I am unsure as to what the exact infection is but regardless of a variety of options I have been unable to clear the system of whatever damage has been done. I had been reading from your forum and hope that perhaps you will be able to shed some light on fixing this problem.
I began having a problem with Security iGuard I believe. It appeared and the problems began. I followed advice in removing it through various scans, though I am not sure it is gone. My display settings and internet options keep changing as I will receive Display setting errors when starting the PC. My Internet options are changing as the start page I select and apply are changed to a blnk page. There are also several additiong to My Favorites List that no matter how many times deleted, etc return at the next boot or restart. There is a box that appears entitled 'Info" which simply lists a short series of letter and numbers and an 'OK' tab. I have not clicked ok on it but instead ended the program through CTRL-ALT-DEL. Once that program ends a red shield appears in the lower right hand start-up menu which brings about a ballon that tells me my PC is infected by spyware and if I would like to know how to remove it. I have not clicked on it either, but instead ended it in the same manner as the 'Info" program.
I have done the following steps after checking your page on HiJackThis logs:
1) Downloaded and ran CleanUp
2) Downloaded, Uploaded and ran Ad-Aware SE
3) Downloaded and ran the CW Shredder
4) Downloaded, Uploaded and ran the Spybot S&D
5) Downloaded and ran AVG Virus Scanner 7.0 after updates numerous times(as this is the virus scanner that I normally use on the system).
6) Tried scanning in safe mode and the reboot testing
7) DownloadedHiJackThis and ran log which is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 3:47:17 PM, on 6/3/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NAV\HOTKEY.EXE
C:\WINDOWS\NETND.EXE
C:\WINDOWS\NTLG.EXE
C:\WINDOWS\SDKON32.EXE
C:\WINDOWS\ATLNV.EXE
C:\WINDOWS\SYSTEM\WINEM.EXE
C:\WINDOWS\SYSTEM\JAVADU.EXE
C:\WINDOWS\SYSTEM\MFCDT32.EXE
C:\WINDOWS\SYSTEM\NETSZ32.EXE
C:\WINDOWS\SYSTEM\SYSUH32.EXE
C:\WINDOWS\SYSTEM\SDKTH32.EXE
C:\WINDOWS\SYSTEM\ATLWR.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\WINDOWS\SYSTEM\CRFF32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\REAL\PLAYER\REALPLAY.EXE
C:\WARNER\WARNER.EXE
C:\CYBERTRIO\SHOWMODE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\JAVAYJ32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\VCI\SEARCHBYMEDIA\SBMPOP.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\WINDOWS\NETND.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SDKTH32.EXE
C:\WINDOWS\WINKZ.EXE
C:\WINDOWS\SYSTEM\NETSZ32.EXE
C:\WINDOWS\SYSTEM\MFCGV32.EXE
C:\WINDOWS\SYSTEM\CRFF32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe
O2 - BHO: Class - {13B088F6-86FB-77EE-19B2-0785516A699D} - C:\WINDOWS\SYSTEM\IPDH.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [RealTray] C:\PROGRAM FILES\REAL\PLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Warner] C:\Warner\Warner.exe
O4 - HKLM\..\Run: [CyberTrioModeInfo] C:\CyberTrio\ShowMode.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [WINON.EXE] C:\WINDOWS\SYSTEM\WINON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [JAVAMQ32.EXE] C:\WINDOWS\SYSTEM\JAVAMQ32.EXE
O4 - HKLM\..\Run: [JAVAYJ32.EXE] C:\WINDOWS\JAVAYJ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR
O4 - HKLM\..\RunServices: [NETND.EXE] C:\WINDOWS\NETND.EXE /s
O4 - HKLM\..\RunServices: [NTLG.EXE] C:\WINDOWS\NTLG.EXE /s
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE /s
O4 - HKLM\..\RunServices: [ATLNV.EXE] C:\WINDOWS\ATLNV.EXE /s
O4 - HKLM\..\RunServices: [WINEM.EXE] C:\WINDOWS\SYSTEM\WINEM.EXE /s
O4 - HKLM\..\RunServices: [JAVADU.EXE] C:\WINDOWS\SYSTEM\JAVADU.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WINDOWS\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [NETSZ32.EXE] C:\WINDOWS\SYSTEM\NETSZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSUH32.EXE] C:\WINDOWS\SYSTEM\SYSUH32.EXE /s
O4 - HKLM\..\RunServices: [SDKTH32.EXE] C:\WINDOWS\SYSTEM\SDKTH32.EXE /s
O4 - HKLM\..\RunServices: [ATLWR.EXE] C:\WINDOWS\SYSTEM\ATLWR.EXE /s
O4 - HKLM\..\RunServices: [NTFM.EXE] C:\WINDOWS\SYSTEM\NTFM.EXE /s
O4 - HKLM\..\RunServices: [CRFF32.EXE] C:\WINDOWS\SYSTEM\CRFF32.EXE /s
O4 - HKLM\..\RunServices: [WINKZ.EXE] C:\WINDOWS\WINKZ.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBMPop.lnk = C:\Program Files\vci\SearchByMedia\SBMPop.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
Thank you for taking the time to assist me in this matter. I look forward to your reply.
Anmchaid