I have an older computer running Windows 98. It has more adware and garbage on it than I care to mention, all because years back when I installed the (back then) latest version of Norton it didn't work correctly and after 9 hours on the phone with their techs (and them forcing me to download software off their site withOUT any antivirus protection and the garbage still on my system) I gave up. I have not touched this computer in about 3 or 4 years because I was so frustrated. But it would be great if I could get it working well enough for my kids to do school reports (no internet) and stuff on it.........so my question is.......

Are there any current anti-virus products (free) that I can use on a computer running Win98 OS? Will HJT work on that? Back in the day, I was removing all the adware/spyware manually and it took hours and hours and then on of my kids turned the computer on the internet because it was all completely off and it all got back on again (see why this is so frustrating?). I know products nowadays are better at removing the nasties, I'm just not sure if there is anything that will work with Win98.

Any help would be greatly appreciated.

Cindylu

Hi Cindylu, welcome back. I am wondering why you want an anti-virus program when you say you will not be using the internet?

HijackThis will work fine, download it to your XP computer on a floppy, bring it to the Win98 box and execute it, then post the results and I will take a look and advise you.

Thanks

I'm basically looking for something that can identify the junk that I have on my computer and get rid of it. That's really all I need since I won't be using it online. I know that at one point Norton (which I don't think is working properly on that PC right now) found about 12 different types of adware and whatnot on that PC and I was hoping if I had some kind of updated antivirus software that could take care of some of the removal, it would be a great time saver.

In other words, the adware and/or viruses on that PC would be over 3 years old so by now some software may very well be able to remove them, I'm guessing.

That is why I was wondering if SpyBot, AVG, etc. would work on a Win98 OS.

I will see if I can get hjt working enough to get a log. The poor PC is so overrun it just crawls so it may take a while.

Thanks for your quick response.

Cindylu

The reason why I suggested HijackThis is because it is small enough to download on a floppy and bring to the computer. There are plenty of programs that will run, but they are large and will be more of a problem downloading them to another media and then to the Win98 machine.

I run these programs on my Windows98SE machine but I also take it online once in a while:
Spybot
http://www.bleepingcomputer.com/forums/tutorial43.html
Ad-aware
http://www.bleepingcomputer.com/forums/tutorial48.html

http://free.grisoft.com/doc/5390/lng/us/tpl/v5
AVG antivirus 7.5 suppports Windows 98.

Thanks

Okay, I just got done so here's an update.

I couldn't install the first AVG I tried because it said I needed Win2000 or newer but I WAS able to install the AVG "Free" edition. It found about 10 Trojan Horse files and I believe it removed all of them. The only problem is that later when I logged on it had to remove one of them again something called Trojan Dialer.NH which did something to a MSCLOCK file. So I don't know if that is reinstalling itself or what but we'll see.

SpyBot worked great and caught 333 infections. Whew! clean all but a few and I believe it caught them on the reboot.

Adaware found 126 problems which it fixed as well.

Soooo...... Here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:45 PM, on 1/30/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\OEGNIM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\AUNTIESPIE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\ZGZRTY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [oegnim] c:\windows\system\oegnim.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://agent.celebrateexpress.com/netagent/objects/custappx3.CAB

Let me know what you think. If I can get that old computer clean it will seem like a miracle.....it's been down for so long.

Cindylu

Hello Cindylu, thanks for the feedback and the HJT log, let's do this:

You have both Symantec/Norton and AVG, uninstall one of them, even running at them same time they are going to produce issues.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(since you will not being going online, I would say you need none of the R0/R1 stuff)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\ZGZRTY.exe
O4 - HKLM\..\Run: [oegnim] c:\windows\system\oegnim.exe
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://agent.celebrateexpress.com/ne.../custappx3.CAB

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\CFGMGR51.DLL <<< delete that file

C:\WINDOWS\SYSTEM\ZGZRTY.exe <<< delete that file

c:\windows\system\oegnim.exe <<< delete that file

Clean out all Temp and Temp Internet files, this info will help.
http://www.tech-recipes.com/windows_tips463.html

Restart the computer and see how it runs. You have stuff running that is obviously Dell Support and Comcast Support, etc. I would uninstall everything you know is not needed, then if you wish, post the balance of the uninstall list and I will take a look:

Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply, along with a new HJT log.

Thanks

Thank you for your quick reply.

I will gladly uninstall Norton since they've done nothing to protect me anyway.

I do have a question before I delete the RO/R1 entries though. In your opinion, is using a computer like this old one running Win98 a viable option? I mean, I was made to understand (perhaps by Norton) that there really wasn't antivirus/firewall protection out there that would really run well enough on an old system to combat the newer strain of viruses/trojans. Perhaps that's just Norton bowing out of support for older versions of their scan engines.

I guess what I'd like to know is if there is a free firewall program that I could run that would work well enough that I could use this old computer online once in a while. The AVG free edition worked wonderfully, better than I ever imagined. If there is a comparable firewall, I'm thinking I might just try to use this online if only a little.

I will work on the rest of the things you suggested. Honestly I am amazed at how well this is going. My hats off to SpyBot, AVG, Adaware and to you folks here. I really thought there was no hope for that old computer but now I can actually see light at the end of the malware tunnel. Thanks.

Cindylu

I'm not a big fan of Norton/Symantec and I try to practive "if you don't have something good to say..etc."

The major problem with this computer is the Operating System and a lot of folks still use it. I have a Compaq with Win98SE on it and once a month or so I take it online for a drive on a sunny Sunday:) The fact that Microsoft no longer supports or offers critical updates for it is a major issue. Extreme care taken, it can be taken online, but if you go to one wrong site you will get infected.
The stuff I removed in R1/R0 makes little difference, you can still set any homepage you wish in your browser.

I use Zone Alarm and it works fine with Windows 98, just a little work setting it up initially.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Here is another one that runs on that OS but I know little about it: http://www.jetico.com/index.htm#/jpfirewall.htm

I will post these links for your benefit again:
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

And I will be glad to answer any questions you have after you view that information, and I would prefer to view a new HJT log first.

Thanks

Okay, Sorry it took so long to get back to you on this. I have the uninstall list and the new hjt log which I did with a "normal" startup. Usually I would use a "selected" startup but for the sake of seeing if I'm clean I figured you'd want a "normal" one.

Logfile of HijackThis v1.99.1
Scan saved at 1:41:47 PM, on 2/2/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\AUNTIESPIE\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\Instapp.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)


30061.exe
Adaptec DirectCD
Adaptec Easy CD Creator 4
Ad-Aware SE Personal
Adobe Acrobat 4.0
AVG Free Edition
Backup Dell-Installed Programs
Conexant HCF V.90 56K RTAD,Speakerphone PCI Modem
Creative Launcher
Creative PlayCenter
DAO 3.5
Dell Resolution Assistant
Dell ResourceCD
Dell Solution Center
Fireworks Americana
FoneSync
HijackThis 1.99.1
Hoyle Kids Games 2
Internet Explorer Q889293
InterVideo WinDVD
Irish Country Cottage
JumpStart 1st Grade Reading v1.1
Madeline Rainy Day Activities
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2001
Microsoft IntelliType Pro
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft Picture It! Express 7.0
Microsoft Picture It! Publishing 2001
Microsoft Streets and Trips 2001
Microsoft VGX Q833989
Microsoft Windows Critical Update Notification
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
NVIDIA GeForce 256 AGP (Dell)
oegnim
Outlook Express Q823353
PhotoMAX 2.0
QuickTime
QuickTime for Windows (32-bit)
Shockwave
Sound Blaster Live! Value
Sound Blaster Live! Value Drivers
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.4
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows Media Player system update (9 Series)
WinZip
World Book 2003 (Deluxe)

Thanks again for your time.

Cindy

Someone has been online, this one is a nasty:
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
http://www.castlecops.com/startuplist-8121.html
Name PSoft1
Command psoft1.exe
Status X
Description PacerD_Media/Pacimedia.com adware installer
http://www.benedelman.org/spyware/installations/pacerd/

Use HJT to remove it and delete this file:
C:\WINDOWS\SYSTEM\psoft1.exe <<< delete

??? this was likely downloaded ???

Uninstall list:

30061.exe <<< what's this, Google does not know?

Thanks

Yes, right before that computer quit working, my daughter admitted to me that she had turned it on. It's possible that she may have downloaded something not realize it was a trick. After reading that article, I notice many of the things listed did show up on my scans and were deleted either by AVG, Adaware or Spybot. I know I had Apropos, Elitebar, etc.

I will delete psoft1.exe and the other one 30061.exe...........that one, I believe, is some kind of screensaver that was downloaded but I don't know what might be bundled into that so I better just get rid of it.

I will do the above and then post an updated log. At least now I know why that old computer slowed down to a crawl. I am just going to keep it offline once I get it totally cleaned. It's just too vulnerable.

Cindylu

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.