My computer has been freezing a lot. When I push ctrl alt del, it says Explorer isn't responding. Half of the time when I click end task, my desktop icons don't come back. I also get a lot of Illegal Operations from Explorer.

Also, I have tried to use the backup program in System Tools that Windows came with and the program doesn't start at all. It says the MSVCIRT.DLL file is missing.

I have EZ Recovery and it's supposed to backup everything every month, but it can't because it says a .cpl file is missing.

Hi blue_70517, it might help if we can see what is running on your PC. Go here (http://www.cybertechhelp.com/download.php?hijackthis1977.zip) and download the latest version of Hijack This to a new folder on your drive, unzip it and click on scan. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread.

Logfile of HijackThis v1.98.2

Scan saved at 12:12:39 AM, on 8/21/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NAV\HOTKEY.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

D:\PROGRAM FILES\EGAMES\CHINESE CHECKERS\CHINESE_CHECKERS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://security.kolla.de/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://security.kolla.de/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ;;;

O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL

O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SoloSentry] D:\SRNMIC~1\SOLOSENT.EXE

O4 - HKLM\..\Run: [pccguide.exe] "D:\Trend Micro\pccguide.exe"

O4 - HKLM\..\Run: [PCCIOMON.exe] "D:\Trend Micro\PCCIOMON.exe"

O4 - HKLM\..\Run: [PCClient.exe] "D:\Trend Micro\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "D:\Trend Micro\TMOAgent.exe" /run

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR

O4 - HKLM\..\RunServices: [PCCIOMON.exe] "D:\Trend Micro\PCCIOMON.exe"

O4 - HKLM\..\RunServices: [PccPfw] D:\Trend Micro\PccPfw.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: iRis AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM95\AIM.EXE

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/20a7f3a22d9334d8e402/netzip/RdxIE.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29b0d2b4627640680203/netzip/RdxIE601.cab

O16 - DPF: Yahoo! Chat 1.3 - http://cs4.chat.yahoo.com/c134/chat.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt0_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

Hi blue_70517, I havent seen the below entries in a log before. What can you tell me about them?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://security.kolla.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://security.kolla.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://security.kolla.de/

I take it that you still have Spybot installed but I cannot see the BHO?

I see that Spybot has placed restrictions on Control Panel. Which .cpl file does EZ Recovery report as missing?

All of those are from Spybot. I downloaded all the critical updates for windows, cleaned my computer with a virus scanner, spybot, and adaware and my home page was still getting hijacked. So I used the change function in spybot for browser pages, since they were apparently still on my computer. That is also why I locked my home page. I didn't want another hijacker.

As for the cpl problem on EZ Recovery, apparently it's not a problem anymore because I tried a backup and it backed up for today's date. The Backup program in the start menu still doesn't work though.

OK, try uninstalling and reinstalling MS Backup, see instructions here (http://support.microsoft.com/default.aspx?kbid=306325). You will need your Win98 CD.

If you are still having problems with Explorer, disable your AV and go here (http://www.ravantivirus.com/scan/howto-scan.php) and run the online scanner. RAV generates a log file. If a virus is detected, please copy the log and post it back in this thread.

RAV log

c:\WINDOWS\HTMLHELP.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\ADCRLNTS.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\ADORLNTS.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\IIRNLINK.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\IISREAD.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\MSMQREAD.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\PWS\MTSREL.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\CONTENT.HTM->(SCRIPT0005) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\DEFAULT.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\INTRO.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\NAV.HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC1.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC2.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC3.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC4.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC5.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC6.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\COMPESS\TOPIC7.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\INTRO.HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\SELECT.HTM->(SCRIPT0005) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\BUTT ONS.HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON1.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON2.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON3.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON4.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON5.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\LESS ON6.HTM->(SCRIPT0004) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM1. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM2. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM3. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM4. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM5. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SM6. HTM->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\RESOURCE\DEFAULT.HTM->(SCRIPT0005) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\RESOURCE\MSPRESS.HTM->(SCRIPT0005) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\OPTIONS\CABS\TOUR\RESOURCE\STRTHERE.HTM->(SCRIPT0005) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\drvspace_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\DEVGUIDE.HTM->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\FAQ.HTM->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\RELNOTES.HTM->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\TOURGUID.HTM->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\hwconf_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\lan_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\mdirx_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\mdisp_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\memory_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\mmsn_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\modem_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\msdos_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\pcmcia_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\print_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\sound_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\HELP\startup_result.htm->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\OFFLINE.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\WUM.HTM->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\ccnews.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\ccbiz.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\ccent.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\ccsports.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\WEB\cclife.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\DRWATSON\FRAME.HTM->(SCRIPT0001) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\Lifestyle and Travel\cclife.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\Entertainment\ccent. htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\Business\ccbiz.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\Sports\ccsports.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\News and Technology\ccnews.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Favorites\Channels\Broadcast\ccbpc.htm->(SCRIPT0002) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\106_1054650546\20030603072906videoof theday.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\106_1051302416\20030425132656videoof theday.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\3105_1049123287\030331_bods.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4110_1048606931\20030325074211pop.ht ml->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\106_1056551928\20030625073848videoof theday.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\106_1051632433\20030429090713videoof theday.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4130_1051636497\20030429101457rap_hi phop.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4140_1051633797\20030429092957countr y.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\2120_1056576603\20030625143003sweets exy.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\2120_1055864549\annak.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4130_1055860771\20030617073931rap_hi phop.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\104_1057687131\20030708105851weekend movies.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\6510_1059582850\20030730093410realit ytv.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4160_1060704542\20030812090902rock.h tml->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4160_1060714171\20030812114931rock.h tml->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\106_1060789459\20030813084419videoof theday.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\Application Data\Real\Msg\4130_1060789886\20030813085126rap_hi phop.html->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\FOLDER.HT T->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003011220030113\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003062420030625\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003031420030315\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\My Documents\tpp.reg - Worm:WinREG/Cuerpo* -> Infected

OK, go here (http://www.pandasoftware.com/download/utilities/) and download and run the Redlof A and Redlof B removal tools. Reboot after running each tool.

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and delete the below file in bold.

c:\My Documents\tpp.reg

Reboot and run another RAV scan. Post back the results.

Did everything in the message above. Ran RAV again and it doesn't clean any of the files listed in the log I posted earlier. I see that there's some of them I can delete myself, but are there any in the list I CAN'T/SHOULDN'T delete?

Well, with the exception of the last entry, they are Windows and Real Player files however none are critical system files. Uninstall Real Player first (you can reinstall it later if you wish).

Ok, there were some other infected files with *.htm that I had posted in another thread a while back. I never really got a clear answer on if I could delete them. I'm guessing they're not critical either?

c:\WINDOWS\OPTIONS\CABS\TOUR\DEFAULT.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\HIDDEN.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\HIDD EN.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L1FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L2FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L3FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L4FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L5FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\L6FR AME.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME1.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME2.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME3.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME4.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME5.HTM"
c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\CONTENT\SHOW ME6.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\DEFAULT.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\OVERVIEW\HIDDEN.HTM"
"c:\WINDOWS\OPTIONS\CABS\TOUR\WHATSNEW\WHATSNEW.HTM"
"c:\WINDOWS\SYSTEM\PB_BLANK.HTM"
"c:\WINDOWS\SYSTEM\MEMBG.HTM"
"c:\WINDOWS\HELP\DRVSPACE.HTM"
"c:\WINDOWS\HELP\HWCONF.HTM"
"c:\WINDOWS\HELP\LAN.HTM"
"c:\WINDOWS\HELP\MDIRX.HTM"
"c:\WINDOWS\HELP\MDISP.HTM"
"c:\WINDOWS\HELP\MEMORY.HTM"
"c:\WINDOWS\HELP\MMSN.HTM"
"c:\WINDOWS\HELP\MODEM.HTM"
"c:\WINDOWS\HELP\MSDOS.HTM"
"c:\WINDOWS\HELP\PCMCIA.HTM"
"c:\WINDOWS\HELP\PRINT.HTM"
"c:\WINDOWS\HELP\SOUND.HTM"
"c:\WINDOWS\HELP\STARTUP.HTM"
"c:\WINDOWS\HELP\TSCTL.HTM"
"c:\WINDOWS\WEB\Wallpaper\Windows98.htm"
"c:\WINDOWS\README.HTM"
"c:\WINDOWS\Digital Signature 20020518.htm"

No, they are not critical and can be deleted. You will lose some help and tour files but a reinstall over the top of Win98 should fix that once you have removed them.

Ok, thanks for all your help.

You are welcome blue_70517. Post back when you have a chance and let us know if this fixed your problem.

There is 1 more thing. These files still pop up. Now, I know I had them already and deleted them. I can't find them on my computer, so I think they're archived since RAV searches the archives. I can see the hidden files on my computer and they're not in history anymore.

c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\FOLDER.HT T->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003011220030113\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003062420030625\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected
c:\WINDOWS\Profiles\Kit-Kat@worldnet.att.net\History\History.IE5\MSHist012 003031420030315\FOLDER.HTT->(SCRIPT0003) - VBS/ActiveXExploit* -> Infected

Try running Housecall (http://housecall.antivirus.com/housecall/start_frame.asp) and see if it will clean them.

The online scan won't start. I do have the 30 day trial one but I've had it for a while, and it can't be updated.

OK, try the Bit Defender (http://www.bitdefender.com/scan/licence.php) and/or Panda (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) online scanner.

Bit Defender wouldn't start scanning and Panda's server wasn't working. When I tried Housecall I got an error saying Explorer cause page fault in vsapi32.dll. I also get an explorer cause invalid page fault in flash.ocx

We are running out of options here blue_70517. The Panda server is up now, give it another try. vsapi32.dll is a Trend Micro file, did you disable all AV's before running the scanner?

Panda didn't find anything.

OK, well if those files are on your PC, Killbox will remove them. You can download Killbox from here (http://download.broadbandmedic.com/). Paste the full file path of each in the dialogue box and click on Kill File. Reboot afterwards. Let us know how you got on.

I was deleting cookies and other junk to free disk space just now, and I found a folder called !Submit. I know it's a virus or something like that. Do you have any info on this?

It doesnt sound like a virus to me. Rightclick on it. What does it say in Properties?

Well, I deleted it. There was a file called folder in it which looked like the same thing as the viruses I've had before. I looked in virus encyclopedias for it and found nothing. It was made on August 22, which was the same day RAV found all those files with VBS ActiveXExploit in them.

No biggie, its not a Windows File, I suspect that it was part of an AV program, perhaps for submitting suspect files.

Still having problems. The latest are Explorer cause page fault in Flash.ocx, and Yahoo Messenger caused page fault in msvcr71.dll.

Logfile of HijackThis v1.98.2

Scan saved at 1:54:01 AM, on 8/31/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NAV\HOTKEY.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ;;;

O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL

O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SoloSentry] D:\SRNMIC~1\SOLOSENT.EXE

O4 - HKLM\..\Run: [pccguide.exe] "D:\Trend Micro\pccguide.exe"

O4 - HKLM\..\Run: [PCCIOMON.exe] "D:\Trend Micro\PCCIOMON.exe"

O4 - HKLM\..\Run: [PCClient.exe] "D:\Trend Micro\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "D:\Trend Micro\TMOAgent.exe" /run

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR

O4 - HKLM\..\RunServices: [PCCIOMON.exe] "D:\Trend Micro\PCCIOMON.exe"

O4 - HKLM\..\RunServices: [PccPfw] D:\Trend Micro\PccPfw.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: iRis AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM95\AIM.EXE

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/20a7f3a22d9334d8e402/netzip/RdxIE.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29b0d2b4627640680203/netzip/RdxIE601.cab

O16 - DPF: Yahoo! Chat 1.3 - http://cs4.chat.yahoo.com/c134/chat.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt0_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

You log is fine blue_70517. Try uninstalling and reinstalling Flash Player - see here (http://www.macromedia.com/support/flash/ts/documents/remove_player.htm). Do the same for Yahoo Messenger.

Still having problems. Internet Explorer keeps freezing, my dial-up freezes too when the internet does, Explorer still doesn't respond sometimes, and my disk space keeps disappearing.

Panda and Rav came out clean. Adaware found an about:blank hijacker which I deleted, and I erased the hijackers in my hijack this log. I usually clean my disk space all the time and even when I clean it, it decreases. I don't know what else to do.

If I were you, I would back up the data I want to keep, reformat and reinstall Win98. Sometimes it's good to make a fresh start.

Have you tried simply repairing explorer? Go to: Start > settings > control panel > add remove programs > select :Microsft Explorer Service Pack 6

sp1 and internet tools, > click it open select the repair option > restart (when it's done)

Then go directly to MS updates and install all relevant new stuff. Some will require individual install and resart.

After this, any hijacks that might be present will be either gone or far easier to remove.

I use the repair tool all the time.