When online with Thunderbird, Alert dialogue boxes pop up.Pt1

Problem
When going online with Thunderbird, several Alert dialogue boxes pop up. Thunderbird v 2.0.0.16
Like these;

http://i399.photobucket.com/albums/pp79/usernamon/TBIRD_ALRT_POST_MGROUTINE_0_-1.jpg

And

http://i399.photobucket.com/albums/pp79/usernamon/TBIRD_ALRT_POST_MGROUTINE_1_.jpg

This started a couple of weeks ago. I thought it must be spam / junk mails. Started emptying Junk and Deleted folders on the most active accounts. This seemed to work.
Perhaps the real culprit/location is username@oldisp.net.au This backup email account has some inbox filters. One of which is Junk, which works. I checked the sent folder on this account, heaps of fwded emails which I deleted (there goes the evidence). Checked later, new junk gets fwded to username.@gmail.com which is another filter.
Sunday.
Having not downloaded email while; Reading, Downloading, Printing and Doing (logs attached). Checked again, usual result.

Monday.
Gmail is bumping the fwded junk mail back again. Also disabled Junk filter in tools\message filter\ junk. Emails are still filtered to Junk folder and fwding.

Wednesday.
Deleted username.@gmail.com filter and junk filter because posts from audax-oz@vicnet.net.au filter are now being fwded to the gmail address. Also thoroughly cleaned all excess non archival email from inbox.

Wednesday arvo.
Left Tbird up for 2hrs, result 2new emails in username@oldisp.net.au junk folder, not fwded yet. Rebooted (cleaning up pc works) first in 3days 17hrs. Attempted bitdefender online with IE6, When http://www.bitdefender.com/scan8/ie.html# I agree EULA button is pushed, to go to Scanning options. Status bar flashes error on page. Eula only needs the standard single push now instead of the 3, pre CCleanup, to get to the scanning options

I don’t know;

What is causing this? AVG Free, Spybot S&D only reported threats from cookies. What got me to MG is that bitdefender online refuses to download virus signatures in IE6.
Tested ActiveX http://www.pcpitstop.com/testax.asp worked fine. Trend Houscall 6.5 won’t complete preparation in Firefox (default browser) 6.6 complains of slow connection
(cable: Aussie fraudband) and only shows the desktop in custom scan which crashes before finishing stage 2 (scanning)

Or the severity of this leak. As am doing a fresh install (disconnecting Current physical drive with C:\ F:\current XP) on a bigger physical disk.
Thanks for any help or advise you can offer

ureritemate


:confused

 

When online with Thunderbird, Alert dialogue boxes pop up.Pt2

Part2
Late post continued from:
When online with Thunderbird, Alert dialogue boxes pop up.Pt1
Posted 10-29-08, 18:05

Apologies for late post. First post didn’t appear on the forum. I assumed it was because I tried to post Pt2 before the 30sec time limit had expired.

Friday. username@oldisp.net.au Junk appears in correct folder. Alerts appear to have stopped (sent folder empty). Bitdefender online still refuses to load. When I agree EULA button is pushed, to go to Scanning options. Status bar flashes error on page and virus signatures still don’t download.

Thanks for your help
Have a great weekend
ureritemate

 

Thanks chaslang for your welcome and advice. Here is what I’ve done with the reports and results.

Hope the malware is or can be removed.

Yes I use IE6 for bitdefender and MS stuff. That is about all I use it for.

Deleted 336 total xml###.tmp files from
"F:\Documents and Settings\All Users\Application Data\"
Don’t know what they could be

Ran Disable/Remove Windows Messenger, to remove messenger, thought I ran SG’s “shoot the messenger” during build, rebooted as requested.

Printed post 173069 for ‘browser free’ instructions.

Downloaded MGtools to C:\ ran MGtools\analyse.exe did system scan. Found 02, 03, 04 files as described. Selected and fixed, exited HJT

Combofix on desktop, used opera to copy & paste quoted script to EditPadLite, saved to desktop as CFscript.txt

Exited all browsers checked on Task Manager. Dragged script to Combofix which asked for ping and internet access to download newer version which was denied, script ran. Saw 2 of the 4 files deleted

Files:
F:\WINDOWS\o737a~1
F:\Documents and Settings\3 Humours\Local Settings\temp\IMGE7.tmp
Combofix finished created log saved to F:\comboFix.txt automatically

Ran Ccleaner

Ran C:\MGtools\GetLogs.bat log file generated

Opened IE6 went bitdefender online selected : C:\ATI;C:\Documents and Settings;C:\Intel;C:\Logs;C:\MGtools;C:\Program Files;C:\WINNT;C:\WINRAR;F:\ATI;F:\Documents and Settings;E:\ALL_MY_DOCS_XP3_XP4_ :\ Not storage folders; F:\Documents and Settings\3 Humours\Desktop\ all folders

This was a short scan which started and finished as usual, an offline report was saved, this is a précis;

Statistics
Time 00:38:33
Files 214287
Folders 3918
Boot Sectors 0
Archives 53146
Packed Files 8194

Results
Identified Viruses 2
Infected Files 5
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 5

Engines Info
Virus Definitions 1998293
Engine build AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins 16
Archive plugins 43
Unpack plugins 7
E-mail plugins 6
System plugins 4

Scan Settings
First Action Disinfect
Second Action Prompt
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Malware details
X2 Infected with: Trojan.Kobcka.GE Deleted Updated
X3 Infected with: Win32.Worm.Agent.QAR Deleted Updated

Regrettably I only made a short scan as I had go out and the Pc was needed by another user
Overnight ran P2P client. All appeared satisfactory

Saturday 1st /11
Avg had a running scan dialog in tool tray. Avg was unresponsive both in tool tray and Task Manager

Went to do more online scans prior to posting requested logs.
Bitdefender ran (no errors) then would not download virus signatures. Program did not acknowledge this (usually does) and when download dialog box was shut, proceeded to scan, which was stopped.

Saved Friday’s 31/10 chaslang logs to USB drive

Checked files mentioned in 31\10 posting manually, listed below.

"F:\Documents and Settings\All Users\Application Data\"
Xml###.tmp 24 Oct 2008 0 "xml###.tmp"

O2 - BHO: ZoneAlarm Spy Blocker BHO
- {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker
- {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task]
"F:\Program Files\QuickTime\QTTask.exe" –atboottime

File::
F:\DOCUME~1\3HUMOU~1\LOCALS~1\Temp\kbeepm.sys
F:\WINDOWS\o737a~1
F:\WINDOWS\Ô
F:\Documents and Settings\3 Humours\Local Settings\temp\IMGE7.tmp

No files listed at these paths

Rebooted as Pc sluggish. Tested bitdefender in IE6, error on page fault would not load, cancelled.

Ran C:\HJT system scan, ran F:\~Desktop\ComboFix without script, ran C:\ MGtools after erasing previous MGtools folder Logs are available if they are of any use.

Thought I should post with logs as you first requested.
Any advice you can give as how to proceed, with this would be much appreciated.
If we cannot detect malware what would be the next practical step?
Is XP3 saveable is XP4 viable? Should I post my Q’s about install and data strategy on the software forum?
Am including pm8 image so you can see hardware arrangement.
Thanks again for your help and recommendations so far.
Kind regards
ureritemate

 

That’s a relief. Thanks for your help chaslang.
Sorry for my; naive repetitive muddled and undisciplined questions.
Will proceed as you advise.
Have agood1.
ureritemate:-o