IPcons.biz?

[chels82]

StartDreck (build 2.1.7 public stable) - 2005-04-24 @ 18:22:39 (GMT -07:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as Chelsea at DELL INSPIRON

»Registry
 »Run Keys
  »Current User
   »Run
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Default User
   »Run
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Local Machine
   »Run
    *SystemTray=SysTray.Exe
    *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *AOLDialer=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    *AOL Spyware Protection="D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
    *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    +OptionalComponents
     +MSFS
      *Installed=1
     +MAPI
      *Installed=1
      *NoChange=1
     +MAPI
      *Installed=1
      *NoChange=1
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *AolAcsDaemon1="C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
   »RunServicesOnce
    **bt=rundll32 C:\WINDOWS\DISPLWY.TXT,DllGetClassObject
   »RunOnceEx
   »RunServicesOnceEx
 »Browser Helper Objects (LM)
»Files
»System/Drivers
 »Running Processes
  +FFEFED15=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFFBA71=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFFADC1=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE5709=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFE3809=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFE2DD1=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
  +FFFE9CA1=C:\WINDOWS\EXPLORER.EXE
  +FFFEA465=C:\WINDOWS\RUNDLL32.EXE
  +FFFD8B69=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFFC51F9=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
  +FFFC43F1=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
  +FFFC1E85=C:\WINDOWS\TASKMON.EXE
  +FFFC0A79=C:\WINDOWS\SYSTEM\QTTASK.EXE
  +FFFC94DD=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
  +FFFDAEE9=C:\WINDOWS\RUNDLL32.EXE
  +FFFCD311=D:\PROGRAM FILES\AIM\AIM.EXE
  +FFFB735D=D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
  +FFFCCB6D=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFFBA869=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFF7C6B1=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF9E9F1=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFF6CD65=C:\WINDOWS\SYSTEM\SPOOL32.EXE
  +FFF6C645=D:\AMERICA ONLINE 9.0\WEmail RemovedEXE
  +FFF7848D=D:\AMERICA ONLINE 9.0\SHELLMON.EXE
  +FFF667F5=C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
  +FFF49421=D:\PROGRAM FILES\STARTD\STARTDRECK.EXE
»Application specific

[guestolo]

Edit>>This time Startdreck revealed a hidden installer, so it does appear to be a new one
After we run this next tool, try not to do too much browsing on the net until we get some tools on your computer to keep you clean

Download and save to Desktop
SpSeHjFix109.zip
From that link
Unzip the contents, so you now have SpSeHjfix109.exe on your desktop

Disconnect completely from the Internet

Restart into safe mode

Run SpSeHjfix109.exe by clicking the Start Disinfection
It should reboot your computer
Back in Windows>>The tool would of created a log, could you copy and paste that log to a location such as MyDocuments, just so we don't overwrite it when we run the tool again

Run
SpSeHjfix109.exe again

Post back the logs from SpSeHjfix and a new Hijackthis log
and a new Startdreck log

As mentioned, don't do too much surfing until we get some protection on your computer
If the tool won't remove this infection, we will do it manually

EDIT>>When I linked you too Symantecs, did you follow the below instructions they recommended
To restore security settings in Internet Explorer

   1. Open Internet Explorer
   2. Go to the Tools menu and click on Internet Options
   3. Click on the security tab
   4. For each Zone, configure the security settings appropriately or click on Default Level to change settings to default.

[chels82]

Here are the logs.

(4/24/05 9:01:10 PM) SPSeHjFix started v1.09
(4/24/05 9:01:10 PM) OS: Win98SE A (4.10.67766446)
(4/24/05 9:01:10 PM) Language: english
(4/24/05 9:01:14 PM) Disinfect started
(4/24/05 9:01:14 PM) Bad-Dll(IEP): (not found)
(4/24/05 9:01:14 PM) Bad-Dll(IEP) in BHO: (not found)
(4/24/05 9:01:14 PM) UBF: 4
(4/24/05 9:01:14 PM) UBB: 0
(4/24/05 9:01:14 PM) UBR: 13
(4/24/05 9:01:14 PM) Bad IE-pages:
(4/24/05 9:01:14 PM) Stealth-String not found:
(4/24/05 9:01:14 PM) Not infected->END

(4/24/05 10:35:05 PM) SPSeHjFix started v1.09
(4/24/05 10:35:05 PM) OS: Win98SE A (4.10.67766446)
(4/24/05 10:35:05 PM) Language: english
(4/24/05 10:35:07 PM) Disinfect started
(4/24/05 10:35:07 PM) Bad-Dll(IEP): (not found)
(4/24/05 10:35:07 PM) Bad-Dll(IEP) in BHO: (not found)
(4/24/05 10:35:07 PM) UBF: 4
(4/24/05 10:35:07 PM) UBB: 0
(4/24/05 10:35:07 PM) UBR: 13
(4/24/05 10:35:07 PM) Bad IE-pages:
(4/24/05 10:35:07 PM) Stealth-String not found:
(4/24/05 10:35:07 PM) Not infected->END

Logfile of HijackThis v1.99.1
Scan saved at 6:17:36 PM, on 4/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\IPCONFIG.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} - http://fdl.msn.com/public/oc/setupbbs.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab

StartDreck (build 2.1.7 public stable) - 2005-04-25 @ 18:18:33 (GMT -07:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as Chelsea at DELL INSPIRON

»Registry
 »Run Keys
  »Current User
   »Run
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Default User
   »Run
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Local Machine
   »Run
    *SystemTray=SysTray.Exe
    *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *AOLDialer=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    *AOL Spyware Protection="D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
    +OptionalComponents
     +MSFS
      *Installed=1
     +MAPI
      *Installed=1
      *NoChange=1
     +MAPI
      *Installed=1
      *NoChange=1
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *AolAcsDaemon1="C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
   »RunServicesOnce
   »RunOnceEx
   »RunServicesOnceEx
 »File Associations (CR)
  +.bat
   *batfile="%1" %*
  +.com
   *comfile="%1" %*
  +.exe
   *exefile="%1" %*
  +.hta
   *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
  +.htm
   *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
  +.html
   *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
  +.js
   *JSFile=c:\windows\WScript.exe "%1" %*
  +.jse
   *JSEFile=c:\windows\WScript.exe "%1" %*
  +.pif
   *piffile="%1" %*
  +.reg
   *regfile=regedit.exe "%1"
  +.scr
   *scrfile="%1" /S
  +.txt
   *txtfile=c:\windows\NOTEPAD.EXE %1
  +.vbs
   *VBSFile=c:\windows\WScript.exe "%1" %*
  +.vbe
   *VBEFile=c:\windows\WScript.exe "%1" %*
  +.wsh
   *WSHFile=c:\windows\WScript.exe "%1" %*
  +.wsf
   *WSFFile=c:\windows\WScript.exe "%1" %*
  +.lnk
   `lnkfile= [key or value does not exist]
 »Browser Helper Objects (LM)
»Files
 »Autostart Folders
  »Current User
   *C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\America Online 9.0 Tray Icon.lnk
  »Default User
   *C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\America Online 9.0 Tray Icon.lnk
  »Local Machine
 »INI-Files
  »WIN.INI\[windows]
   *LOAD=
   *RUN=c:\DELL\WINBATCH.EXE
  »SYSTEM.INI\[boot]
   *SHELL=Explorer.exe
 »Text Files
  *C:\WINDOWS\msdos.sys
  *C:\msdos.sys
  *C:\config.sys
  *C:\autoexec.bat
  *C:\WINDOWS\SYSTEM\autoexec.nt
  *C:\WINDOWS\wininit.bak
  *C:\WINDOWS\dosstart.bat
»System/Drivers
 »Running Processes
  +FFEFD203=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFF8567=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFF92D7=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE681F=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFE00B7=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFE0C2B=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
  +FFFEA0C7=C:\WINDOWS\EXPLORER.EXE
  +FFFDDC1B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFFDA1DF=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
  +FFFD9937=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
  +FFFC410B=C:\WINDOWS\TASKMON.EXE
  +FFFC5A57=C:\WINDOWS\SYSTEM\QTTASK.EXE
  +FFFC2947=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
  +FFFC051F=D:\PROGRAM FILES\AIM\AIM.EXE
  +FFFCBC93=D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
  +FFFBE5DF=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFFCC067=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFF874EB=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF86437=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFF9231B=C:\WINDOWS\SYSTEM\SPOOL32.EXE
  +FFF64E0F=D:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
  +FFF8B8EB=C:\WINDOWS\NOTEPAD.EXE
  +FFF7580F=D:\PROGRAM FILES\STARTD\STARTDRECK.EXE
 »NT Services
»Application specific

[guestolo]

Good Work Chels, the logs you posted show not infected from SpSeHjfix
But you were definitely infected as your hijackthis log and Startdreck log showed
And now there clear

Now that your clean, before you do any browsing, you should visit Windows Updates
Install all Latest Critical Updates and Service Packs
Restart your computer when prompted and then keep revisiting Windows updates until your have All Latest Critical updates installed
Don't install the Recommended updates unless they are something preferred

Getting all the latest updates will help to keep your system secure

After you are happy you have installed them all

You don't appear to be running any Anti-Virus software on your computer
This is not safe
If you have your own to install, install it now and check for updates and run a full system scan
If you don't have your own, I would greatly advise you to Install the free version of
AVG 7
Go to this link
http://free.grisoft.com/doc/2/lng/us/tpl/v5
Scroll down to the free download link
AVG Free Edition installation files
File   Version
avg70free_308a468.exe <-this link

Save the installer to desktop and then double click to Install
Restart the computer if prompted
After installation>>Check for updates and then run a Full system Scan

Once that is done

You should set up protection against future attacks

SpywareBlaster 3.3 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer


IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
After installing IE-Spyad, don't be surprised if you have a hard time running a scan with Hijackthis
IE-Spyad adds all those registry entries and Hijackthis checks that part of the registry
It seems to be a Windows 98 issue, not to worry

Post back and let me know how everything is running after doing the above
Also, are you running through any Firewall protection?