Computer been hijacked - slow & different

[guestolo]

Your Hijackthis log shows your using IE5
Wierd it's showing IE6 in  Add/Remove programs

But can you try the following please
Navigate to your C:\Windows\System folder
In the System folder
Look for
setupwbv.dll
If found right click on and rename that file too
setupwbv.old

Then download and save to your desktop setupwbv.zip
 UNZIP to your System folder
This copy of setupwbv.dll
[attachment=297:attachment]

Restart your computer
Try repair IE again or removing it
Let me know if that works

If not we may have to use a tool such as IEEradicator and remove IE and then reinstall

[mom2jam]

Renamed that file and tried to repair IE.  It would not repair, said 5.0 existed but needed to be 6.0xxxx or higher.  Very strange.  Anyway in add/remove programs when I highlight IE 6.0 it does not give me and option to remove only repair or install new components. So I guess let's eradicate.

Thank you for your expertise.

[guestolo]

Did you try the Repair option in Add/Remove programs?
IE6 doesn't appear to ever get installed correctly
You could try install new component and try Installing IE6
Select the options under IE6
You shouldn't need the language support option
Look carefully at what to install
Try that first, I want to leave IEEradicator till later if possible
I've never used it but it does do the job

If we go this route, we'll also get you to Download the full offline install of IE6
But try the repair first please

[mom2jam]

Did you try the Repair option in Add/Remove programs?  Yes.  It would not let me repair.  

So I tried installing new components.  I clicked everything I wanted even though it told me bolded ones did not need updating. That seemed to do the trick!  It actually installed some things.  
Now I can get windows update to work and after numerous restarts I think I have updated Windows with everything but a several different language menus. It appears that IE 6.0 is properly loaded on the computer.

Thank you.  Where do we go from here?

[guestolo]

Since you weren't able to complete the scan at Panda's earlier, can you try now
Use IE
Post back the report later
Could I also see one last Hijackthis log, thanks

P.S. I just realized I asked you to Repair IE two or more times and you told me you did a couple of times  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />
I guess I better read a little closer  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[mom2jam]

I have tried several times to complete the scan at Panda and have been unsuccessful. My machine has frozen and does not complete the scan.

Here is the latest HiJack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:05:12 PM, on 8/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Thank you.
Thank you.

[guestolo]

Log looks good, not sure why the scan wont' complete at Panda's
Did the one at Trend Micro's complete?

You should set up protection against future attacks

SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

For the times you have to use IE
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

[Guest]

Trendmicro's scan report:

Critical   This vulnerability allows an attacker to cause a denial of service attack by sending malformed, fragmented IGMP packets.     MS99-034
Critical   This vulnerability could allow an attacker to cause a denial of service via a pathname that includes file device names.     MS00-017
Highly Critical   This vulnerability enables a remote attacker to access a Windows 9x/ME shared file without having to know the entire password assigned to that share, since just by sending a 1-byte password that matches the first character of the real password could allow access to that share.     MS00-072
Moderate   A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation.     MS04-018
Critical   This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system.     MS05-013


No Virus, no trojans, 3 spywares which I removed and the above 5 Microsoft vulnerability.
The fixes/patches from Microsoft will not download.  Get time out errors. "Page cannot be displayed"  Any idea on how to get the patches to download?

Going to download prprotection now.

Thank you again.

[guestolo]

Are you able to go directly to Windows updates and download all latest critical updates?
This may help to identify if you can reach any other updates
Try removing Windows updates from your Trusted sites and restart IE and see if it's any help
It may not help, but I want to make sure

[mom2jam]

Went to Windows update - no critical updates to download.
None of the "non-critical" ones were addressed the above issues.

Removed Windows update from trusted sites and was able to get 4 out of 5 of the patches to download.  The fifth said it required XP.  I searched for the patch for 98 and it should have been taken care of when updated IE to 6.

Going to runt he scan again to ensure all risks were taken care of.

[mom2jam]

Ran scan again and this time found no security issues.  Guess all is okay.  Thank you very much.  It's all running a lot smoother now.  Unless there is something else you recommend, I think I'm good.  Again thanks.

Have a great day!

[guestolo]

Thanks for posting back, I'll lock this topic as it appears resolved
If you need it reopened, please PM a Mod or the site Admin and supply a link to this thread

Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />