help

HijackThis is the last step and we have rules about how and when to post a log. In additon, you have an old version of HijackThis. Please get updated.

Please follow all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing the above, get the below tool and run it:

OmegaKillerSM v1.2

Place it in its own folder - C:\Progam Files\OKSM and run it Twice.
Let me know if it finds things.


Now if still having problems (and I believe you will be), you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT Version 1.98.2 and follow the guideline on where to install it and how to post a log as an attachment.

Then see this link if still having problems: When all else fails - Generic Solution to HSA (Only the Best) & about:Blank hijack Because you do show signs of this hijacker in your log and this may be the next step.

 

You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment.

By the way we recommend removing XoftSpy! It is on a list of rogue suspect spyware removal products. See this link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

Download and run virus scan program list in the Alternative Scans - If still having problems section of the READ ME FIRST thread.

a-squared (a²) Free edition free but requires an email address to register

It may take care of that virus problem. The follow the steps below.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rqczb.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scvmaxonline.com.sg/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rqczb.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250/all.chm::/all.exe
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} (InstControl Class) - http://neo-toolbar.com/Inst.cab

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\rqczb.dll

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Can you please give more specific information about this popup you are talking about? What does it say exactly (word for word)?

 

You cannot click the Details button at all?

Let's try running System File Check (sfc). Click Start, click Run, type sfc.exe in the Open box, and then click OK. See if it complains of any missing system files. If it does, you will need your Win98Se CD to restore them from.

Also, have you run a recent scandisk on this PC?

 

System Sentry might be able to fix this:

http://www.majorgeeks.com/download171.html

 

MA,

ltensail1 has Windows 98 Se. I believe System Sentry will not work with Win9x platforms.

 

To run scandisk, you double click your MyComputer icon, then right click the drive in question (I asssume C) and then select Propeties, Tools, Error-Checking. You now have the choice of Standard and Thorough scans. Start with Standard and see if it finds anything.

For the error message:

Click Start, click Run, type msconfig in the Open box, and then click OK.

On the Msconfig General tab, click Selective Startup, and then click to clear the following check box:

- Load Startup Group Items

- Click OK, close Msconfig, reboot.

Now does the error message still occur?

If it does, you will need to continue going up the list deactivating things on the list then rebooting? The below two links should be helpful in doing this:

How to Troubleshoot Using the Msconfig ...Windows 98

How to Perform Clean-Boot Troubleshooting for Windows 98