My very hijacked computer

[Romial]

Hiya, normally I don't have any problems, but I just started using this old machine again and I thought I had it properly protected from these kind of attacks, but looks like I forgot to protect it, whoops. So anyways here's the problem I'm getting now. I'm getting an 'Explorer' error when I first boot up to desktop, I get it in safe mode too. Doesn't say what caused it though, just explorer. And here is my hijack this. This is after running ad-aware SE and it being updated.
Seems like everytime I reboot, they come back. What should I do?

Oh, and I'm running 98SE.  

Logfile of HijackThis v1.99.0
Scan saved at 10:51:12 PM, on 2/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {CEA438E1-7BE0-11D9-B697-00A0E315BE94} - C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.crazywinnings.com
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web...hm::/update.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[guestolo]

You may have a new virus on your computer that infects explorer.exe

Everyone's still seeking a good fix for this

But>>There may be a method to get rid of this
I'm trying one procedure on an XP machine
I believe the methods will be a little different on a 98 machine

Can you access the Internet with this computer
I need you to download the Trial Version of Kapersky's

I have to be honest that I've never ran this version
But there is No product key to purchase
I'll leave it up to you to ensure that it's virus definitions are right up to date
This is not to get you to purchase Kapersky's, but this may work with this new infection

Download the trial version KAV 5.0 personal, install, update the definitions, set it up to Ensure it is set to use extended databases
and then do a full system scan.
Link
http://www.kaspersky.com/trials

After you have run a full system scan
If you can post a log from Kapersky's that would be great, if not don't worry about it


Let's have a double check also
Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL  C" on your Keyboard to copy all found in the lower pane  and paste it in your next reply.

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

Post back a fresh hijackthis log afterwards too
Try not too shut down or restart your computer after posting the logs

P.S. We should find you a free Anti-Virus software if you don't have one too install
and if you don't intend on purchasing one, but I need you too do the above first

[Romial]

I worked on it a little myself and ran an anti-virus and got rid of the explorer error pop up box. I want to uninstall the google toolbar as I don't think that's the newest one anyways, but I don't know how to as when I go to add/remove programs, google isn't on there. But there is a folder in the program files that only has 1 file in it, and that is Googletoolbar1.dll Should I delete that and let hijack this fix everything google, then update to the newest one? Also, why am I loading at 640x480 and only with 18 colors? I know this is an old computer, but it used to run on 800x600 and 32 bit colors, and everytime I try to fix it and hit reply, it wants me to restart and when I restart it doesn't change. And why am I being asked to log in everytime I load windows? That didn't happen before either, how do I fix that? So that's the only probs I have right now.

C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

[guestolo]

The Mwav scan doesn't take that long too run, maybe 30 minutes or a bit longer
It might uncover other nasties
As mentioned there is nothing to install
Just save it and double click to run it

You didn't post back with a whole Hijackthis log

It appears that the scan at Panda's has removed the main infection
Good job
But you may still have leftovers
Possibly causing reinfection
This entry in your log
C:\WINDOWS\SYSTEM\boln.dll (file missing)
is related too the infection

You have next to nothing running on your computer including any Virus Software
If online your asking for troubles.....

Google Toolbar>>It was probably not removed properly
I would install it again and then Uninstall it from the Add/Remove programs
It such a small download, i would opt to try that way first
Then that should get rid of the leftovers
Later you can install it again
http://toolbar.google.com/

If you require any more assistance please post the mwav scan results
This may help others in the future too.....
Thanks, your call

[guestolo]

Locking this topic as it appears to be dead....