Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32/alemod.e.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
kingcade

kingcade

    New Member

  • Member
  • Pip
  • 9 posts
Hi,

My virus scan detected w32/alemod.e.dll in wininet.dll. Plus I am unable to clean it. Please help me (i have a limited knowledge of PC's). :tazz: thanks


Here is the hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:57:12, on 05/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
C:\PROGRAM FILES\DATA CACHING\FLASHKSK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi kingcade and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

If you use Windows 95/98/ME/NT/2K, go to My Computer->View->Folder Options->View tab and make sure that 'Show all files' is checked under the 'Hidden Files' section. Also make sure there is no checkmark beside 'Hide file extensions for known file types'.

Copy everything in the box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a /s > files.txt
start notepad files.txt


Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
  • 0

#3
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Excal,

Thanks for taking it on - I will follow your instructions and I do think we have some problems. Yes we are on Windows 98, I have also tried to clean the problems out using Xoftspy and NoAdware - has not helped 100%.

Anyway here is what the wininet.bat got for you:

Volume in drive C is HP_PAVILION
Volume Serial Number is 3D28-1606

Directory of C:\WINDOWS\SYSTEM

WININET DLL 589,312 05/09/05 10:50 WININET.DLL
1 file(s) 589,312 bytes

Total files listed:
1 file(s) 589,312 bytes
0 dir(s) 17,589.67 MB free

thanks
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Xoftspy and NoAdware are both Rogue anti-spyware programs and should not used, but removed immediately.

I need you to go into your C:\WINDOWS\SYSTEM folder and right click on the WININET.DLL and copy. Then paste it on to your desktop.

Let me know if you can do that.


thanks,

:tazz:

Excal
  • 0

#5
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Excal,

I cannot copy the winninet.dll onto the desktop - I get 2 messages : error copying file - access denied and another one saying that windows is using this file therefore it cannot be copied. What shal I do? :tazz:

Thanks

PS: apologies for the delay - been asleep.
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
please copy these instructions and paste them into notepad for use while in safe mode

Please reboot your computer into safe mode.

Once in Safe Mode, go to Start > Run

Type in: cmd

Click OK.

Please copy the following line and paste it into the black window:

CD C:\Windows\system

Hit enter.

Copy this line and paste it in:

copy wininet.dll C:\windows\Program Files

Hit enter.

Finally, type exit and hit enter.

Then please go into your C:\Windows\program files and make sure there is a Wininet.dll there.

If there is, please boot into normal mode

Run this online virus scan: ActiveScan - Please save and post the results from the scan!
  • 0

#7
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there...

Oh dear, I am not doing well at all! Hope you are having a better day than us.

Stared up in a safe mode, went into the run command, typed in cmd and got a messagee that it cannot be found... Browsed through, also got that message, so i could not complete the first stage of your instructions.

Then i went to ActiveScan anyway to do the scan (hope you do not mind), here is what it threw up a lot of nasty stuff:


Incident Status Location

Dialer:dialer.xd No disinfected C:\WINDOWS\switchagreement.txt
Spyware:spyware/bargainbuddy No disinfected Windows Registry
Virus:Trj/Downloader.CFJ Disinfected C:\WINDOWS\SYSTEM\gpaa.dll
Dialer:Dialer.ABR No disinfected C:\WINDOWS\Downloaded Program Files\start26.inf
Dialer:Dialer.Gen No disinfected C:\WINDOWS\switchagreement.txt
Virus:JS/Fortnight.E@M Disinfected Local Folders\Inbox\Hopuse renting Portugal\Re: House renting?[~000002.@x@]
Virus:JS/Fortnight.E@M Disinfected Local Folders\Inbox\Web Design\Mail sent to Pat Dollar\Website text[~000002.@x@]
Virus:JS/Fortnight.E@M Disinfected Local Folders\Inbox\Web Design\Mail sent to Pat Dollar\Website text - right version[~000003.@x@]
Virus:JS/Fortnight.E@M Disinfected Local Folders\Inbox\Web Design\Mail sent to Pat Dollar\Website text - stage1[~000003.@x@]
Virus:JS/Fortnight.E@M Disinfected Local Folders\Inbox\Web Design\Mail sent to Pat Dollar\Motocadia web text[~000002.@x@]
Virus:JS/Fortnight.E@M Disinfected Local Folders\Sent Items\Dragstar photo[~000002.@x@]
I have no idea why the stage 1 has not worked (the cmd) bit. Is there anything else we can try? :tazz:

My hopes are with you!

many thanks

kingcade
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I need you to delete these files:

C:\WINDOWS\Downloaded Program Files\start26.inf
C:\WINDOWS\switchagreement.txt

You have some emails that are infected, you need to clear your emails out.
A few in inbox, and in sent.

Go to this link and download wininet.dll

http://www.dll-files...s.shtml?wininet

Let me know when you have it downloaded. Go ahead and put it in your program files folder.

Thanks,

:tazz:

Excal
  • 0

#9
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Excal,

Downloaded wininet.dll as instructed

and cleared the e-mails and switchagreement.txt, however C:\WINDOWS\Downloaded Program Files\start26.inf
seems to have disappeared -did all the searches, no sign of it. Is this possible?

Ready to proceed to the next stage

many thanks for your help so far.

:tazz:

kingcade
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
This seems to be a tough one, so going to try this:

please copy these instructions and paste them into notepad for use while in safe mode

Please reboot your computer into safe mode.

Once in Safe Mode, go to Start > Run

Type in: command

Click OK.

Please copy the following line and paste it into the black window:

CD C:\Windows\system

Hit enter.

It will go to the next line, then copy this line and paste it in:

attrib -r -s -h wininet.dll

It will go to the next line, then copy this line and paste it in:

rename wininet.dll wininet.old

Hit enter.

Copy this line and paste it in:

CD C:\PROGRAM FILES

Hit enter.

Copy this line and paste it in:

copy wininet.dll C:\windows\system32

Hit enter.

Finally, type exit and hit enter.

Then please go into your C:\Windows\system32 directory and make sure there is a wininet.old and a wininet.dll BOTH in there. Please let me know if you run into any problems. You MUST make sure there is a wininet.dll in the system32 directory before you reboot otherwise you will run into serious issues.

Edited by Excal, 09 September 2005 - 02:28 PM.

  • 0

Advertisements


#11
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Excal,

here is what happened: went into the safe mode, run, command, typed in
CD C:\Windows\system32
when I typed in attrib -r -s -h wininet.dll, the message I got was :

"file not found wininet.dll"

then I exited the command mode and checked that my wininet.dll (the one with the virus) indeed was not in system 32, it sits in C:\windows\system. So i went back into the command mode and repeated your steps as above, but with C:\windows\system, then attrib -r -s -h wininet.dll
the message I got was :
"sharing violation reading directories Abort, Retry, Failed

I took exit as , did not want to risk any more my own experiments. Since then checked again that C:\windows\system\wininet.dll is there so is C:\ProgramFiles wininet.dll.

Please advise how we can bypass this problem. I really appreciate what you are doing to help. Please do not get fed up with it.


Many thanks

kingcade
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Sorry about the system/system32 thing... i am soo used to XP systems.

Please download the Killbox.

Please run Killbox.
  • Select "Replace on Reboot".
  • Enter C:\Windows\system\wininet.dll right below the words "full path of file delete"
  • right below that, enter C:\program files\wininet.dll
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.
lets see if this one will work :tazz:
  • 0

#13
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Excal,

:) :tazz: :)
It has worked - done it! Virus scanned with MCAfee after the re-boot , no sign of the virus and everything seems to be working so many many thanks.

Just in case, as you said before there wer a few problems with my PC, I have run the hijackthis log and it's pasted in below. Could you please tell me if there is anything else we need to do and also how can i protect myself in future as so far the only thing I have is McAfee Virus scan - not enough for sure, plus there is the Panda scan you recommended.

Plus apologies for the delay in replying - been away.

Many many thanks

kingcade

Logfile of HijackThis v1.99.1
Scan saved at 12:56:31, on 12/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Glad it worked out for you. Win 98 and ME are realy pain in the butts!

Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

I recommend that you Defrag your computer:

Go to start>all programs>accessories>system tools>Disk Defragmentor Make sure it set to the proper drive (default should be your main driver) and click on defragment


Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#15
kingcade

kingcade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Excal,

Many many thanks again - :tazz: Your help has been much appreciated - and I will be sorting the security out today!

Thanks for all your great work.

kingcade :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP