neal, please help me... i have alot of viruses on this computer and i have tried installing avg but it says that they dont support old computers. mine is windows 98. i have currently no antivirus installed. this is my friends computer. he has previously installed vx2000 antivirus i think, and that antivirus was long time outdated i think. please help me. i have tried installing ad aware also but it says it supports only windows 2000 oR higgher

this is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:58 PM, on 04/04/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Boot mode: Normal

Running processes:
D:\WIN\SYSTEM\KERNEL32.DLL
D:\WIN\SYSTEM\MSGSRV32.EXE
D:\WIN\SYSTEM\SPOOL32.EXE
D:\WIN\SYSTEM\MPREXE.EXE
D:\WIN\SYSTEM\MDM.EXE
D:\WIN\SYSTEM\HPBPRO.EXE
D:\WIN\SYSTEM\HPBOID.EXE
D:\WIN\SYSTEM\RPCSS.EXE
D:\WIN\SYSTEM\mmtask.tsk
D:\WIN\SYSTEM\DDHELP.EXE
D:\WIN\TASKMON.EXE
D:\WIN\HELP\SACHIEL.SYS.BAT
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\WIN\SYSTEM\SYSTASK.EXE
D:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EX E
D:\WIN\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\WIN\SYSTEM\SYSTASK.EXE
D:\WIN\EXPLORER.EXE
D:\WIN\SYSTEM\SYSTRAY.EXE
D:\WIN\SYSTEM\SMTRAY.EXE
D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWIZARD.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\WIN\SYSTEM\SYSTASK.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\WIN\SYSTEM\RNAAPP.EXE
D:\WIN\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - D:\WIN\DREXINIT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WIN\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] D:\WIN\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WIN\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CDWizard] D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWizard.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Mmsystem] D:\WIN\help\Sachiel.sys.bat
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [Kernel32] D:\WIN\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [LoadService] D:\WIN\SYSTEM\SysTask.exe /run
O4 - HKLM\..\RunServices: [Machine Debug Manager] D:\WIN\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HP Port Resolver] D:\WIN\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] D:\WIN\SYSTEM\hpboid.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: FOLDER.HTT (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246

--
End of file - 4903 bytes

Uninstall mywebsearch if present in add/remove program, reboot afterward




Run hijackthis and click on "scan system only" button and put checks next to these:


[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com

O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - D:\WIN\DREXINIT.DLL

O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)


Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"


Delete folder in bold:

D:\Program Files\MyWebSearch


Reboot your PC


Online scan here:

http://www.windowsecurity.com/trojanscan/trojanscan.asp


Is this computer in Texas?

Originally Posted by Neal

Uninstall mywebsearch if present in add/remove program, reboot afterward

could not find this in the add/remove program. i have 2 accounts. one is the default one and another one is the personal account. when i remove the things you asked me to,and also the other things, do i need to do on the default account also, as i am currently using the personal account now.

Originally Posted by Neal

Online scan here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp
Is this computer in Texas?

when i did the online scan, i recieved an error when i enter the website without doing anything. look at the attachment below with the name error. when i clicked okay, the file attachment named problem, it was like that for sometime without loading. and this computer is not in texas. y do you say that?? you scaned my ip add??

this is the new hjkthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:04 AM, on 05/04/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Boot mode: Normal

Running processes:
D:\WIN\SYSTEM\KERNEL32.DLL
D:\WIN\SYSTEM\MSGSRV32.EXE
D:\WIN\SYSTEM\MPREXE.EXE
D:\WIN\SYSTEM\mmtask.tsk
D:\WIN\SYSTEM\MDM.EXE
D:\WIN\SYSTEM\HPBPRO.EXE
D:\WIN\SYSTEM\HPBOID.EXE
D:\WIN\SYSTEM\RPCSS.EXE
D:\WIN\EXPLORER.EXE
D:\WIN\TASKMON.EXE
D:\WIN\SYSTEM\SYSTRAY.EXE
D:\WIN\SYSTEM\SMTRAY.EXE
D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWIZARD.EXE
D:\WIN\HELP\SACHIEL.SYS.BAT
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\WIN\SYSTEM\SYSTASK.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
D:\WIN\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EX E
D:\WIN\SYSTEM\WMIEXE.EXE
D:\WIN\SYSTEM\DDHELP.EXE
D:\WIN\SYSTEM\PSTORES.EXE
D:\WIN\SYSTEM\RNAAPP.EXE
D:\WIN\SYSTEM\TAPISRV.EXE
D:\WIN\SLRUNDLL.EXE
D:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gratisweb.com/machinedramon/ramiel.zip
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WIN\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] D:\WIN\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WIN\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CDWizard] D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWizard.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Mmsystem] D:\WIN\help\Sachiel.sys.bat
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [Kernel32] D:\WIN\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [LoadService] D:\WIN\SYSTEM\SysTask.exe /run
O4 - HKLM\..\RunServices: [Machine Debug Manager] D:\WIN\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HP Port Resolver] D:\WIN\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] D:\WIN\SYSTEM\hpboid.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: FOLDER.HTT (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

--
End of file - 4053 bytes

This is from Texas:

O15 - Trusted IP range: 67.19.185.246

Fix it if it wasn't put there by you guys.


Log into other account after we get this account ok.


This will work on win98: Free anti-virus

http://www.grisoft.com/us.product-av...s-free-edition

http://www.clamwin.com/

Get one of those, update it and run a scan then tell me what is going on now with this account.

okay, i have installed the avg. i have updated and did the scanning. i scan it for 3 times . the 1st time, it manage to delete quite a FEW. but the other 2 scans nothing was deleted but it manage to find a lot of threats. look at the attached picture.


this is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:45 PM, on 07/04/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Boot mode: Normal

Running processes:
D:\WIN\SYSTEM\KERNEL32.DLL
D:\WIN\SYSTEM\MSGSRV32.EXE
D:\WIN\SYSTEM\MPREXE.EXE
D:\WIN\SYSTEM\mmtask.tsk
D:\WIN\SYSTEM\MDM.EXE
D:\WIN\SYSTEM\HPBPRO.EXE
D:\WIN\SYSTEM\HPBOID.EXE
D:\WIN\SYSTEM\RPCSS.EXE
D:\WIN\EXPLORER.EXE
D:\WIN\TASKMON.EXE
D:\WIN\SYSTEM\SYSTRAY.EXE
D:\WIN\SYSTEM\SMTRAY.EXE
D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWIZARD.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
D:\WIN\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EX E
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\WIN\SYSTEM\WMIEXE.EXE
D:\WIN\SYSTEM\DDHELP.EXE
D:\WIN\SYSTEM\RNAAPP.EXE
D:\WIN\SYSTEM\TAPISRV.EXE
D:\WIN\SLRUNDLL.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gedzaclabs.host.sk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WIN\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] D:\WIN\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WIN\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CDWizard] D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWizard.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] D:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] D:\WIN\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HP Port Resolver] D:\WIN\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] D:\WIN\SYSTEM\hpboid.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: FOLDER.HTT (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

--
End of file - 4064 bytes


*** i have put a tick on the texas ip add but it seems that on this log, that appears again. dont know why.

Do you have the whole log avg made so you can post it. Maybe it found a bunch of cookies.

How is the PC behaving now?

Is this your start page:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gedzaclabs.host.sk


Physically take that IP out of the trusted sites zone then reboot and fix it again with hijackthis.


This online scanner below works with win 98:

http://www.eset.com/onlinescan/index.php


Post the results

here is the avg log that you had asked for but i am not sure if this is the log that you were asking for.

as i have tried copying the whole thing here, it wont allow me to post it as it is to long the post. so refer to the attachment for the avg log.



the pc is behaving very weird. sometimes it hangs and a blue screen pops up saying something about windows.

that is my homepage. i will change it soon. i know there is nothing on that site as i just tested it

<quote>Physically take that IP out of the trusted sites zone then reboot and fix it again with hijackthis.</quote>
rebooted but it was not found in the hijackthis so i didnt have to fix it


i did the scan online. and here is the thing. when i went to the site, i installed the thing that they wanted me to install. i chose this option. remove found threat
scan unwanted applications. after a while, when it was scanning, it had found 7 threats and suddendly the computer hanged. i didnt use the computer at all. i left it for scanning. after hanging, i rebooted the computer and re scanned the pc. after that, it manage to complete the whole scan and it had found 1 threat. the next thing is that, when i click the overview (i think), i couldnt click it so i counld not get the result for the online post. what do you want me to do??

here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:25 PM, on 08/04/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Boot mode: Normal

Running processes:
D:\WIN\SYSTEM\KERNEL32.DLL
D:\WIN\SYSTEM\MSGSRV32.EXE
D:\WIN\SYSTEM\SPOOL32.EXE
D:\WIN\SYSTEM\MPREXE.EXE
D:\WIN\SYSTEM\MDM.EXE
D:\WIN\SYSTEM\HPBPRO.EXE
D:\WIN\SYSTEM\HPBOID.EXE
D:\WIN\SYSTEM\RPCSS.EXE
D:\WIN\SYSTEM\mmtask.tsk
D:\WIN\EXPLORER.EXE
D:\WIN\TASKMON.EXE
D:\WIN\SYSTEM\SYSTRAY.EXE
D:\WIN\SYSTEM\SMTRAY.EXE
D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWIZARD.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER. EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EX E
D:\WIN\SYSTEM\WMIEXE.EXE
D:\WIN\SYSTEM\RNAAPP.EXE
D:\WIN\SYSTEM\TAPISRV.EXE
D:\WIN\SLRUNDLL.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gedzaclabs.host.sk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WIN\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] D:\WIN\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WIN\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CDWizard] D:\PROGRAM FILES\CYBERLINK\CDWIZARD\CDWizard.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] D:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] D:\WIN\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HP Port Resolver] D:\WIN\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] D:\WIN\SYSTEM\hpboid.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: FOLDER.HTT (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

--
End of file - 4081 bytes

looks real bad:

http://www.trendmicro.com/vinfo/viru...e=VBS_REDLOF.A



http://www.pandasecurity.com/homeuse...ir-utilities/?

The above link has a remover for Redlof.B, try running it, other then that, I don't know.

http://kb.wisc.edu/helpdesk/page.php?id=2389


http://www.emsisoft.com/en/support/m...owmalware=worm

Worm.VBS.Redlof.b remover also at the above link


Good luck

looks real bad:

http://www.trendmicro.com/vinfo/viru...e=VBS_REDLOF.A

http://www.pandasecurity.com/homeuse...ir-utilities/?

The above link has a remover for Redlof.B, try running it, other then that, I don't know.

the 1st link is for Redlof.a but not for Redlof.B. but is both still the same. can i still use it?? if you read in that site, it doesnt say for win 98.

just google this:

Redlof.B remover

just do the B ones