|
|
|
IE6 and Mail messed up..
Showing all messages in thread #1187721877
Windows Me Annoyances Discussion Forum
The following are all of the messages in this thread (18 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
|
IE6 and Mail messed up..
Tuesday, August 21, 2007 at 11:44 am
Posted by Ian MacKinnon
(69 messages posted)
Hi folks. Always value you thoughful advice. Did a search on this site and cannot
find my problem so here it goes. Two main problems. Was hit by a virus ..cleaned
it off..unfortunately cannot remember the name..was awhile ago but I think it was
VondoF. My mail has really stopped funtioning. Tried all you existing advice w/o
much luck. Lost a bunch of e-mail when I replaced Folder.dbx but that is ok. Moved
over to daughter computer :) #2 My IE freezes all the time..especially if I close
a window using the left upper tab. I also get errors (andfreezes) if I run any
youtube. I think the virus damaged it... and repair doesn't seem to fix it. With
ME, it doesn't look like you can uninstall / re install IE but with the search I
did, I found the web site with all the old versions. Rather than re installing ME
and losing everything, can I d'load ie6 and do overinstall to fix there errors ?
many thanks. Ian.
[Reply or follow-up to this message]
| |
re: IE6 and Mail messed up..
Tuesday, August 21, 2007 at 3:39 pm
Posted by Ms. Eagle
(32675 messages posted)
Yes you can reinstall IE6, if it can't be repaired. Generally, you'll get a message
saying to run setup again, if the repair fails. That's not saying it will resolve
the problem you're having.
Are you certain you got the infection cleaned up entirely? Did you get expert advice
and help doing so, and did they mention outdated versions of Java is the reason for
the Vundo infection?
Switching to a more secure browser would be a very good idea. IE is extremely vulnerable
to malware infections and very insecure. Security experts have been advising for
years that users do that and use Firefox or Opera instead.
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Tuesday, August 21, 2007 at 4:19 pm
Posted by Ian MacKinnon
(69 messages posted)
I am an old retired IT guy :) so that may be part of my problem. I had wondered
that ME was so old that the tools to make this old operating system were not being
developed anymore. According to the host of applictions that I attacked my system
with to clean it with, I have to assume it is gone since they all say so. I d'loaded
IE 6 in but you are not the first to mention firefox ..I guess the problem with switching
is that I am comfortable with the interface :) I should be able to follow up this
message within a day. many thanks. Ian.
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 5:11 am
Posted by Ian MacKinnon
(69 messages posted)
I think I am in bigger do-do than I thought...I reverted my ME back to the orginal
5.5 and tried the close window option and machine froze for a bit...loaded the 6
back on..still same thing...so something is making the os freeze whe you exit out
of an explorer window by the top right hand button..any ideas..still don't want to
blow the os away and re install. Thanks Ian.
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 9:25 am
Posted by Ms. Eagle
(32675 messages posted)
You said, According to the host of applictions that I attacked my system with
to clean it with, I have to assume it is gone since they all say so.
I just knew it... a do-it-yourself job! :) That's the problem with knowing more
than enough to be dangerous. What all did you use? I hope you didn't end up with
some Rogue software in the process.
No, you shouldn't assume. It's very possible there are leftovers that need fixing.
Many of these infections require special tools and various steps to clean them up.
No doubt you know that, and it sounded like you ran the Vundo fix. Is that the infection
you had/have?
Did you use Hijack This? If not, I suggest you download the latest version, run a
scan then post the log here. I'll check it out. If I don't see anything, it's off
to a malware support forum, you go!
Trend Micro HijackThis™
Create a new folder to move 'HJT' to. Don't save it on the desktop or in a temp folder.
It creates backups of all items fixed, and they're automatically saved in the same
location. Place it in your root dir or Program Files folder, whichever you choose.
Example: C:\HJT\ or C:\HijackThis\, etc.
Make sure All your apps under the Startup tab in MSCONFIG are checked to load at
startup, or they won't show up in the log. Run HijackThis.exe. Choose "Do a system
scan and save a logfile". Once the scan is finished, the log will automatically open
in Notepad. Select All and copy/paste the entire log in a post. *Don't fix anything
yet.
*Important: Please put a check in this box before posting: "Check this box to
preserve your spacing, or leave it unchecked to have your text wrapped automatically.."
P.S. I've read your latest reply also, and as I suspected no amount of repairing/reinstalling
IE is going to resolve it... since it's not IE itself that's the problem. It's something
attached to IE.
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 11:00 am
Posted by Ian MacKinnon
(69 messages posted)
... a do-it-yourself job! :) ..yeah, 20 years in the biz and it gives you no fear
:)..however, I have been out for awhile and it sounds like most kids at the repair
shops are the dump and reformat types...Now you mentioned one thing that did surprise
me...that all apps that I use (ie Word, IE, etc) have to be running before use Hijack
This? Please confirm. Thanks . Ian.
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 11:52 am
Posted by Ms. Eagle
(32675 messages posted)
When it comes to cleaning malware off a system, it is understandable that they'd
choose the dump and format option. Reason being, nasty infections can be quite time
consuming to clean up... and of course they have no way of knowing you possibly got
most of it.
Then there are no doubt, those who have no clue HOW TO. It really takes some knowledge
in that area.
..."that all apps that I use (ie Word, IE, etc) have to be running before use Hijack
This?"
NO, no... just all the apps listed under MSCONFIG startup tab. In other words, temp
check any that you've unchecked... IF there are any.
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 11:57 am
Posted by Ms. Eagle
(32675 messages posted)
This shows removal instr. for that infection you mentioned, i.e. Vundo variants....
http://www.bleepingcomputer.com/forums/topic18610.html
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 12:17 pm
Posted by Ian MacKinnon
(69 messages posted)
here is the log file...
Logfile of HijackThis v1.99.1
Scan saved at 4:07:47 PM, on 22/08/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\HJ\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
(file missing)
O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9} - C:\WINDOWS\SYSTEM\BRQUAPC.DLL
(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe
-m
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM
FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control)
- http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.189.exe
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 12:19 pm
Posted by Ian MacKinnon
(69 messages posted)
Can you read any of this...would have perferred to have it stayed in the orginal
format..BTW, did uswe tht procedure..it was a great help. Ian.
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 12:39 pm
Posted by Ms. Eagle
(32675 messages posted)
No, I can't. That's why I included "Important" check this box, etc... (it's very
annoying that they have that tip: do not use unless you really need it... in bold!)
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 1:10 pm
Posted by Ms. Eagle
(32675 messages posted)
I meant to ask you to repost the HJT log, and check that box next time. I may not
get to it until a bit later on, though. Something about real life... :)
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 1:37 pm
Posted by Ian MacKinnon
(69 messages posted)
You get into a habit :)
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 4:07:47 PM, on 22/08/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\HJ\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
(file missing)
O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9} - C:\WINDOWS\SYSTEM\BRQUAPC.DLL
(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe
-m
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM
FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control)
- http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.189.exe
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Wednesday, August 22, 2007 at 11:09 pm
Posted by Ms. Eagle
(32675 messages posted)
I'm sorry about the delay, but I was off most of the day. Before fixing these items,
would you download CCleaner and the latest version Java (links below).
I included some unnecessary startup items, and you may have had them unselected before.
The few with an * before them are malware related. Close all Open windows, then run
Hijack This again. Select these entries below in bold. Choose Fix Checked.
*Before rebooting, please follow the instr. below to uninstall all versions of Java.
Then Reboot. Run CCleaner, delete all Java directories and disable System Restore.
Install latest Java. Run HJT again and post the new log.
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}
- C:\PROGRAM ILES\DAP\DAPIEBAR.DLL (file missing)
O2 - BHO: DAPHelper Class - 0000CC75-ACF3-4cac-A0A9-DD3868E06852}-
C:\PROGRAM FILES\DAP\DAPBHO.DLL (file missing)
..Randomly named BHO-->>
*O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9}
- C:\WINDOWS\SYSTEM\BRQUAPC.DLL (file missing)
..Unnecessary:
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe-s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
O16 - DPF: (4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
*O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86}
-http://www.emcodec.com/v4/eCodec-v4.189.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
*O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151
Download CCleaner to clear out all your temp folders, etc. Before
running the scan, go into Options and specify any Cookies you don't want removed.
I'd also uncheck the box that says, "don't remove temp files less than 48 hrs. old".
*Disable System Restore to clear out old restore points, since they're probably corrupt
due to the infection.
Additionally, uninstall all versions of Sun's Java listed in A/R. Then reboot and
delete their directories in Program Files folder. Install the latest update...
http://java.sun.com/javase/downloads/index.jsp
Java Runtime Environment (JRE) 6 Update 2
http://java.sun.com/javase/downloads/index.jsp?
Then please run another HJT scan and post the new log here. Let me know, if the problems
have disappeared. I rather doubt it. :(
P.S. running a search on the malware related items didn't yield any clues as to what
the infection is/was.
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Thursday, August 23, 2007 at 9:32 am
Posted by Ian MacKinnon
(69 messages posted)
Hey,
Here is the new log...
Just a quick check...brought up a web site...dumped it quickly, hit start....no freeze....wow...
Logfile of HijackThis v1.99.1
Scan saved at 1:22:37 PM, on 23/08/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJ\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe
-m
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control)
- http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Thursday, August 23, 2007 at 1:12 pm
Posted by Ms. Eagle
(32675 messages posted)
That's good to hear! Is there a reason you didn't fix most of the entries I suggested?
Those I wasn't familiar with, I researched. It's up to you of course. I like to fine
tune my system, so I usually pass it on.
CastleCops StartupList or
AnswersThatWork
Also, check Jack Gulley's webpage for suggestions and info. for ME system's...
Jack Gulley's ME Fixes page
Any/all ActiveX Objects - 016 DPF can be removed at any time and will be installed
again if/when needed. It's best to occassionally clear out, those that are no longer
needed. You have no use for WGA Validation, since WinMe is no longer a supported
OS. Updates are not put out any longer.
Updreg.exe - Reminder to register Creative Labs SoundBlaster Live! cards
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Real Player spyware related app, but it'll show up in startup again everytime you
it .. >>
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
(Tip: Many users replace Real Player with Real Alternative, and QuickTime with QT
Alternative)
These two entries are related to Alexa, a spyware/privacy issue ->>
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
You didn't uninstall and update Java ->>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
*Malware related according to what I found doing research on it...
...O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151
I came across several other HJT Log threads on various forums. In every case, the
malware expert, advised them to fix the entry. That's how I know it should be fixed.
In any case, if you're comfortable with IE you might consider giving Opera a try
instead of Firefox. You can use both. IE is a malware magnet. ActiveX is one of the
main reasons, in addition to BHO's and toolbars. Not to mention, it's very easy to
exploit.
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Friday, August 24, 2007 at 4:53 am
Posted by Ian MacKinnon
(69 messages posted)
Bald Eagle,
Many thanks..read some more and dumped all found..had to re load IE..not sure why
but hey, it works :) Will remember procedures and links..
>You didn't uninstall and update Java ->>
Actually, I did. I has several updates on the compute so I removed them from the
most recent down and re installed the latest one I could find.
>>Computer seems happy again..now I can give my daughters computer back :) You have
been a great help...many thanks !!!!
Ian.
[Reply or follow-up to this message]
|
re: P.S. re: IE6 and Mail messed up..
Saturday, August 25, 2007 at 12:45 pm
Posted by Ms. Eagle
(32675 messages posted)
You're very welcome! Nothing like a happy computer and happy daughter.
Btw, I asked about Java, because of those Java related entries in the log. I think
they were the same version as when we started.
I had posted a download link to the most recent. Sun has several sites, and they
aren't in sync most of the time. Here's the link again, so you can double check.
Java Runtime Environment (JRE) 6 Update 2
http://java.sun.com/javase/downloads/index.jsp?
Blocking Unwanted Parasites with a Hosts File
[Reply or follow-up to this message]
| |
Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
| |
Return to the Windows Me Discussion Forum
|
|
|
|
