Computer Commands are being ignored

I am writing again on behalf of my friend. She has a Gateway computer and is running Windows 98. It seems to be having several problems. The computer does not want to shut down. It will just ignore the command or come up with the box asking you to end task. If you end task, it just goes back to the desktop. The following things are shown to be running when I do control alt delete: Explorer, Hpoevm08, Hposol08, Wkcalrem, Systray, Starter, Rundll. I tried to delete each one and then shut down, but it wouldn't shut down. It won't let me end Explorer at all. The computer keeps freezing up when she tries to use it. I tried running some scans to see if there were viruses and adware, but it always freezes just before it lets me remove the adware. Hijack this barely worked. I can go into control panel but when I try to open add/remove software, it won't do anything. It won't let me do msconfig under run. It acts like it's processing, but it doesn't do anything at all. Any suggestions? Thanks.

 

I don't like to suggest this usually, but the PC seems to need a fresh OS
eg a re-format and new install. Maybe she wants to try and save a few files
before you do this ?
Another reason could be bad RAM memory - it may be wise to have the memory sticks tested before you consider a reformat -
a PC shop can do this for you by installing her memory card/s in one of their PCs and testing it.
regards

 

It sounds like it is full to the brim with Spyware and/or viruses.

Run this online virus scan to check for a virus.

And, since you already have HiJackThis, post back a copy of the log it creates.
Ensure that it is version 1.99, otherwise download the latest version

 

Try running the spyware scans in Safe Mode. That may get things cleaned up enough to make the computer usable enough to clean it up the rest of the way.

Just in case you need to know....to get into Safe Mode, repeatedly press the F8 key during the boot process. That will get you to the boot menu where you can choose Safe Mode.

 

Thanks for the suggestions. As soon as I can get down there I will try these ideas and get back to you. Thanks again.

 

Hello everyone. I went down and ran the trendmicro software on my friends computer. It says it has a worm_bagle.z virus. I couldn't get all the infected files cleaned. The computer is still acting the same. It won't shut down. It won't let me open anything under control panel. I tried to copy the hijack this file:

Logfile of HijackThis v1.99.0
Scan saved at 5:33:12 PM, on 01/03/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://home.netscape.com/ "); (C:\Program Files\Netscape\Users\tooters\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.balockwood.com/load.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

I also copied the startup commands:

tartupList report, 01/03/2005, 5:34:09 PM
StartupList version: 1.52.2
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

I accidently ran the UK version of the trendmicro software, but it still seemed to work ok. Does anyone have any suggestions?? I'm at a loss here. Thanks again.

 

This link describes the virus and at the bottom is a removal tool.
Download and run it.

Then, do a recheck with the online virus link.

Then, run HJT again and post back the log.

 

Thanks. I will try this and get back to you.

 

I agree. There seems to be a lot of weird stuff listed on her computer.

 

Ok, I think I got rid of the virus, but the computer is still ignoring some commands. I went in and did a windows update also to see if it would help. I can go into my computer. .. I can select control panel. .. but when I get into there, it won't let me open anything. If I right click and try to open properties. . . it won't let me. It still won't shut down by going to the start button, I have to use control alt delete. The start tool bar with the quick launch buttons is not set as we want. It has the address bar underneath it for some reason. If I get rid of the address bar. . .the rest of the buttons freeze and do not work.

Here is the log from Hijack this:


Scan saved at 4:23:37 PM, on 01/10/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://home.netscape.com/ "); (C:\Program Files\Netscape\Users\tooters\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

Thanks again for all the help.

 

Your Explorer.Exe file could be corrupted, use the System File Checker [SFC.EXE] to replace it. It may be a good idea to have it check for corrupted files, I wouldn't be surprised SetupX.Dll is found as one.
Do you have problems with the Win95 PowerToy named Quickres? It is that Display setting icon in the System Tray, and is a Control Panel item.

 

I did a system file checker, scan disk, and checked for viruses again. Everything seems to be okay. I still can't open the things I mentioned above. Help! I can't figure this one out.

 

Did you use SFC to replace Explorer.Exe?
This particular file does everything you have reported as not working, it is virtually windows itself, and SFC will not always report it as corrupted.
You need to use the System File Checker's other function, and that is to "Extract one file from installation disk ". Select that function, and enter in 'c:\windows\explorer.exe' as the one to replace. Then click on the Start button in the SFC window, not the one in the taskbar.
Another window will appear, asking where to get this file. Insert windows CD and browse to the Win98 folder, or wherever you have the windows installation files located.
Just follow the prompts, let it do whatever it asks if OK to do. You will be prompted to reboot to use this file.

 

This would be great, but I don't have a windows cd. For some reason, it didn't come with one. Any other ways to do this?

 

Look for the folder C:\Windows\Options\Cabs, sometimes the installation files are copied there, or do a Find using *.CAB to search the entire drive. Or borrow a copy of it from a friend who has the same version of windows, using a floppy to transfer, and use these dos commands to copy as windows probably will not allow to copy or rename while it is runnning.
ren c:\windows\explorer.exe explorer.old
copy a:\explorer.exe c:\windows