My very hijacked computer, help needed please :)

[Romial]

Hiya, normally I don't have any problems, but I just started using this old machine again and I thought I had it properly protected from these kind of attacks, but looks like I forgot to protect it, whoops. So anyways here's the problem I'm getting now. I'm getting an 'Explorer' error when I first boot up to desktop, I get it in safe mode too. Doesn't say what caused it though, just explorer. And here is my hijack this. This is after running ad-aware SE and it being updated. Seems like everytime I reboot, they come back. What should I do?

Oh, and I'm running WIN98SE too.

 

[RealBlackStuff]

Welcome to TechSpot

Boot in Safe Mode
UNinstall the Google-bar, it is an outdated version anyway.
Decide if you really want it again, then get Version 2. (only after cleaning up first!)

Run Hijackthis on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {CEA438E1-7BE0-11D9-B697-00A0E315BE94} - C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.crazywinnings.com
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/axe/x.chm::/update.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

When done, delete this file:
C:\WINDOWS\SYSTEM\boln.dll
and see if you have anything like d: oo.mht. If so delete as well.

Now surf to www.grisoft.com and get the free AVG antivirus. Or buy a commercial package (NOT Norton). Install it, update faithfully and run regularly.
Oh, and stop using Internet Explorer, except for Windows-updates.
Install Firefox from www.getfirefox.com and use that from now on!

 

[Phantasm66]

Or, alternatively, just abandon that installation and reinstall the operating system and all software, if you can. Immediately patch, and regularly run the tools mentioned in the post above. Backup good known system states with drive image or norton ghost, and restore immediately if you find something bad has gotten onto your machine.

To be honest, with Windows 98, you are kind of fighting a loosing battle. Its not maintained with all of these up to date security fixes anymore, meaning things that exploit well known flaws can be used often to do horrible things to boxes like yours.

Problem is, if its an older machine and you install XP, so you can get all of these updates, it will probably run like crap on your machine.

If you follow the steps in paragraph one you might be OK for a while.

You might want to think about buying a new machine. If you are just an occassional web surfer, etc then there are some really good cheap notebooks on the market right now. You might want to upgrade the RAM, but that's cheaply done as well.

 

[Romial]

Well I'm not gonna use firefox and I'm not going to reinstall windows. So other than that, I did as you said. I worked on it a little myself and ran an anti-virus and got rid of the explorer error pop up box. I don't know how to UNinstall the googletoolbar as when I go to add/remove programs, google isn't on there. But there is a folder in the program files that only has 1 file in it, and that is Googletoolbar1.dll Should I delete that and let hijack this fix everything google, then update to the newest one? Also, why am I loading at 640x480 and only with 18 colors? I know this is an old computer, but it used to run on 800x600 and 32 bit colors, and everytime I try to fix it and hit reply, it wants me to restart and when I restart it doesn't change. And why am I being asked to log in everytime I load windows? That didn't happen before either, how do I fix that? So that's the only probs I have right now. I'm including the newest hijack this file too.

 

[RealBlackStuff]

To uninstall (or update) the Google Toolbar, look here: http://toolbar.google.com/faq.html

Looking at your new logfile, did you mark ALL the indicated HJT items?

Boot in Safe Mode again and let HJT 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {CEA438E1-7BE0-11D9-B697-00A0E315BE94} - C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Rightclick anywhere on the desktop, select Properties/Settings tab. Move the slider to 800x600 and select the number of colours you want. Confirm.

Go to MS website and get Tweakui for W98. Install it. Then run it from the Control Panel. Go to tab Logon and click the appropriate box.

And if you get infected again, remember what we said about Firefox!