Originally Posted by owen

Download the attached fix.zip. Unzip it and double click the file fix.reg inside. Confirm the merge with the registry and you will get a successful message.

Then reboot and post a fresh log.

I downloaded fix.zip, but when I double clicked it, my computer asked me which program to use in opening it.

How do I confirm the merge with the registry? Here's my current log:

Logfile of HijackThis v1.99.0
Scan saved at 4:16:41 PM, on 12/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\S3TRAYHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

You need to open it with a program called "regedit.exe" which should be located in your C:\Windows folder.

I got this error message from registry editor:

"Cannot import C:\WINDOWS\Desktop\fix.reg: The specified file is not a registry script. You can import only registry files."

I don't see why there should be any problems, it works fine at my end and it will basically run on any version of Windows. It seems you are having some trouble with the Registry because this file doesn't seem to want to merge and the installation of Java is having some trouble as well. I don't know what to suggest.

Could you go to Start> Run and type regedit. Click Ok.

Click File> Import and select the file you downloaded from this site. See if it will work...

No, unfortunately, that won't work. As a test, I tried the same thing with other files and imported them with no problems. It's just with that particular file.

Do you think the virus has something to do with it? It seems like I bump into some sort of problem that makes it difficult if not impossible to run what I assume are the usual steps towards virus removal.

Irritating.

The things is, you are using Windows 98 and it doesn't have as many places where viruses can hide as XP does, so it would show up in your log. What I suggest you do, is uninstall then reinstall Norton Antivirus. This will fix two of the incorrect entries in your log, where some of the important Norton files are missing.

Originally Posted by owen

The things is, you are using Windows 98 and it doesn't have as many places where viruses can hide as XP does, so it would show up in your log. What I suggest you do, is uninstall then reinstall Norton Antivirus. This will fix two of the incorrect entries in your log, where some of the important Norton files are missing.

Yeah, it wouldn't let me uninstall Norton Antivirus using the Add/Remove program, so I had to do it manually, but I don't think I caught everything. After that, I tried to reinstall it, but I got an error message about not being able to find the key Software\Microsoft, so of course, I wasn't able to complete the install. I was able to install the 30 day trial of Housecall's antivirus program, though, and nothing's shown up as far as viruses . . .

lol, wait a minute, PC-cillin's suddenly popped up on me just now. Bunch of security issues, it looks like, but it also looks like there's a worm . . .

Anyway, I don't see why I can't import that fix file into my registry, or why I can't install certain anti-virus programs because it's not able to find or create my software\microsoft key, or why I can't get my hidden files to show using the usual methods, or why the "Open" option in all of my folders is now labeled as "blank", or why I can't get IE to work properly, especially when I'm trying to access or visit those sites where I can download "critical updates" and the like.

Is it possible that a virus would disguise itself as something else so that the usual detectors wouldn't catch it?

Hrm, so two of the errors in my log is due to my Norton Antivirus program?

Just missing Norton files so the entries are just missing links in the Registry. What version of Norton did you have (e.g. 2003, 2004, etc) and was it Norton Internet Security or just Antivirus.

It's Norton AntiVirus 2004.