Trying to fix buddy's PC

[MikeyIs4Dcats]

Ok, buddy's PC has 26 virii and got them cleaned off. It was throwing TCP/IP errors and couldn't access the net, and one of the proggy I remove was New.net whiuch is notorious for corrupting Winsock. One oif the errors says it can';t start ICMP.dll, but haven't had any luck on Google with that.

I've reinstalled TCP/IP and runa WinsockFix, butr still no go. Any ideas?

IE opens briefly, then closes.

This is on a Win98SE machine.

 

[MikeyIs4Dcats]

anyone?

 

[Rookie]

you can check your TCP/IP stack by pinging 127.0.0.1

if this works, TCP/IP is installed properly.

 

[FlyingPenguin]

If you've run the TCP/IP Fix then I'm stumped.

Can you ping www.yahoo.com? If you can then it's an IE issue not a TCP/IP or DNS issue. Try Firefox and see if that works.

You mentioned IE opens briefly and then closes. Probably IE is corrupt or may have malware attached to is as a BHO or a DirectX plugin. If it was as badly infected as you indicated, there's probably still a LOT more malware in there.

Please refer to my detailed spyware removal (this also covers BHOs and DirectX plugins): http://theflyingpenguin.com/spyware-removal.shtml

If the IE core files are corrupt, in XP there is no way to re-install IE except to perform a Windows Repair install, but I would make sure the system is totally clean first. Any BHOs or DirectX plugins will be carried over.

It might just be time for a format and clean install.

Hope this helps...

 

[MikeyIs4Dcats]

Originally posted by: FlyingPenguin
If you've run the TCP/IP Fix then I'm stumped.

Can you ping www.yahoo.com? If you can then it's an IE issue not a TCP/IP or DNS issue. Try Firefox and see if that works.

You mentioned IE opens briefly and then closes. Probably IE is corrupt or may have malware attached to is as a BHO or a DirectX plugin. If it was as badly infected as you indicated, there's probably still a LOT more malware in there.

Please refer to my detailed spyware removal (this also covers BHOs and DirectX plugins): http://theflyingpenguin.com/spyware-removal.shtml

If the IE core files are corrupt, in XP there is no way to re-install IE except to perform a Windows Repair install, but I would make sure the system is totally clean first. Any BHOs or DirectX plugins will be carried over.

It might just be time for a format and clean install.

Hope this helps...

I've run winsockfix to no avail. I am unable to ping 127.0.0.1 which is a sign it's not winsock, right?

When I try to ping I get ""The ICMP.dll file cannot start. check the file to determine the problem". I also get that error on reboot.

Any ideas? I've run spybot and Antivir, and thought I got everything cleaned off, but I'll doublecheck with your link.

 

[MikeyIs4Dcats]

Here's the HiJackThis log, see anything funny?

Still not net access. I think it's realted to winsock, but tried reinstalling some download wsock32.dll files to no avail. Still getting ICMP.dll error when I try to ping or access the net.

Logfile of HijackThis v1.99.1
Scan saved at 8:35:22 PM, on 09/15/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCAN\HPLAMP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = À% lÐö9ÔÝz
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: inni.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll

 

[mechBgon]

Internet Explorer 5, huh? Might want to update that 😉

What antivirus program(s) did you use to scan with? What is presently installed? Be specific about the version or year of the product, since that's relevant to what it can do.

edit: if it were me, I'd simply nuke it, reinstall Windows from scratch, and get it set up as tightly as practical. Google for "unofficial Windows98 service pack" for one handy resource, and also you want IE6, DirectX 9.0C, Sun Java, and probably Windows Media Player 9 For Win98.

 

[FlyingPenguin]

If you can't pin 127.0.0.1 then TCP/IP is completely non-functional. That's the local port. You have serious problems. Just removing some background app isn't going to fix it. Your networking drivers are screwed up.

I just realized you're running Win98. The TCP/IP Fix doesn't work on Win98.

Did you have a firewall installed by any chance? Norton's firewall can cause a problem like this if improperly uninstalled.

 

[mechBgon]

Maybe the one from this page could help, they state that it's for Win98/ME. I'd still bomb, though :evil:

 

[MikeyIs4Dcats]

Originally posted by: FlyingPenguin
If you can't pin 127.0.0.1 then TCP/IP is completely non-functional. That's the local port. You have serious problems. Just removing some background app isn't going to fix it. Your networking drivers are screwed up.

I just realized you're running Win98. The TCP/IP Fix doesn't work on Win98.

Did you have a firewall installed by any chance? Norton's firewall can cause a problem like this if improperly uninstalled.

they had Norton installed at one point...and adaare, and spybot, and the Shield.....I think that was part of the problem, too many apps fighting each other.

They also had 29 virii, and tons of spyware. Go figure. By the time I got it, it was throwing a BSOD every couple of minutes, and it's been hell trying to work on it without net access and now a floppy thats failing/failed.

 

[MikeyIs4Dcats]

Originally posted by: mechBgon
Maybe the one from this page could help, they state that it's for Win98/ME. I'd still bomb, though :evil:

thats what I've tried.

 

[MikeyIs4Dcats]

If I get him to spring for an XP Upgrade, will that fix any issues or does he need a clean install? He has software on here they may need but probably don't have the discs for.

 

[RBBRMADE]

Do all below at your own risk!

From HJT:

Don't know what inni.exe is:
O4 - Startup: inni.exe
I would remove it.

The proxy server setting looks fubar. You should be able to remove this:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = À% lÐö9ÔÝz
That may straighten out your internet connection.

Remove this:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Did you run Winsockfix for 9x ? (not XP?)
Run it again after changes, it should fix it.


You can also try IEFix if all else fails.
http://www.jayloden.com/software.htm

Did you do ALL your cleaning in SAFE mode?
Did you delete all the temp files?
Did you run CWShredder?
Did you run more than one online virus scanner?
Try Sysclean from trendmicro (www.antivirus.com) You can DL it to another PC, and then run it in safe mode on the infected system.
Did you check msconfig?
Did you look for and uninstall any malware in Add/Remove programs?

There are MANY, MANY steps to successful virus and spyware cleaning!

Good Luck,
Ron

 

[FlyingPenguin]

I think you're looking at a clean install. Even if you get it working, it sounds like there will be no guarantee that you've cleaned all malware and virus out of it. I do this for a living. I hate doing a format if I don't have to, but sometimes it's just not worth it.

If you talk him into WinXP definately do a clean install. I wouldn't even consider upgrading a corrupt install of 98. Make sure to delete the partitions after you've backed up his data. Matter of fact, to play safe, I'd zero the drive in case there's a boot sector virus on it.