Please help!

[Bubba]

Quote:

Originally Posted by Sharmoogle

I hope I don't crash the computer or something like that

Oh this should be fun

Would you look in the registry for the below registry key in bold....and if you feel comfortable with doing this....I would like for you to export that registry key and then delete that registry key for safe keeping....reboot your PC....and see what happens.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

[Sharmoogle]

I am really clueless about this, but I could not find a registry key like you are describing in bold. I did find, however, a text file with the words Run Services Once while running my computer's safe mode.

Also, there is a hidden folder that I found in safe mode that's titled Install Shield and it appears to be linked to the cable modem program files that I downloaded. Spyware Blaster seemed not to work after I downloaded these cable modem program files. I'm wondering if this Install Shield could be a problem?

For one bit of good news; I was able to delete a line from Hijack This, the one with the ip number setting. I changed a safe website setting under IE security settings. The other Hijack This ip number line appears to be related to the cable modem setting and this is where I may be having the problem.

Sorry that I've been unable to respond sooner.

[Sharmoogle]

I just visited Castle Cops and Norbie left some more instructions.

[Sharmoogle]

Since I changed my browser, I can no longer log in at Castle Cops with my user name and password, as I keep getting the log in window and I cannot post any replies.

Here is the latest Hijack This log file after following Norbie's instructions: downloading IE 6.0, all critical and security updates, then running the crap cleaner. I hope Norbie can read it here! Should I fix anything?

Logfile of HijackThis v1.99.1
Scan saved at 7:13:57 PM, on 4/6/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHISNEW\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.qwestinternet.net"); (C:\Program Files\Netscape\Users\sharon\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\MCAFEE.COM\SHARED\MCAPPINS.EXE /v=3 /cleanup
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab

[snowbound]

Not sure why u can't login over at CastleCops but as for posting your HJT log here, it's not allowed anymore. Therefore it will be removed later.

More info here,

http://www.wilderssecurity.com/showthread.php?t=42148


snowbound

Hi,

I Pmed Norbie asking him to have a look here.I copied your last HJT log for him

HTH

PS you have to allow CC's cookie to be able to post there

[Sharmoogle]

Thank you, Claire. Much appreciated!

[norbie]

Hi Sharmoogle,

Sorry about this. Your Hijackthis log looks clear now, and I expect the reason you can't login to Castle Cops is related to using Crap Cleaner to clean out all your cookies.

Have you tried following the instructions here? http://castlecops.com/postt5448.html