I've read your "Before You Post" instructions and tried a few things suggested in the forum but am unable to make much progress so I hope you can help.
I am running Win 98 SE, my browser is IE 5.0 (i'm unable to access anything in the IE format so I'm using Netscape 7.1 presently).
So far I've done the following:
- installed and ran Kapersky AV ver 5.0.372 which cleaned a lot of stuff but not all as I am now receivng a pop-up saying the Lovesan virus from address68.145.227.111 is attacking my computer but has been successfully repelled
- installed the Smitfrad.reg fix which has apparently wiped out my WININET.dll file as I don't think there was a problem there before. (I've done a file search and no WININET files were found and "show all hidden files" has been activated through My Computer). This got rid of the message about the virus on the desktop but the blue screen is still there and none of my icon items work when I click on them ie.) "Explorer has performed an illegal operation... etc."
- enabled all start-up functions and produced a Hijack This log which I will post below
- downloaded and tried to run cleanup.exe, Adaware, Cw shredder, and Spybot but none of them will function because the required WININET.dll "was not found" to run the programs.
In addition, when I first turn on the computer and after the desktop loads I get the following pop-up message: "Cannot find Import, dll maybe missing, corrupt, or wrong SHLWAPI.dll, function 'SHRegGETPath A'" (error 120). A file search shows there are two SHLWAPI.dll file extensions in my directory, so I don't know what's going on here.
To say I'm more than a little bit frustrated with this problem and Internet Explorer would be an understatement! If and when iI get these problems corrected I think I'll switch to the Firefox browser as I understand it is much more secure. Your advise on this would also be appreciated.
So, here is my most recent Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 9:11:24 AM, on 6/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\WINDOWS\SYSTEM\HOOKDUMP.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\TOOLS\REXPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACK THIS\HIJACKTHIS NEW 062505.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://
R1 - HKCU\Software\Microsoft\Internet Explorer,www = http://
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rense.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.152.119.34:14524
F1 - win.ini: run=C:\WINDOWS\svcinit.exe C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\IR.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [cmssSystemProcess] c:\windows\system\cmss.exe
O4 - HKLM\..\Run: [Golum] C:\WINDOWS\SYSTEM\golum\services.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\SYSTEM\dktime.exe
O4 - HKLM\..\Run: [mmeodfd] c:\windows\system\mmeodfd.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [xxyy] C:\WINDOWS\SYSTEM\XXYY\CPGKIMGC.EXE
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\SYSTEM\dktime.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\SYSTEM\6080.EXE
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\hookdump.exe
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...edceabcca450006
O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash....ViewerCab02.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {BB86B550-9B1A-4666-824C-E78F0CD0CC4C} (ShortCut Class) - http://yasibozi.com/...keShortCut2.cab
O19 - User stylesheet: C:\WINDOWS\system\vossfu.jfk (file missing)
O20 - Winlogon Notify: style2 - C:\WINDOWS\Q17583396_DISK.DLL (file missing)
Thank-you very much for any assistance you can provide in helping me resolve these problems.