Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something amiss

Started by arterial , Mar 14 2006 03:28 AM

  • This topic is locked This topic is locked
16 replies to this topic

#1 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 March 2006 - 03:28 AM

Hi
My son has returned to me a strange email which apparently originated from my computer. It had the subject: &Y, The cc: contained 4 addresses from my address book, including his and ther was a Winmail.dat attachment. There was no message! I am not aware of having any other problems.

I have run current versions of Adware; found a few items as usual, Spybot; did not find anything AGV; nothing found, Trend online checker; nothing found, Panda online check, found a number of items, see file below. I also include the HiJackThis file.

Hope you can help.
Regards
Arterial

Activscan.txt..............

Incident Status Location

Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\TEMP\biini.inf
Adware:Adware/BlazeFind Not disinfected C:\WINDOWS\TEMP\bar.exe
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\ajp@tucows[1].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\ajp@tucows[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\ajp@offeroptimizer[2].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\ajp@www.web-stat[3].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\ajp@www.web-stat[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\ajp@com[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\ajp@xmts[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\ajp@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\ajp@xmts[3].txt
Spyware:Cookie/WebPower Not disinfected C:\WINDOWS\Cookies\ajp@webpower[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\ajp@xiti[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\ajp@www.myaffiliateprogram[3].txt
Spyware:Cookie/Outster Not disinfected C:\WINDOWS\Cookies\ajp@outster[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\ajp@www.myaffiliateprogram[2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\ajp@tucows[2].txt
Spyware:Cookie/Mircx Not disinfected C:\WINDOWS\Cookies\ajp@pop.mircx[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\WINDOWS\Cookies\ajp@abetterinternet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\ajp@c2.gostats[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\ajp@xiti[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\ajp@xmts[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\WINDOWS\Cookies\ajp@abetterinternet[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\ajp@ccbill[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\WINDOWS\Profiles\Alistair\Application Data\Mozilla\Firefox\Profiles\default.qh0\cookies.txt[]
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@tucows[1].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@tucows[3].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@www.web-stat[3].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@www.web-stat[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@com[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@xmts[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@xmts[3].txt
Spyware:Cookie/WebPower Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@webpower[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@xiti[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@belnk[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@www.myaffiliateprogram[3].txt
Spyware:Cookie/Outster Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@outster[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@www.myaffiliateprogram[2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@tucows[2].txt
Spyware:Cookie/Mircx Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@pop.mircx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@c2.gostats[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@xiti[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@xmts[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@dist.belnk[4].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\ajp@ccbill[2].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@c3.gostats[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xiti[1].txt
Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@kount[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@anm.co[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@com[3].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@com[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@cdfreaks[1].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@tucows[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xmts[1].txt
Spyware:Cookie/adstat Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@ad.stat.4u[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@c2.gostats[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.myaffiliateprogram[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@fe.lea.lycos[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.burstbeacon[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@burstnet[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.myaffiliateprogram[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@dist.belnk[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xiti[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@burstnet[3].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.web-stat[2].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@did-it[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xiti[3].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@c3.gostats[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@gostats[2].txt
Spyware:Cookie/seeqA Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www48.seeq[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www47.buydomains[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xmts[3].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@belnk[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.myaffiliateprogram[3].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@terra.com[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@burstnet[4].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www.burstbeacon[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@dist.belnk[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@rn11[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xiti[4].txt
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@112.2o7[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@com[4].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@burstnet[2].txt
Spyware:Cookie/Adserver Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@z1.adserver[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@247realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@realmedia[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@ad.yieldmanager[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@xmts[2].txt
Spyware:Cookie/Seeq Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www48.seeq[2].txt
Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS\Profiles\Alistair\Cookies\alistair@www47.buydomains[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00063]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00068]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00069]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00070]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00152]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\McAfee\UnInstaller\Backup\IMon006.bta[00153]
Virus:Trj/Rootca.A Disinfected C:\WRPALL3\backup.bat
Virus:Trj/Rootca.A Disinfected C:\WRP\backup.bat
Dialer:Dialer.Gen Not disinfected D:\WINDOWS\SYSTEM\Direct Sex Access-uninstall.exe
Spyware:Cookie/LinkExchange Not disinfected D:\WINDOWS\Cookies\a j parker@linkexchange[2].txt
Spyware:Cookie/Tucows Not disinfected D:\WINDOWS\Cookies\a j parker@tucows[1].txt
Spyware:Cookie/Preferences Not disinfected D:\WINDOWS\Cookies\a j parker@preferences[2].txt
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Cookies\a j parker@hg1.hitbox[1].txt
Spyware:Cookie/Xmts Not disinfected D:\WINDOWS\Cookies\a j parker@xmts[1].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\a j parker@terra.com[1].txt

Hijackthis.txt........................

Logfile of HijackThis v1.99.1
Scan saved at 08:53:43, on 14/03/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\RAMPAGE\RAMPAGE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\DISGO\UFDSE98.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/my%20home%20page.htm
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 S A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Zoom\Adsl\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [UFDSE98] C:\disgo\UFDSE98.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE
O9 - Extra 'Tools' menuitem: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .ivs: C:\PROGRA~1\INTERN~1\PLUGINS\Npriff.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint....printUpload.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.6.9,212.159.6.10

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 19 March 2006 - 01:50 PM

Please download and run CWShredder here
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine.
Detailed instructions from here

Run this scan.
http://www.bitdefend...m/scan8/ie.html

Then post another log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 19 March 2006 - 06:30 PM

Hi
Since posting the initial problem I further problems have emerged. I am getting Iexplorer Invalid Page Faults in KERNEL32.dll when I try to open a window within IExplorer and occasionally when opening other programmes such as ADware.

Thanks for the help so far.

BitDefender Online Scanner
Scan report generated at: Mon, Mar 20, 2006 - 00:12:40
Scan path: C:\;
Statistics
Time
02:33:02
Files
335398
Folders
5684
Boot Sectors
4
Archives
1675
Packed Files
35436
Results
Identified Viruses 7
Infected Files 39
Suspect Files 4
Warnings
0
Disinfected
0
Deleted Files
43

Engines Info

Virus Definitions
324809

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
38

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\TEMP\bar.exe=>(Instyler o)=>(Instyler Module 0)
Detected with: Application.IESearchBar

C:\WINDOWS\TEMP\bar.exe=>(Instyler o)=>(Instyler Module 0)
Disinfection failed

C:\WINDOWS\TEMP\bar.exe=>(Instyler o)=>(Instyler Module 0)
Deleted

C:\WINDOWS\TEMP\bar.exe=>(Instyler o)
Update failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Disinfection failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Update failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Infected with: Win32.Badtrans.B@mm

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Disinfection failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>(body)
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Update failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Infected with: Win32.Badtrans.B@mm

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Disinfection failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak
Update failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Infected with: Win32.Badtrans.B@mm

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak
Updated

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Disinfection failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>(body)
Deleted

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak
Update failed

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Infected with: Win32.Badtrans.B@mm

C:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.bak=>[Subject: Re:][From: Philip Dunn]=>info.DOC.scr
Deleted

Edited by little eagle, 20 March 2006 - 07:08 AM.

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 March 2006 - 07:03 AM

Then post another log.

Can you post another log from hijackthis.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 March 2006 - 07:07 AM

Hi
Sorry duuu.....

Logfile of HijackThis v1.99.1
Scan saved at 13:03:04, on 20/03/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\RAMPAGE\RAMPAGE.EXE
C:\DISGO\UFDSE98.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/my%20home%20page.htm
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 S A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Zoom\Adsl\dslagent.exe
O4 - HKLM\..\Run: [UFDSE98] C:\disgo\UFDSE98.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra 'Tools' menuitem: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .ivs: C:\PROGRA~1\INTERN~1\PLUGINS\Npriff.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint....printUpload.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.6.9,212.159.6.10

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 March 2006 - 07:14 AM

Please set your system to show
all files; please see here if you're unsure how to do this.


Here are the directions for creating a zip file For Windows XP:
Using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.n.

Please upload the zip file if you can if you can't then upload the the files without zipping. here

C:\disgo\UFDSE98.exe
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 March 2006 - 08:40 AM

Hi Little Eagle I am afraid I can not send you the zip file as requested. Because of my problem with Iexplore and kernel32.dll issues I can not open a new window by right clicking a link. Can I email it to you? Just to clarify, am I correct in assuming you want a zip of c:\disgo\ufdse98.exe? I think this file is associated with my disgo memory stick it sits in the sys tray and is used to eject the stick! Thanks

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 March 2006 - 12:25 PM

Well if you know what it is then I don't need to see it. ;)

Close all programs leaving only HijackThis running. Place a check against each of the following, Click on Fix Checked when finished and exit HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/my%20home%20page.htm
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Can I get you to check the date on this file should be from MS
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Then download and run CWShredder here
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine.
Detailed instructions from here

Then post another log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 March 2006 - 01:44 PM

Hi

I have followed your instructions.

KB891711.EXE is dated 23.3.05 and the Microsoft version is 4.10.2223

I did have another go at downloading the file you requested but the file download facility on your site did not seem to be available.

Logfile of HijackThis v1.99.1
Scan saved at 18:50:01, on 20/03/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\RAMPAGE\RAMPAGE.EXE
C:\DISGO\UFDSE98.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 S A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Zoom\Adsl\dslagent.exe
O4 - HKLM\..\Run: [UFDSE98] C:\disgo\UFDSE98.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra 'Tools' menuitem: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .ivs: C:\PROGRA~1\INTERN~1\PLUGINS\Npriff.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint....printUpload.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.6.9,212.159.6.10

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 March 2006 - 03:29 PM

You can disable this in MSConfi this may help with the trouble.

http://support.micro...om/?kbid=891711

April 12, 2005:
• Security update 891711 Microsoft Windows Millennium Edition, Windows 98 Second Edition, and Windows 98 packages were re-released on April 12, 2005.
• When you install the security update 891711 original packages on a computer that is running Windows Millennium Edition, Windows 98 Second Edition, or Windows 98, the computer may stop responding. This issue has been corrected in the April 12, 2005, release.
• The April 12, 2005, release runs as a system service on Windows Millennium Edition, Windows 98 Second Edition, and Windows 98. The Close Program dialog box does not list Kb891711.exe.
• The "Known issues" section was added to this article.

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Edited by little eagle, 20 March 2006 - 03:30 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#11 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 March 2006 - 04:43 PM

Hi Little Eagle Thank you for the information and for the time you have given to this problem. Coincidentaly I had already disabled KB891711.EXE in Msconfig. I regret to say the Kernel32 issue remains. Regards Arterial

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 March 2006 - 10:00 PM

:scratch: guess I thought you had ad-aware and just missed typed it. Do you have adware or ad-aware?
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 21 March 2006 - 03:37 AM

Hi I have Ad-Ware SE sorry just me being lazy.

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 21 March 2006 - 08:05 AM

Download System Security Suite v1.04 here
Tutorial here.

Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#15 arterial

arterial

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 21 March 2006 - 01:04 PM

Hi again

The computer seems to be more stable, I have not had a kernel32.dll page fault yet but I still have the problem that I can not open a new IE window when I click a link. I think I may have tracked it down to a corrupt shell32.dll file. I just need to work out how to replace it.

Thanks for the continued assistance.

Logfile of HijackThis v1.99.1
Scan saved at 18:55:42, on 21/03/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\RAMPAGE\RAMPAGE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 S A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Zoom\Adsl\dslagent.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [V128IID] Rundll32.exe C:\WINDOWS\SYSTEM\v128iitw.dll,STB_InitTweak
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
O9 - Extra button: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra 'Tools' menuitem: Mail This Page! - {A453794C-C643-4295-98A5-597CFC8D72EC} - C:\PROGRAM FILES\MAIL THIS PAGE\MAILTHISPAGE.EXE (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .ivs: C:\PROGRA~1\INTERN~1\PLUGINS\Npriff.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint....printUpload.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.159.6.9,212.159.6.10

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·