and they are supposedly "successfully moved to the chest" of Avast. I am still so nervous about it - I mean to tell you, my PC has been doing ALL SORTS of weird stuff too - kept throwing me off its "scent" by disconnecting my (Comcast) cable connection, then freezing up, thn pages wouldn't load at all, and finally I couldn't shut it down the right way - had to cut the power completely!

I've talked to Comcast, Aol, and HP - nobody even suggested it, but my problem is not their problem in this case. Eventually I couldn't get on line at all. That's when I ran Avast - and here I am online with you. First thing I did was (finally) DL HJT and WINZIP, ran it, and came "running" here with it for ya'll to check. Do you mind having a look? (i wasn't able to run one prior to running Avast!)

BTW, yesterday I ran Spysweeper and it found 21 items (from "180search" to "hi5", "keenvalue", and "coolsavings" with 37 traces! AOL Spyware Protection found 2 (abetterinternet and Network1.Popups) What a mess - I'm on "pins and needles" till my new PC gets back!

Here's some brief pertinent background facts: This is NOT my new PC - it's old, with AOL and Windows 98! My new one finally crashed completely and it is HP's repair people's hands. I'm on this one temporarily (1 more week or so)- but it's been nothing but problems -I do have the old PC hooked up to the cable modem (I'm still getting over the shock of having to go back to W 98 & Dial-up!)

So, here goes (and thank you)

Logfile of HijackThis v1.99.1
Scan saved at 5:14:30 PM, on 8/13/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ASHSERV.EXE
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOL.EXE" -b
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamgame.com/java2/cabs/swing.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/ao...S.9.1.6.20.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/ps.../axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-c.mhi.aol.com/netagent/o.../custappx2.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/ca...ile=stamps.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/o...abs/cssweb.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

Forgot to say - I took Spysweeper off today because it started doing really weird stuff too.


wasn't sure if you needed this - it might help:

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
avast! Antivirus
Diskeeper Lite
ePrompter
FastStone Photo Resizer 1.4
HijackThis 1.99.1
HP Deskjet 5400 series
HP Image Zone 4.7
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
Internet Explorer Q891781
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 5
Kodak EasyShare software
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office 97, Professional Edition
Microsoft VGX Q833989
Opera 9.01
Pop-Up Stopper Free Edition
QuickTime
RealPlayer Basic
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Viewpoint Media Player
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q890175 Update
Windows Media Player 7.1
WinZip

Hi,


Remove Viewpoint Media Player from add/remove program.


Reboot



To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.


Then Reboot (Exit)


Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

Guess what? Threw PC in trash! No, not really! Just joking! But, I am back on my new PC now - freshly back from HP repair - and get this - I've already had to do another destructive recovery - this time with them on the phone! It wouldn't get thru start up at all - they had me tap F10 till I got to the recovery screens - it wouldn't do that before - files were all corrupt! I guess they reloaded Windows (do you think that's what they did?)

So, now I have a clean PC - and I'd like to keep it that way.

I immediately activated Norton (AV, AS, and FW) and loaded on Ad-Aware, free trial of Spy Sweeper (til I find receipt that shows I bought the full service) and I loaded Diskeeper Lite and Ccleaner - did I leave anything out? Got pretty clean results (except for 4 negligible objects from AdAware)

What else can I do to stay un-infected? I wish I could prevent those "medium risk" tracking cookies? The web host I use notoriously floods me with them. I hate it and don't think it's fair - but such is the price for a free host. I love the host so much though (Bravenet.com) - any advice on blocking them without blocking me from the host? One day, I will be upgrading to a "paid" site but I'm not comfortable with my "webmaster" abilities yet!

Thank you - I'm going to put off doing anything to that old (infected) computer - will probably end up having to fork out the $300 for the full version of Xp. hate to - may not - any advice?

Geni

By the way - regarding the HJT log above - were all of those "016" entries bad stuff?