 *
    Adobe Acrobat Version 3.0.000 *
    Adobe Systems AdobeDownloadManager Version 1.1 *
    Adobe Type Manager Version 4.00L *
    Aldo Vargas - Memory Card Manager for PSX Emulators Version 1.03 *
    America Online, Inc. - AOL Instant Messenger Version 5.2.3290 *
    Andrew Freeborn, E-Technik - Power Disk Defragmenter Tool Version 2.00.0044 *
    Apple Computer, Inc. - QuickTime QuickTime 6.0 *
    Arkysoft List Manager Version 1.0.2.0 *
    Atomic Clock Sync *
    AVM Software - Paltalk for Windows Version 5.0 *
    Belarc, Inc. - BelManage Client Version 6.0g *
    blindman.exe *
    Blue Tree Software - http://bluetreesoft.com - WallChanger Version 1.0.0.0 *
    BroadJump - CorrectConnect Version 1,1,1,0 *
    CAM Development - Business Card Designer Plus Version 1.0.0.0 *
    CleanTray *
    Common Group - Office User Interface Version 1. 2. 3. 0 *
    Common Group - Watch Dog Version 1, 2, 3, 0 *
    Dennis Rebentrost - Audio Converter 3.0 Version 3, 0, 0, 3 *
    DHS Club ClubMail Version 11.02.0008 *
    Diamond Computer Systems Pty. Ltd. - REGPROT Version 2.0 *
    Diamond Computer Systems Pty. Ltd. - RPADMIN Version 1.0 *
    East-Tec Eraser 2002 (TM) Version 3.5 *
    Eastman Software, Inc., A Kodak Business - Imaging for Windows® Version 1.01.1311 *
    Eraser Version 5.2.5236.0 *
    Frontcode Technologies - WinMX Version 3.31 *
    GameHouse Super Collapse! II Version 1.1 *
    GameHouse Super Solitaire 2 Version 1.10 *
    GameHouse, Inc - Super Pop & Drop! Version 1.02 *
    Greg Arkadiev, Kamatoz Computing - AbsoluteControl(tm) Version 2, 2, 0, 1 *
    GTek GtCDTool Version 1, 0, 0, 1 *
    Guidance Software, Inc. - EnCase *
    Hewlett-Packard Launch CD Application Version 1, 1, 1, 0 *
    Infacta Ltd. - Group Mail Version 3.04.0071 *
    InstallShield unInstaller Version 2.20.926.0 *
    Instant Access Control Panel *
    iPhoto Plus 1.2 *
    Ipswitch, Inc. 81 Hartwell Ave. Lexington MA - WS_FTP Pro FTP Find Version 7,0,2,1 *
    Ipswitch, Inc. 81 Hartwell Ave. Lexington MA - WS_FTP Pro Version 7,0,2,1 *
    Ipswitch, Inc. 81 Hartwell Ave. Lexington MA - WS_FTP Synchronize Utility Version 7,0,2,1 *
    Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA - ftpscrpt Version 7,0,2,1 *
    Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA - WS_FTP Pro FireScript Editor Version 7,0,2,1 *
    IrfanView Version 3.75 *
    JamCamApp Application Version 1, 0, 0, 1 *
    Java Web Start *
    javaw.exe *
    Kremlin Decrypt.exe *
    Kremlin Encrypt *
    Kremlin Options *
    LavaSoft - Ad-aware, multi spyware removal utility Version 5.8 *
    Lavasoft Ad-aware Plus Version 6.0.0.0 *
    Logitech Inc. - LRC Version 1.00.0010 *
    Logitech, Inc. - iTouch Version 1.82 *
    Mach5 Software - Kremlin Sentry Version 2, 0, 0, 0 *
    Mach5 Software - Kremlin Text Application Version 2, 0, 0, 0 *
    Mach5 Software - Kremlin Wipe Application Version 2, 0, 0, 0 *
    Macromedia, Inc. - Director 8 Shockwave Studio Version 8.0 *
    MasterSplitter by TomaSoft Corporation Version 4.1a *
    Microsoft (R) Windows Media (TM) Encoder Version 7.00.00.2965 *
    Microsoft (r) Windows Script Host Version 5.6.0.6626 *
    Microsoft Clip Gallery Version 5.1.00.1221 *
    Microsoft Corporation - DirectShow Version 6.00.02.0902 *
    Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
    Microsoft Corporation - Internet Information Server Version 4.02.0690 *
    Microsoft Corporation - Windows Installer Version 2.0.2600.2 * Microsoft Corporation - Windows Telephony Version 4.10.2000 *
    Microsoft PowerPoint Viewer for Windows Version 8.0 *
    Microsoft(R) Chat(TM) Version 2.5 *
    Microsoft(R) Windows Media Player Version 9.00.00.2980 *
    Microsoft® Plus! for Windows® 95 Version 4.40.500 *
    Microsoft® FrontPage® Version 3.0.2.1105 *
    Microsoft® Internet Services Version 6.1.33.0 *
    Microsoft® Visual Basic for Windows Version 6.00.8450 *
    Microsoft® Works 2000 Version 5.00.2002.0 *
    Mijenix Corporation - Easy Update Version 2, 0, 0, 0 *
    MindVision - Installer VISE 2.8.3 Version 2.8.3 *
    MindVision Software - Installer VISE Version 3.1.1 *
    MSR Enterprises, Inc. - Klick-N-View Business Cards Application Version 3, 0, 2, 3 *
    MyIE Application Version 3, 2, 0, 0 *
    Narcotix.exe *
    NeoWorx Inc. NeoTrace Version 3, 1, 9, 0 *
    Netropa Corp. - Multimedia Keyboard Properties Version 1, 0, 0, 0 *
    Network Associates Inc. - VirusScan Version 5.21.1000.1 *
    Network Associates, Inc. - McAfee Safe & Sound Version 1.10.1037.0 *
    Network Associates, Inc. - McAfee VirusScan *
    NetZero and NZ Platinum *
    Opera Internet Browser (win32) Version 6.0 *
    PanicWare - Don't Panic! Version 1, 0, 0, 1 *
    PepiMK Software - SpyBot-S&D Version 1.2 *
    Piotr J. Walczak - StartPage Guard Version 2, 0, 0, 0 *
    puninstall *
    Rambooster *
    RAVISENT Technologies Inc. - DVD Player Application Version 1, 9, 0, 1001 *
    RealNetworks, Inc. - RealOne Player (32-bit) Version 6.0.11.864 *
    Roxio - Easy CD Creator Version 5.1.0.104 *
    Seagate Software, Inc. - Backup *
    Send-Safe Version 1.0.0.0 *
    Serif WebPlus Version 1.0.0.0 *
    Siber Systems - RfWipeout - RoboForm Uninstaller Version 4, 6, 5, 0 *
    Siber Systems AI RoboForm Version 5-1-4 *
    Siber Systems AI RoboForm Version 5-4-8 *
    Simply Super Software - Trojan Remover Version 6.0.9 *
    SmartPCI - Windows 98 Utilities Version 1.02.0003 *
    Smith Micro Software, Inc. - QuickLink III Version 3.2.0 *
    SMVIEW.EXE *
    Software 2000 Ltd., Oxford, England. - Lexmark ColorFine Version 1.0.6.8 *
    Software 2000 UnSetup Version 2.2.0.17 *
    Software602 - 602Text Version 2001 *
    Software602 a.s. - 602Photo Version 2000a *
    Software602 a.s. - 602Tab Application Version 1.00.1 *
    Software602 Inc. - 602Album 2001 Version 2001 *
    SpeedBit Ltd. - Download Accelerator Plus Version 5, 0, 0, 1 *
    Support.com Agent Version 5,5,201,0 *
    Tennyson Maxwell - Teleport Pro Scheduler Version 1.29 *
    Tennyson Maxwell Information Systems, Inc. - Teleport Pro Version 1.29.1718 *
    TeoSoft - Clean Space Tour Version 1.00 *
    TeoSoft LLC - Clean Space Version 7.00.0020 *
    TeoSoft LLC - Clean Space Version 8.56 *
    TextBridge Pro 8.0 *
    The Strangely Green Chicken Company - Windows CleanUp! Version 2.0.0 *
    Tropical Software - Stealth Encryptor(tm) Version 4.1 *
    Ulead Systems, Inc. - Ipe Application Version 1, 0, 0, 1 *
    VB6run Version 1.00 *
    Webroot Software, Inc. - Window Washer Version 3.5 *
    Willow Pond Media Rack Version 2.20.029 *
    WinRAR *
    WinZip Version 8.1 (4331) *
    Xirlink - MainUI Application Version 4, 0, 0, 0 *
    Ziff-Davis, Inc. - Startup Cop Version 1.1.0.0 *
    Zone Labs Inc. - Internet Access Monitor Version 3.0.118 *
    Zone Labs Inc. - TrueVector Service Version 3.0.118 *
    ZoneAlarm Pro Version 3.0.118 *

    --------------------------------------------------------------------------------

    * Click to see where software is installed.
    a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
    b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
    c. Memory slot contents may not add up to Intalled Memory if some memory is not recognized by Windows.
    d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
    e. This may be the manufacturer's factory installed product key rather than yours.
    Copyright 2000-3, Belarc, Inc. All rights reserved.
    Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.

    --------------------------------------------------------------------------------
     
  10. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    h
    walkeriam (Senior Member) U. S. of A. (IP)

    (10-03-2003 01:15 AM) report / quote / edit (#3)

    If pages in Internet Explorer are coming up blank then Go to START, RUN and Type in
    regsvr32 urlmon.dll and click OK. You will get an acknowledgement if registered correctly.
    Do the same for all these:
    regsvr32 Shdocvw.dll
    regsvr32 msjava.dll
    regsvr32 actxprxy.dll
    regsvr32 Oleaut32.dll
    regsvr32 mshtml.dll
    regsvr32 browseui.dll

    Re-start computer and see if it will work then.

    Let us know if that helps.
     
  11. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You only have 64 megs of ram??????
     
  12. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    yes it's a pretty old computor
     
  13. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    When it starts running slow, what all are you doing? With that much ram, it's not going to be much. So if you have 3 or 4 IE windows going and zonealarm and a virus program, you're pretty much maxed out anyway.
     
  14. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    just surfing, and it doesn't open a new window when i switch sites it replaces it, how do i get a log of what's running to show you?
     
  15. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [AbsoluteControl] C:\PROGRAM FILES\ABSOLUTECONTROL\\AbsoluteControl.exeU

    Those are your startups, but I'd put scanregistry into that selection by start button, run, type msconfig and hit ok....go to the startup tab and check that entry.

    You can see running stuff, by start button, run, msinfo32 and hit ok...go to sofware, running tasks, edit, select all, edit, copy and come back and paste.

    Also, right click on my computer, properties, performance tab....what shows there? You can see your system resources get lower and lower there too.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169729

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice