The main problem is that I cant get passed an error message, this error message:
EXPLORER caused an exception 03H in module
<unknown> at 0000:8calladd.
Registers:
EAX=8callae4 CS=0187 EIP=8calladd EFLGS=00000282
EBX=00000000 SS=018f ESP=0059dacc EBP=0059dafc
ECX=c009df0b DS=018f ESI=bff772be FS=0dc7
EDX=8lbl300c ES=018f EDI=00000000 GS=0000
Bytes at CS:EIP:
ba 50 6d 09 c0 ff el 0b c0 74 6f 8b 4c 24 04 8b
Stack dump:
8callae4 0059db3c 00000000 00000008 7fcb2e9e
0059db3c 00000000 00000008 80040154 bff772be
00000000 7fcb2d68 0059db14 7fcb2db2 0059db3c
7fcb2e30
This appears in the standard win98 error message box every time the pc is started up (not just when internet explorer is accessed - I cant run any programmes because I cant get passed the error message). If I can get passed this it's half the battle. I do however have access to the win98 cd .... but I am unsure how to use this without losing the files I would like to keep.
Please bear in mind that no programmes can be accessed because of this. Luckily before a complete block was put on the win98 system I was able to get this Hijackthis log:
The PC which is infected runs on windows 98 and I am currently using a clean xp system.
Here's the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:30:44, on 21/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SYSVCS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {21E1CE21-55E1-11DA-A16B-0002A5F504A4} - C:\WINDOWS\SYSTEM\NEDD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: StartMulti - {D741A309-75B3-929C-5D25-C7A1BCA0C982} - C:\PROGRAM FILES\ACID BLUE ERROR\INSIDE MATH.DLL (file missing)
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MOSearch] c:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = home.co.uk
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.168.4.100,194.168.8.100
O18 - Filter: text/html - {21E1CE20-55E1-11DA-A16B-0002CAB9A13F} - C:\WINDOWS\SYSTEM\NEDD.DLL
O18 - Filter: text/plain - {21E1CE20-55E1-11DA-A16B-0002CAB9A13F} - C:\WINDOWS\SYSTEM\NEDD.DLL
O21 - SSODL: hbeUYKE - {07D00B15-AD7A-A1BF-840D-413A4D7E085C} - C:\WINDOWS\SYSTEM\PZRKD.DLL
Hope someone will be able/willing to help me on this one.
Thanks in advance,
J-alexander