Hi!
I am having a strange problem with my system. I have two
operating systems ( Windows 98 & Windows XP Professional )
This problem ocurs only on Windows 98.Whenever I load
Windows 98 I keep getting missing shortcut errors. All these
missing shortcuts have .EXE extensions. I scanned my system
with NAV, but it does not detect viruses. I also removed all the
Files from Windows directory but on restarting I still get errors
but these have different names. All these shortcuts have a names
with a peculiar combinations of numbers and alphabets with .EXE
extensions which I assume is because of a Virus. How do I remove
this Virus.Windows XP works fine.Please Help Me.
Pran.

Hi pran...Download 'Hijack This!'(not into a temp folder) Unzip, doubleclick HijackThis.exe, Check for updates first by clicking the config then tools buttons. and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
Here are a few download sites...
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://www.majorgeeks.com/download.php?det=3155
http://www.sherrylynn.us/HijackThis.exe
It will show what's running on your computer...Don't make any changes until
someone checks it out.;)

Hi pran...Download 'Hijack This!'(not into a temp folder) Unzip, doubleclick HijackThis.exe, Check for updates first by clicking the config then tools buttons. and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
Here are a few download sites...
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://www.majorgeeks.com/download.php?det=3155
http://www.sherrylynn.us/HijackThis.exe
It will show what's running on your computer...Don't make any changes until
someone checks it out.;)

[QLogfile of HijackThis v1.97.7
Scan saved at 6:53:32 PM, on 3/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMON98.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMONTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO UNINSTALLER SUITE\UIWATCHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SAMSUNG\SAMSUNG INTERNET KEYBOARD\MMKBD.EXE
C:\PROGRAM FILES\AZUREBAY\AZUREBAY SCREEN SAVER\WPCHANGER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\QDC0LCDB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1977\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com/sifybroadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zdnetindia.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QDC0LCDB.EXE] C:\WINDOWS\QDC0LCDB.EXE /dk
O4 - HKLM\..\RunServices: [IMON] C:\Program Files\Intel\Intel(R) Active Monitor\imon98.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO UNINSTALLER SUITE\UIWatcher.exe
O4 - HKCU\..\Run: [QDC0LCDB.EXE] C:\WINDOWS\QDC0LCDB.EXE /dk
O4 - Startup: Samsung Internet Keyboard.lnk = C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: BA8ULFN5.lnk = C:\WINDOWS\ba8ulfn5.exe
O4 - Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Startup: WZUP8680.lnk = C:\WINDOWS\wzup8680.exe
O4 - Startup: AM47JIYD.lnk = C:\WINDOWS\am47jiyd.exe
O4 - Startup: 3ZN10XYF.lnk = C:\WINDOWS\3zn10xyf.exe
O4 - Startup: L48DAJZ9.lnk = C:\WINDOWS\l48dajz9.exe
O4 - Startup: 2W0ZR5CY.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032515.EXE
O4 - Startup: VX6BX184.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032499.EXE
O4 - Startup: KYD9P9DB.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032518.EXE
O4 - Startup: THA5KRW6.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032501.EXE
O4 - Startup: AREGON.lnk = C:\WINDOWS\aregon.exe
O4 - Startup: WCU4RG5W.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032498.EXE
O4 - Startup: 7QLWUEIC.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032509.EXE
O4 - Startup: JTP4W06O.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032503.EXE
O4 - Startup: IIOY1CGW.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032516.EXE
O4 - Startup: C8M39R1Z.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032514.EXE
O4 - Startup: 04CEK97H.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032513.EXE
O4 - Startup: V3NHM4ZT.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032500.EXE
O4 - Startup: FNBZH5T7.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032504.EXE
O4 - Startup: DNE67UR1.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032505.EXE
O4 - Startup: WN5VOHNQ.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032520.EXE
O4 - Startup: JUHU69CO.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032502.EXE
O4 - Startup: R0VLMERO.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032497.EXE
O4 - Startup: 4VJ0EM24.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032507.EXE
O4 - Startup: 0DV3TIMK.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032512.EXE
O4 - Startup: 90LHBHUN.lnk = C:\WINDOWS\90lhbhun.exe
O4 - Startup: 46Y5EF36.lnk = C:\WINDOWS\46y5ef36.exe
O4 - Startup: K545P043.lnk = C:\WINDOWS\k545p043.exe
O4 - Startup: 3MAYV0Y0.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032506.EXE
O4 - Startup: 9ENVYFOY.lnk = C:\WINDOWS\9envyfoy.exe
O4 - Startup: 7MQ7R33W.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032508.EXE
O4 - Startup: JVKPG666.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032517.EXE
O4 - Startup: MYCRJYWU.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032519.EXE
O4 - Startup: 1N4CHVGY.lnk = C:\System Volume Information\_restore{5A5DFEEA-32AB-428F-8A99-8487956FC017}\RP20\A0032511.EXE
O4 - Startup: QDC0LCDB.lnk = C:\WINDOWS\qdc0lcdb.exe
O4 - Global Startup: WZUP8680.lnk = C:\WINDOWS\wzup8680.exe
O4 - Global Startup: L48DAJZ9.lnk = C:\WINDOWS\l48dajz9.exe
O4 - Global Startup: AM47JIYD.lnk = C:\WINDOWS\am47jiyd.exe
O4 - Global Startup: 4VJ0EM24.lnk = C:\WINDOWS\4vj0em24.exe
O4 - Global Startup: 90LHBHUN.lnk = C:\WINDOWS\90lhbhun.exe
O4 - Global Startup: 46Y5EF36.lnk = C:\WINDOWS\46y5ef36.exe
O4 - Global Startup: K545P043.lnk = C:\WINDOWS\k545p043.exe
O4 - Global Startup: 9ENVYFOY.lnk = C:\WINDOWS\9envyfoy.exe
O4 - Global Startup: AREGON.lnk = C:\WINDOWS\aregon.exe
O4 - Global Startup: QDC0LCDB.lnk = C:\WINDOWS\qdc0lcdb.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = www.sify.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.144.115.4,202.144.66.6

UOTE=Pran] Hi dammit!Here's the scanlog info u asked for.

Hi again...there are a lot of startups for system restore in there which are causing the problem...as 98 does not have system restore...I don't think...can you confirm this ?

I've just had it confirmed...it doesn't.
Right click on my computer select Properties, System Restore tab. In the "Available drives" field, there will probably a reference to the drive on which resides WIN98. click on the reference to that drive letter to highlight it, then click on Settings button, then click in checkbox beside "Turn off System Restore on this drive", click on OK, click on Yes in the "Are you sure??" dialogue box, then click on OK again.

Reboot and post back a new log.