Please look over this log-file "Karen Pc"

I work on a family old Pc mostly maints on it, so i like you all to check it please:

===========
Logfile of HijackThis v1.98.0
Scan saved at 9:56:43 PM, on 7/9/04
Platform: Windows 98 Gold (Win9x 4.10.199
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\MY DOCUMENTS\ANTSPY-ADWARE TOOL\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\BABEIE.DLL (file missing)
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O2 - BHO: Tracker Class - {C7ADE150-743D-11D4-8141-00E029626F6A} - C:\WINDOWS\SYSTEM\NETPAL.DLL (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_34.dll
O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\LWZ.DLL
O2 - BHO: FOne Organizer Class - {000000F1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\FONE.DLL
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL (file missing)
O2 - BHO: EMES X Class - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\SYSTEM\EMESX.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [duzkn] C:\WINDOWS\duzkn.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Fix-It.lnk = C:\Program Files\VCOM\Fix-It\mxtask.exe
O4 - Startup: Resource Meter.lnk = C:\WINDOWS\RSRCMTR.EXE
O4 - Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
============================
its a really old system windows 98 system dated 97 it did have KaZaA in it i remove it what i could find in it. their son had it before they got it.

 

Hi Chief ADFP

First update or download CWShredder to version 1.59.1
CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
Use the Fix button and follow the instructions you will receive.

Newdotnet

http://www.newdotnet.com/#remove

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\BABEIE.DLL (file missing)
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O2 - BHO: Tracker Class - {C7ADE150-743D-11D4-8141-00E029626F6A} - C:\WINDOWS\SYSTEM\NETPAL.DLL (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_34.dll

O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)

O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\LWZ.DLL

O2 - BHO: FOne Organizer Class - {000000F1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\FONE.DLL

O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL (file missing)

O2 - BHO: EMES X Class - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\SYSTEM\EMESX.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE

O4 - HKLM\..\Run: [duzkn] C:\WINDOWS\duzkn.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


O11 - Options group: [CommonName] CommonName

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab

NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:

C:\WINDOWS\SYSTEM\MSBB.EXE
C:\WINDOWS\duzkn.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\SYSTEM\wucrtupd.exe

Then reboot and use AdAware as described :
HERE

Go for free online Virus scans here:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

Download this tool: http://www.cexx.org/LSPFix.exe and save anywhere on your computer - IF you should need it.

 

sorry i been updating the system anyway did most what you said to do above this is a update:
==========================================================
Logfile of HijackThis v1.98.0
Scan saved at 8:15:36 PM, on 7/10/04
Platform: Windows 98 Gold (Win9x 4.10.199
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHQUICK.EXE
C:\MY DOCUMENTS\ANTSPY-ADWARE TOOL\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Fix-It.lnk = C:\Program Files\VCOM\Fix-It\mxtask.exe
O4 - Startup: Resource Meter.lnk = C:\WINDOWS\RSRCMTR.EXE
O4 - Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

going to them with site to do the rest of your post above. have a look over the update log file and thanks.

 

ok i use this item it listed:
rnr20.dll DSN Name Space Provider.
mswsosp.dll (Protocol Handler)
msafd.dll (Protocol Handler)
rsvpsp.dll (Protocol Handler)
MxAVLsp.dll (Protocol Handler)

What one do i keep and remove? above using LSPFix.exe

 

As far as I can see ALL dll's are valid. Did you have to use the LSP-Fix?? It was ONLY meant IF your internet connection would be disrupted as it can happen if you remove NewDotNet and\or Common Name.

Your log looks clean to me.

Any problems ?

 

i have been getting a popup saying:
======================
TcpCtrIGetDnsaddress:
getNetworkParam error: 50
=====[OK]=============


with a click-on "Ok" in it.
it been poping up when i connect to the internet don't what it is? or how to fix this one?



http://instagiber.net/smiliesdotcom/contrib/dday/wink.gif

"by the way thanks you all for your help getting Karen Pc going good its really on the low end of the OS as they get pcpitstop.com rated: 24 on their scale. at this time we are trying to help them out to get this Pc system going good up to now remove total of 479 spyware/adware/trackers/dialer/browers hijack. really a big thanks to you all"