Hijackthis Log

[snailmartyr]

*I'm getting all sorts of error messages... a 'corrupt'

version of aboutbuster... a 'corrupt' version of

C:\WINDOWS/SYSTEM\WINCTRL64.EXE

...when I try to download a new version of

aboutbuster, I get the same error message.

Spybot has been 'corrupted' as well and a

new version freshly installed (via the Firefox

browser too in each case, BTW) was brought

to a crawl... sometimes it shut down.

As can be seen from my Windows 98 status,

I'm not terribly ... ahem... computer savvy.

Here's the log... thank you in advance for any

help you can provide:

Logfile of HijackThis v1.99.1

Scan saved at 8:18:50 AM, on 11/16/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\TPPALDR.EXE

C:\WINDOWS\SYSTEM\POPCORN72.EXE

C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE

C:\PROGRAM FILES\ISP50\DIALER\DIALER.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE

C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe

O4 - HKLM\..\Run: [PGTJDGTHK] C:\WINDOWS\PGTJDGTHK.exe

O4 - HKLM\..\Run: [OCFIM] C:\WINDOWS\OCFIM.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\MSBB.EXE

O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k

O4 - HKLM\..\Run: [EasyMessage] C:\PROGRAM FILES\APNI.NET MESSENGER\EM2.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [LCFVJDGT] C:\WINDOWS\LCFVJDGT.exe

O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\SYSTEM\MSKernel32.vbs

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\SYSTEM\lkvvupa.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O20 - Winlogon Notify: st3 - C:\WINDOWS\Q185021.DLL

*Cheers? --s

[jwbirdsong]

First of all, you may want to print out this post or save a copy as a text file in Notepad so that you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix

Next, please enable viewing of hidden files as follows:

1) Go to My Computer, and click on the "Tools" menu ( in Win 98 it may be under "View" instead of tools

2) Click "Folder options"

3) Select the "View" tab

4) Make sure "Show hidden files and folders" is selected

5) Make sure "Hide extensions for known file types" is unchecked

6) Make sure "Hide protected operating system files (recommended)" is unchecked

Please run HijackThis and click "Scan." Place checks next to the following entries:

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
  
• O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
  
• O4 - HKLM\..\Run: [PGTJDGTHK] C:\WINDOWS\PGTJDGTHK.exe
  
• O4 - HKLM\..\Run: [OCFIM] C:\WINDOWS\OCFIM.exe
  
• O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
  
• O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\MSBB.EXE
  
• O4 - HKLM\..\Run: [LCFVJDGT] C:\WINDOWS\LCFVJDGT.exe
  
• O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\SYSTEM\MSKernel32.vbs
  
• O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
  
• O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\SYSTEM\lkvvupa.exe
  
• O4 - HKLM\..\Run: [LCFVJDGT] C:\WINDOWS\LCFVJDGT.exe
  
• O20 - Winlogon Notify: st3 - C:\WINDOWS\Q185021.DLL
  

Close all browser and other windows except for HijackThis, and click "Fix Checked".

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

Go to the Start Menu, and click on "Control Panel". Choose "Add/Remove Programs" and remove any of the following that are listed:

New Dot Net

WhenUsave

NCase

Next, delete the following folders (if they exist):

C:\PROGRAM FILES\COMMON FILES\EACCELERATION

C:\PROGRAM FILES\SAVE

Also, delete the following files (if they exist):

C:\WINDOWS\PGTJDGTHK.exe

C:\WINDOWS\OCFIM.exe

C:\WINDOWS\LCFVJDGT.exe

C:\WINDOWS\SYSTEM\MSKernel32.vbs

C:\WINDOWS\SYSTEM\popcorn72.exe

C:\WINDOWS\SYSTEM\lkvvupa.exe

C:\WINDOWS\LCFVJDGT.exe

C:\WINDOWS\Q185021.DLL

Fo to Start>Run>type %temp% (with quotes) and delete ALL files and folders that show up (a couple will not delete..that's OK)

Restart your computer and head HERE to do an active scan. Post the results along with a fresh HijackThis log

[snailmartyr]

*Thank you! It sems to have done the trick. I can't get

the Panda website to perform an active scan of my

computer... I get as far as logging in with my state and

email addy, but then after hitting 'scan' it simply

doesn't respond.

Also, I can't seem to load a new copy of aboutbuster.

It's the same 'database corrupted or missing' error

message even after deleting all old copies and empty-

ing the recycle bin, then downloading a fresh copy.

The hijackthis program seems unaffected. I don't

know if this helps, but here's the new log.

==================

Logfile of HijackThis v1.99.1

Scan saved at 12:38:48 PM, on 11/17/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\TPPALDR.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE

C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE

C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE

C:\PROGRAM FILES\ISP50\DIALER\DIALER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

O4 - HKLM\..\Run: [EasyMessage] C:\PROGRAM FILES\APNI.NET MESSENGER\EM2.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

===============

*Insofar as the Panda website goes, at first I

thought it might be my browser that was out

of date... so I downloaded a v6.1 from Microsoft

+ critical updates. No effect.

But I gotta tell ya... it's 150% better than what it

was. I really want to thank you for taking the time

to help me out. I'll have more time to work through

all the links you posted over the weekend.

All the best. --s

[jwbirdsong]

Well let's try this then...I've seen some other having problems with Panda lately and I'll have to look into what else you can run with Win9x

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link under to "SpySweeper" to download the program.
  
• Install it. Once the program is installed, it will open.
  
• It will prompt you to update to the latest definitions, click Yes.
  
• Once the definitions are installed, click Options on the left side.
  
• Click the Sweep Options tab.
  
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
    
  • Sweep Registry
    
  • Sweep Cookies
    
  • Sweep All User Accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep Contents of Compressed Files
    
  • Sweep for Rootkits
    

  [*]Click Sweep Now on the left side.

  [*]Click the Start button.

  [*]When it's done scanning, click the Next button.

  [*]Make sure everything has a check next to it, then click the Next button.

  [*]It will remove all of the items found.

  [*]Click Session Log in the upper right corner, copy everything in that window.

  [*]Click the Summary tab and click Finish.

  [*]Paste the contents of the session log you copied into your next reply.

Also post an updated HijackThis log please.

PS IF you can find an Online Virus scan with you can run with Win98 please include a log and let me know which one it is..

[snailmartyr]

*You think you're out of the woods...

That didn't go over so well. I downloaded the

program (spysweeper) and as soon as I installed

and ran it, I got a dozen or so error messages

and every program I was running closed down. I

tried restarting the computer and when I'd run

the program, it wouldn't let you click on

any buttons... when you'd try to log on

(PeoplePC) to the internet... Explorer shutdown

messages would come one after another, culminating

in a computer shutdown.

I couldn't even get online to post here until I

uninstalled everything. Granted in advance, I

don't know anything about this stuff, but it just

feels like programs that are anti-spyware, anti-

virus are somehow corrupted as they load into

the computer. I wonder if getting a clean copy

of these from a disc is an option(?).

There's something wicked on this PC. Spyblaster

won't run either... aboutbuster... none of them.

Also, a 'spynuker' I think it was called... they're

all reduced to none functioning junk.

I also noticed when I did a Google search for

the forum here, and clicked on the link, I was

redirected to some online pharmacy site. I had

to manually input the url to get here (in Explorer...

Firefox seems fine).

Only my hijackthis seems unaffected.

Well... I gotta get some shuteye (1:18 am here).

I really appreciate all your efforts. I'll

have more time this weekend to play around

with this.... any other ideas?

All the best. --s

[jwbirdsong]

Can you run any of the "non" working programs in Safe Mode??

[RubbeR DuckY]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team

an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.