I was told my that this post is suppose to be in the security and virus section. So I do apologize if any of you are viewing it as a double post. Also I apologize for this post being so large. But because it takes me about an hour just go get this page to load--I wanted to put all info that I could think of on this page.

Good day, This has been a horrible week for me and my cpu. It started with the cspad homepage. I read many threads and finally got rid of it. But on the same day I felt I had a virus. Because several windwows would open by themselves. When i clicked on ctrl atl del I noticed something called smili, winoldap, and some other things. I downloaded moo soft's The Cleaner. It detected several problems like coolwebsearch and several other things. I thought I saved the log but I can't find it. Anyways i'm not familiar with all the tech stuff. So I choose to quarintine the trojans. Did I do the right thing or should I choose to delete?
Also my homepage keeps resetting to about;blank It's really agrivating me because I needed to do a report on my cpu but it has taking me almost 2 hours just to get to computing.net Ads keep popping up and my yahoo pop up blocker keeps disappearing.

I try'd downloading mcAfee and Norton but it'll download and then tell me couldn't complete installation because a file is missing. So I try'd going to House Call (the online virus scan) and everytime I get there I get an error message and windows restarts. I have ran spy-bot, cwshedder, hijackthis, moo soft cleaner, and ad aware. They all find malware, etc... and says it's removed but then it keeps coming back after I restart.

The worse part has been when I get online. When I click search or enter the ie will freeze for about 5 minutes. That's why it's taken me so long to get to computing.net today. Many times when I click enter or search or click on a link to go to a page----The system will freeze for 5 minutes and then go to a porn page or never load. I have noticed that when I right click and open link in a new window things work fine. But when signing in at computing.net, yahoo, etc... You can't click open link in a new window. So I have to cick enter or go and it takes 5 minutes to either go to the link or some porn site.

I apologize for this long message, let me try and sum it up

Something has hijacked my homepage.
I can't finish installing virus software.
I had some trojans and clicked quarantine.
But cpu is still freezing when I click enter, search, go, or on a link. It freezes for about 5 minutes then some porn sites pop up or the page never loads.

I also try'd to download a picture editor and after downloading about half way through the installation it said installation couldn't finish file missing.

The same problem happened when trying to install virus software. I don't know if this is the result of malware or trojans or if I deleted the wrong file using hijackthis.

I have ran moo soft's The Cleaner, Spy-bot,Ad aware, cwshedder, and hijackthis.

I'm not having problems with any other programs on my cpu--only when i'm using ie. And the main problem is clicking on a link, enter, go, etc... But when I can click open link in a new window everything works fine most of the time. Also pop up block keeps disappearing, homepage resets to about blank, and clicking on certain links makes a bunch of porn sites pop up.

Here are my ad a ware and hijackthis logs. I think I may have got rid of cspad but something else is on my cpu making it act crazy. Thanks very much.

I'm using a gateway pentium2 9gb, win98se. I'm online using bellsouth dsl 2wire. 192mb and 68% free.
while typing this i'm currently running moo soft the cleaner scan again. I got a message saying windows temp does not exist create it yes or no? It ask me this everytime it finds a virus this time i clicked yes create it. The trojan it found is JS Cassandra. The file c:\windows\temporary internet files\content.ie5\8bjzucl5\speed[1].gif cannot be displayed. The file has been quarantined.

These were the dangerous files that ad aware found. I clicked on quarantine.

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

BuddyLinks Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{7D39A396-CBB8-4739-B97C-83FAA4682E00}

ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_USERS
Object : .default\Software\PurityScan

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\PurityScan

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ClickSpring

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : asd3.testmyie2

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : asd3.testmyie2.1

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{fd9bc004-8331-4457-b830-4759ff704c22}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject.1

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{129c733d-d07c-4e34-a5e6-d675a016cfae}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4fc95edd-4796-4966-9049-29649c80111d}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\WhenU

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSE.1

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSN.1

Win32.Backdoor.Jeem Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SYSTEM\CurrentControlSet\Services\Swartax

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 1c3943

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 4lkf83

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : vk8593

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 2340v93

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 4c34

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : c0948273

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 398349873

And this is my last hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 1:28:28 PM, on 06/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\2WIRE\GATEWAY\2PORTALMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\THE CLEANER\CLEANER.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O2 - BHO: (no name) - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - C:\WINDOWS\SR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\GATEWAY\2PORTALMON.EXE
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [a²] "C:\PROGRAM FILES\A2\a2guard.exe"
O9 - Extra button: PowerWord (HKLM)
O9 - Extra button: Joyo (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O15 - Trusted Zone: http://www.mt-download.com
O15 - Trusted Zone: http://www.myexexex.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab

Sorry for this long post and I appreciate your time and help.

First prompt: A:\>Fdisk /mbr

Next prompt: A:\>Format C:

Iligitimi non carborundum est

I agree with Wombat, reformat that drive and get that sh*t off of there. It sounds like you have a lot of problems. If you do reformat don't have your pc hooked to the internet until you have your firewall installed and your anti-virus running.

Honey X 030811
k7S5a Pro rev. 5
XP 2400+ @2200ghz Thoroughbred-B
Crucial PC2100 ddr 768
Radeon 9000 64 mb
Maxtor 40g (32g)
Coolmax "Taurus" 450w PS
Asus QT CD/RW
Samsung DVD<br

well i dont agree with the 2 post above there as formating the harddrive should be only as a last hope..

what i mean by that is if u got a second hard drive..1gb or 2gb backup drive; install any OS on it with up-todate antivirus...eg: avg 6.0. free edition. then hookup your infected harddrive as second master and run antivirus from first master harddrive.

with that in mind should clear up any viruses trojans worms that are keeping u from installing protection on your 1st infected computer.

now if u think it takes time to do this..u would be right..there is no shortcuts but your outcome is u will be able to keep the files on first harddrive.if u feel u cant do this or dont have a spare harddrive then

yes formatting your harddrive is your only hope then and only then do i agree with formatting drives.

p.s. viruses are software..software can be deleted.

good day

driver24,

It's easier to remove the malware files than reformatting your hard drive especially if you don't want to lose your data. Reformat only if your boot records have been damaged beyond repair or for planned maintenance procedure. Since it doesn't appear that your boot record is damaged because you still have limited access to your browser, you should remove the security threats and boost your pc security protection instead. This is also an opportunity for you to learn about pc security threats, maintenance Windows 98, and how to protect your computer.

BTW, your operating system is Windows 98 SE not pentium 2. Pentium II is the type of chip and processor speed.

Here is what I recommend you do if you haven't formatted your hard drive:

1. Remove all files in the following three folders:

c:\windows\Cookies [you can't delete index.dat]
c:\windwos\Temp
c:\Internet Temporary Files
Empty Recycle Bin

2. Since you can't install or run an antivirus program to completion, you have to disable a few programs from running at startup and rename your hosts files so you can run at least one antivirus to completion and hopefully at the same time, identify a few malware programs.

Identify and disable malware programs from running at Windows startup, go to your System Configuration Utility. Click Start. Select Run. Type, msconfig.

Click the Startup tab, for now, do your best to write down and disable any obvious non-legitimate files from running at startup. If you have any doubt, just leave the file checked. Write down any files and paths you've disabled in the Startup tab. If you disabled any files, click Apply. When prompted, don't restart the pc.

Still in msconfig, click the General tab:
Check the Selective Startup but disable "Load startup group items". Click Apply. Click OK.
When prompted, don't restart the pc.
Exit msconfig.

3. Rename hosts files

Right-click on Start. Select Find...
Do a Find of all qhost files.
In the Find: All Files dialog box, search on the hard drive where Windows is installed and type in the Name box, hosts

Rename and add the word "old" to the hosts filenames.

For example, I had only two hosts files on my computer: Hosts.sam and Hosts (one file with an extension and the other without). I added the word "old" to the end of both filenames before the extension and renamed the two files to: Hostsold.xxx and hostsold.

4. Restart the pc.

5. Install and run either free Norton or Trendmicro Antivirus, or install any antivirus of your choice if you can. See if you can run the antivirus to completion and have the software remove any malware programs.

Any files can't be removed by the antivirus, you will have to remove manually. Since I use both Norton and Trendmicro antivirus, I search the detected malware in either Support Search Engines for maunal removal instructions.

6. Go to www.sysinternal.com and install the third party Task Viewer for Windows 98 SE if you can. This software helps you identity the processes running in your Task Manager, so you can identify, notate, and stop any non-legitimate and suspicious programs from running in memory so you can remove them in the Windows directory and registry.

Open Task Manager by pressing CTRL+ALT+DEL. With the help of Process Explorer, identify and write down all identified malware programs and file paths down by "end task" one malware program one at a time. Repeat the End Task procedure untill all identified suspicious programs have stopped running in Task Manager.

Depending on the file, you will have to remove them usually from the stated Windows directories, the System and/or Program Files Folders, and the registry.

Some identified malware files you won't be able to delete from the Windows directory until you disable them from msconfig Startup tab first. Once you disabled one identified malware file from msconfig Startup tab and without restarting your pc, delete the malware files from the specified directory. Repeat until all malware files have been identified and disabled from running in msconfig Start up tab.

7. Clean out your files, run Ad-aware, and then antivirus a few times. Repeat and update your antivirus definition until all security threats have been removed.

8. Do the usual cleaning and maintenance routine (for example, you can delete old hosts files) once pc is free of malware files. Then, scandisk and defrag your hard drive and create a backup for your system and data files.

9. Run Windows Update to install critical security patches for your browser and OS regularly.

http://v4.windowsupdate.microsoft.com/en/default.asp

10. www.support.microsoft.com also offer 3 essential ways to protect your data and computer. Be selective with your choices of software. Downloading and installing software from unreliable sources is one way of getting infected with malware and spyware. Once you run the Windows security update, take the time to research for a Firewall.

11. Run Windows Office Product Update as well when Step 9 is completed successfully.

NOTE: You may have to uninstall/reinstall Windows Media Player after running the Windows Update and installing patches if you have it installed.

12. Once everybody is happy and every program is running as expected. Go to msconfig General tab and Startup tab and enable your Startup programs.

Correction:

For IE temp directory in Step 1,
c:\Windows\Internet Temporary Files

Step 10: Be selective with choices of software because it takes time to learn to operate and update software in addition to updating Microsoft software.

Hey guys, I apologize for my laaaaaaaaaaate response. I never had the chance to check and see your responses. To make a long story short I may have deleted the wrong program with hijack this or the virus screwed up my cpu. My cpu froze I turned off power and once I rebooted it kept going to the windows installation screen. I couldn't get passed it. So I took it to a repairman. He put in a new hard drive and connected it how viruskiller 101 mentioned. I downloaded avg and it found like 35 viruses on my old hard drive. All my files were saved. Thanks to all you for your responses and help. I never came back to this post when my cpu was fixed. I had posted it in the wrong section and probably thought I would see a bunch of double posting comments on it. I got an email today from another member giving some great tips. That made me comeback to this post. I thank everyone. And Nicky D. peace