Infection: <UNKOWN> module? [WIN ME]

Discussion in 'Software' started by ej0c, Aug 23, 2004.

  1. ej0c

    ej0c Private E-2

    What a cool and helpful site!!

    OK...Yet another infested machine. WIN ME.

    12 hours in, I've run Panda, norton AV, ad-aware (deep scan), cwshredder, spybot, and Pest Patrol. Lots of garbage cleaned and machine much faster. But, something is still running.

    I.E. will view local htm files, but shuts down when trying to fetch an http: resource.

    I've removed all of the networking components, and run the I.E. repair facility. Tries to uninstall I.E. 6, but it failed.

    I could ping the outter world...but no other connection. Pest Patrol gets a Winsock error 0 when trying to update. Moz Firebird will not connect.

    A variety of utilities have reported conflicts with process <UNKNOWN> and shut down. DRWatson reported that <UNKNOWN> had modified Windows files.

    For awhile I couldn't right click. All was working much better, but at the moment I can't view C:\ drive.

    Logfile of HijackThis v1.98.2
    Scan saved at 12:16:54 PM, on 8/23/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

    Thanks!

    Ed
     
    ej0c, Aug 23, 2004
    #1
  2. billH

    billH Master Sergeant

    Hi Ed and welcome :) Have you tried SpyBot Search and Destroy? If not, you can get it here on MG by clicking this link . Run Spybot in "advanced mode" then go to "tools" (lefthand pane at the bottom.) When you open the "tools" panel click on the various icons (namely ActiveX and BHOs) sometimes Spybot picks up things that Adaware misses and vice versa. Also, are you running the latest Adaware (AdawareSE)? If not, then it's found at this link . New interface and engine, might do you some good.
    Bill
     
    billH, Aug 23, 2004
    #2
  3. ej0c

    ej0c Private E-2

    Thanks! I did not see that...came up whilst I was out last week!

    Ran AAW-SE - found a few new things; and yes, I'd run Spybot, but had not seen the extra tools before. Didn't really find anything.

    Now I can't see anything in the control panel. Can see C:\ drive items, but only if I go through all the view modes and then back again (i.e. Large>Small>Details>Thumbnails>Large.

    System information also shows blank now.

    Did I mention that Dr. Watson also earlier reported that Adobe Type manager had changed system files?

    Thanx. Ed
     
    ej0c, Aug 23, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds