PDA

View Full Version : Having some virus problems on windows 98, need help.



jrmonaco
2008-01-05, 21:16
We have lost one computer already, the second computer is starting to get worse. Ide like to save this computer while there is still time. I have ran HJT 2.0.2, here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:55 PM, on 1/5/08
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_8_6.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_8_6.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {6A85D97D-665D-4825-8341-9501AD9F56A3} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [Necbar] C:\PROGRA~1\NECASS~1\NECBAR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DyFuCA] "C:\Program Files\DyFuCA\optimize.exe"
O4 - HKLM\..\Run: [DyFuCA Active Alert] "C:\Program Files\DyFuCA\actalert.exe"
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\PROGRAM FILES\JOYSTICK 2 MOUSE 3\JOYSTICK 2 MOUSE.EXE /NoConfigure
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - HKCU\..\Run: [Microsoft Works Update Detection] I\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] I\WkDetect.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - .DEFAULT Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe (User 'Default user')
O4 - .DEFAULT Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O24 - Desktop Component 0: iFind Search Bar - File://C:/ifind/ifind.html

--
End of file - 7740 bytes

jrmonaco
2008-01-06, 02:24
I restarted my computer, spybot came up and I let it run. It found some problems that I fixed. I did run the HJT again and I will post the new log incase anything changed. Any help is highly appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:17 PM, on 1/5/08
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\NEC ASSISTANT\NECBAR.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_8_6.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_8_6.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [Necbar] C:\PROGRA~1\NECASS~1\NECBAR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DyFuCA] "C:\Program Files\DyFuCA\optimize.exe"
O4 - HKLM\..\Run: [DyFuCA Active Alert] "C:\Program Files\DyFuCA\actalert.exe"
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\PROGRAM FILES\JOYSTICK 2 MOUSE 3\JOYSTICK 2 MOUSE.EXE /NoConfigure
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] I\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] I\WkDetect.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - .DEFAULT Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe (User 'Default user')
O4 - .DEFAULT Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O24 - Desktop Component 0: iFind Search Bar - File://C:/ifind/ifind.html

--
End of file - 7691 bytes

pskelley
2008-01-07, 15:00
Welcome to Safer Networking, owning a Compaq with Windows98SE that is perfect condition but that I can no longer take online, I have to assume you are aware of this information.
http://www.microsoft.com/windows/support/endofsupport.mspx

Having said that, with a soft spot in my heart for the Operating System, I will do what I can if you still need help.

C:\PROGRAM FILES\JAVA\JRE1.5.0_07\ <<< Java is out of date, I am not sure how far Win98 will update but you need to do so. Once you have the newest version, uninstall all old versions in Add Remove programs.

Do you know this is a valid program?
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
I am getting conflicting information:
http://www.google.com/search?hl=en&q=FontFix&btnG=Search

I show this: C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE
Being obsolete? http://www.castlecops.com/s1702-WIMMUN32_exe.html
http://www.bleepingcomputer.com/startups/iRiS_AntiVirus_Active_Monitor-2324.html
While I do not even suggest taking this computer online, if you do you must have a working firewall and antivirus program. I can supply links to free programs if needed.

Let's proceed like this:

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.

2) Windows 98: Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK.
You may reverse this for safety when we are finished.

3) Uninstall DyFuCA and BEARSHARE in Add Remove programs

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O4 - HKLM\..\Run: [DyFuCA] "C:\Program Files\DyFuCA\optimize.exe" G
O4 - HKLM\..\Run: [DyFuCA Active Alert] "C:\Program Files\DyFuCA\actalert.exe"
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - .DEFAULT Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe (User 'Default user')
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

(these next two items are resource wasters related to the Alexa toolbar, if you do not use it remove them)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm G
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O24 - Desktop Component 0: iFind Search Bar - File://C:/ifind/ifind.html G

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\DyFuCA\ <<< delete that folder

C:\WINDOWS\SENTRY.exe <<< delete that file

C:\Program Files\Common Files\GMT\ <<< delete that folder

6) Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/

Restart the computer and post any information I requested, a new HJT log and your comments.

Thanks

pskelley
2008-01-14, 00:05
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.