1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worm in Windows 95?

Discussion in 'Virus & Other Malware Removal' started by juparis, Apr 24, 2004.

Thread Status:
Not open for further replies.
  1. juparis

    juparis Thread Starter

    Joined:
    Jan 3, 2004
    Messages:
    47
    Greetings! I've been having many problems on my main PC lately. Numerous programs have been downloaded including Spybot, PC Doctor, Ad-Aware, Norton Antivirus. None of them, however, have completely eliminated all of these following problems. When using AOL, random pop-ups will appear in Internet Explorer at random times. Another problem arising is that since the download of some of the programs, other programs have begun to disappear. Adobe Photo Deluxe, for example, now refused to open. At first, some of the tools were claimed not found, but now, two errors appear whenever someone tries to open it:
    C:\Program Files\PhotoDeluxe HE 3.1\PD3.EXE
    A device attatched ot the system is not functioning.
    ...and...
    The SHELL32.DLL file is linked to missing export SHLWAPI.DLL:SHRegGetUSValueA.

    I don't know if this is because of a possible worm (which someone had previously suggested) or something that was accidentally deleted....
    Continuing, Norton AntiVirus takes hours to complete when it used to run much faster. When it does finish, it never finds anything... Also, defragmentation will never complete; once started, it immediatly stops and closes itself if any key or the mouse is touched. Another problem includes a constantly disappearing desktop background. It can always be recovered, but whenever the computer is restarted, it disappears again. One more problem is that the homepage continues to revert to a page with numerous pop-ups, all displaying the IP address and claiming there is spyware on the computer...
     
  2. juparis

    juparis Thread Starter

    Joined:
    Jan 3, 2004
    Messages:
    47
    I just ran the PC Doctor once more, and fixed a few more problems. After that, the homepage no longer reverts itself, but everthing else remains the same...

    I also forgot to....
    1. Tell of a few more mysteries... At start-up, three error messages appear, all claiming to search for certain files. One says it is searching for 'morze2' another for 'morze3' and the third I will post once I remember what it was, hehe...

    2. post a log, so here is the most recent one:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:24:53 PM, on 4/24/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0B\WAOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0B\SHELLMON.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0B\AOLWBSPD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\MY DOCUMENTS\MICHAEL'S\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jersconsin.tk/
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .swt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
    O12 - Plugin for .dcr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\np32dsw.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.2998263889
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  3. juparis

    juparis Thread Starter

    Joined:
    Jan 3, 2004
    Messages:
    47
    Sorry for the inconvenience, but I just learned that someone else had gotten help from a friend on all of these problems only a while before I had tried to report the problems. Sorry about this! While restarting, everything's A-OK. The only message that arises when restarting is "Building a Driver Information Base," but I'm sure that's nothing. The only problems remaining after checking everything I said before) is the vanishing Adobe program, but that can be bought again. Sorry for this!

    If you would, however, could someone check over the log just in case? Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223533

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice