about blank in Windows 95-need help with hijackthis, too
-
about blank in Windows 95-need help with hijackthis, too
I caught the about:blank virus from some web-site. My PC is an old IBM Thinkpad that runs Windows95. After I downloaded the latest Hijackthis.exe, I tried running it and received this error messge: "A required .DLL file, MSVBVM60.DLL, was not found."
I know I'm running on old technology, but is there any hope? Most of the spyware software available I cannot meet their minimum system requirements.
I have that pain-in-the-neck se.dll file that I've seen some threads on. Any ideas on how to defeat it, destroy it, or mangle it would be appreciated it.
Thanks, Ed
-
Hello,Ed & Welcome
Hmmm not sure if my fixes will help with Win95 but
what the hell let's give it a try first goto the link here
& see if you can download the file
http://www.dlldump.com/download-dll-.../download.html
& then make sure not to run HijackThis from the Temp folder or
the DeskTop place it in a folder in C:\Drive like so C:\HJT
HGD 
-
Thanks for the .dll. I ran HiJackThis and here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 7:58:23 PM, on 06/14/2005
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TP98.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
D:\AMERICA ONLINE 6.0\AOLTRAY.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\AMERICA ONLINE 6.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.wowsearch.org/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: load=C:\INSIGHT\TOOLS\aiclient.exe
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\WINDOWS\TEMP\MegaHost.dll (file missing)
O2 - BHO: (no name) - {34E3D068-D59C-11D9-9E95-445175605E5F} - C:\WINDOWS\SYSTEM\EGG.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: America Online 6.0 Tray Icon.lnk = D:\America Online 6.0\aoltray.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O13 - WWW. Prefix: http://
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://offsite.cendantmobility.com/msrdp.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = crn.us.rp
O18 - Filter: text/html - {34E3D067-D59C-11D9-9E95-445104FFCA2D} - C:\WINDOWS\SYSTEM\EGG.DLL
O18 - Filter: text/plain - {34E3D067-D59C-11D9-9E95-445104FFCA2D} - C:\WINDOWS\SYSTEM\EGG.DLL
It's become a little more annoying this log in. It prevents me from using yahoo by refreshing to the about:blank screen. I'll have to change my e-mail address for the time being.
Thanks.--Ed 
-
Hi,Ed
Ok you should goto Add/Remove Programs & Remove/Uninstall
this item here WinTools
now i have something here not sure if it may work with
Win95 but give it a try.
Please perform the following steps:
1. Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).
2. Download SpSeHjfix.zip and unzip it to it's own folder. Do not run it yet.
3. Download CleanUp! and install it. Start CleanUp! and click on the CleanUp! button. Let it run to completion. It may take a few minutes depending on the size of your hard drive so be patient.
4. Start in Safe Mode Using the F8 method:
* Restart the computer.
* As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.
5. Disconnect from the net and Close ALL OPEN PROGRAMS.
6. Run SpSeHjfix and click on Start Disinfection.
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder that SpSeHjfix is located in.
7. Now run CWShredder and click on the Fix -> button.
8. Reboot and repeat the above process.
Reboot and post a fresh HijackThis log and the log that was created by SpSeHjfix.
HGD 
& you are running an way out of date IE we will work on that after
-
HJThis, as requested I followed your instructions. Here are the two logs:
The HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:43:58 PM, on 08/09/2005
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TP98.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
D:\AMERICA ONLINE 6.0\AOLTRAY.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.wowsearch.org/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=crnfw01:81;gopher=crnfw01:81;http=crnfw01:81;h ttps=crnfw01:443;socks=crnfw01:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*.*.*;*.*.rp;*.*.*.rp;*.aweurope.com;192.*.*.*; *.awamericas.com;172.*.*.*;<local>
F1 - win.ini: load=C:\INSIGHT\TOOLS\aiclient.exe
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\WINDOWS\TEMP\MegaHost.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\TEMP\WTUNINST.EXE /remove
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: America Online 6.0 Tray Icon.lnk = D:\America Online 6.0\aoltray.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O13 - WWW. Prefix: http://
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://offsite.cendantmobility.com/msrdp.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = crn.us.rp
and the SpSeHjFix Log:
(8/9/05 8:04:01 PM) SPSeHjFix started v1.09
(8/9/05 8:04:02 PM) OS: Win95 B (4.0.67306684)
(8/9/05 8:04:02 PM) Language: english
(8/9/05 8:04:19 PM) Disinfect started
(8/9/05 8:04:19 PM) Bad-Dll(IEP): se.dll
(8/9/05 8:04:19 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\EGG.DLL
(8/9/05 8:04:19 PM) Searchassistant Uninstaller - Keys Deleted
(8/9/05 8:04:19 PM) UBF: 6
(8/9/05 8:04:19 PM) UBB: 1
(8/9/05 8:04:19 PM) FilterKey: HKCR\text/html (deleted)
(8/9/05 8:04:19 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(8/9/05 8:04:19 PM) FilterKey: HKCR\CLSID\{34E3D067-D59C-11D9-9E95-445104FFCA2D} (deleted)
(8/9/05 8:04:19 PM) FilterKey: HKCR\text/plain (deleted)
(8/9/05 8:04:19 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(8/9/05 8:04:19 PM) FilterKey: HKCR\CLSID\{34E3D067-D59C-11D9-9E95-445104FFCA2D} (error while deleting)
(8/9/05 8:04:19 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{34E3D068-D59C-11D9-9E95-445175605E5F} (deleted)
(8/9/05 8:04:19 PM) BHO-Key: HKCR\CLSID\{34E3D068-D59C-11D9-9E95-445175605E5F} (deleted)
(8/9/05 8:04:19 PM) UBR: 15
(8/9/05 8:04:19 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(8/9/05 8:04:19 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://C:\WINDOWS\TEMP\se.dll/sp.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://C:\WINDOWS\TEMP\se.dll/sp.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(8/9/05 8:04:19 PM) Stealth-String found: C:\WINDOWS\SYSTEMX � � X � � 23� � � IEFixedFontNameGulimche� � � IEPropFontNameGulim% * � � � CTLsm� � # % + � � � Roottp://www.yah
(8/9/05 8:04:19 PM) File added to delete: c:\windows\system\egg.dll
(8/9/05 8:04:19 PM) File added to delete: c:\windows\system\egg.dll
(8/9/05 8:04:19 PM) File added to delete: c:\windows\temp\se.dll
(8/9/05 8:04:19 PM) File added to delete: c:\windows\systemx � � x � � 23� � � iefixedfontnamegulimche� � � iepropfontnamegulim% * � � � ctlsm� � # % + � � � roottp://www.yah
(8/9/05 8:04:19 PM) Reboot
(8/9/05 8:06:39 PM) SPSeHjFix 2nd Step
(8/9/05 8:06:41 PM) RunServicesOnce-Key: (edited)
(8/9/05 8:07:08 PM) Cleaned
(8/9/05 8:34:15 PM) SPSeHjFix started v1.09
(8/9/05 8:34:15 PM) OS: Win95 B (4.0.67306684)
(8/9/05 8:34:15 PM) Language: english
(8/9/05 8:34:17 PM) Disinfect started
(8/9/05 8:34:17 PM) Bad-Dll(IEP): (not found)
(8/9/05 8:34:17 PM) Bad-Dll(IEP) in BHO: (not found)
(8/9/05 8:34:17 PM) UBF: 4
(8/9/05 8:34:17 PM) UBB: 0
(8/9/05 8:34:17 PM) UBR: 14
(8/9/05 8:34:17 PM) Bad IE-pages:
(8/9/05 8:34:18 PM) Stealth-String found: C:\Program Files\Common Files\Symantec Shared\SMTPCLI.DLL
(8/9/05 8:34:18 PM) File added to delete: c:\program files\common files\symantec shared\smtpcli.dll
(8/9/05 8:34:18 PM) Reboot
(8/9/05 8:36:36 PM) SPSeHjFix 2nd Step
(8/9/05 8:36:37 PM) RunServicesOnce-Key: (edited)
(8/9/05 8:36:41 PM) Cleaned
Let me know what you think. Thanks.
-
Hi,icondewit
Hehe i just happen to see you are running Win95
nice work by the way.
Press control-alt-delete to get into the task manager and end the follow processes if they exist:
WTOOLSA.EXE
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.wowsearch.org/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
These 2 items here are you using a Proxy Server if yes do not fix them.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=crnfw01:81;gopher=crnfw01:81;http=crnfw01:81;h ttps=crnfw01:443;socks=crnfw01:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*.*.*;*.*.rp;*.*.*.rp;*.aweurope.com;192.*.*.*; *.awamericas.com;172.*.*.*;<local>
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\WINDOWS\TEMP\MegaHost.dll (file missing)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\TEMP\WTUNINST.EXE /remove
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = crn.us.rp
Make sure you can view hidden and system files: Instructions here
Then Boot to safe mode: Instructions here
Delete the following files\folders IF still present:
C:\PROGRA~1\COMMON~1\WINTOOLS\<--This folder
C:\WINDOWS\TEMP\<--Clean out this folder but do not delete the folder it's self again keep folder just clean it out
Then do this here
click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS
That will change everything back to defaults (M$)......
Change your homepage and search engines to whatever you wish and reset your pc.
When it boots back up, open IE and see if the page stays the way that you set it.
& get this here out of the way
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
1. Change the Download signed ActiveX controls to Prompt
2. Change the Download unsigned ActiveX controls to Disable
3. Change the Initialize and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
Then do a reboot & i need you to run not walk over to windowsupdate site
& update IE & get any updates they have for your OS
Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.
once done with all above show me one more logfile
HGD 
-
HJThis, I followed your instructions and Internet Explorer seems to be working just as well as before. Thank you for your help.
Before I post the HJThis.log, I thought I'd let you know I'll be using this PC until I drive it into the ground. It is a laptop and I have been able to log on while on the road using it. It gets the job done despite being on Windows 95 with an old Pentium 133 chip. It won't be able to support IE6, but since I access the internet through AOL, I can use their browser in AOL 6.0. I like using IE because I get more screen control, but I can use filters and stuff on my AOL account that keep me away from the danger sites (I think).
I have another laptop that runs IE 5.5 and Win 95. It, too, is infected. I'll clean that up with the stuff you've set me up with. If I think I'm getting out of my league, I'll post another message. This second laptop is for the kids (5 and under, right now), and they have an AOL account that I've set up with few log ons. Most of this PC is or the game CDs we've acquired over the years.
Here's the log. If you have any low system requirement spyware blockers out there, let me know. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 4:08:53 PM, on 08/14/2005
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\THINKPAD\TP98.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
D:\AMERICA ONLINE 6.0\AOLTRAY.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\AMERICA ONLINE 6.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F1 - win.ini: load=C:\INSIGHT\TOOLS\aiclient.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: America Online 6.0 Tray Icon.lnk = D:\America Online 6.0\aoltray.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
--icondewit
-
Hey,icondewit
You know what i say as long as it is working keep it
now for the logfile looks good.
if you have any more problems you know where we are
This here
If you have any low system requirement spyware blockers out there, let me know. Thanks.
are you asking me if i know of any???
or that you have one
HGD
-
HJThis, AOL has some free spy-blockers I can download, but I haven't looked into system requirements yet. If you have any tips, let me know. Thanks again.--icondewit
-
Hi,icondewit
Well for Win95 off the top of my head no but
i will look in to it if i forget send me a hey what's-up
HGD
