Bundle.exe parasite

Computing.Net > Forums > Windows 95/98 > Bundle.exe parasite

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Bundle.exe parasite

Name: Al
Date: October 14, 2003 at 18:37:14 Pacific
OS: Win98SE
CPU/Ram: PIII 850 256MB

Comment:

Hello,I've read another post concerning the bundle.exe parasite which I have. I have downloaded "Hijack This" and would like advice on what to eliminate from the log file I'm posting.........thanks in advance...Al
Logfile of HijackThis v1.97.3
Scan saved at 8:16:59 PM, on 10/14/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\TASKMON.exe
C:\PROGRAM FILES\HP PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.exe
C:\WINDOWS\SYSTEM\PELMICED.exe
C:\PROGRAM FILES\WINAMP\WINAMPA.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\AHEAD\INCD\INCD.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\WINDOWS\SYSTEM\HPZSTATX.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\HP PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\COMMON\SWTRAYV4.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS6335.TMP /R /A
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\bundle.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [Devldr16] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.exe -service
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {730F2451-A3FE-4A72-938C-FC8A74F15978} - http://www.igetnet.com/downloads/nlmupgradev4.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.3564930556
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://atlantisfortune.microgaming.com/atlantisfortune/FlashAX.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - http://webpdp.gator.com/v3/download/pdpplugin5093_hd3ptdmgainads.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/english/cyberstore/audiopack/xp_audio/ChkDVD.cab

Sponsored Link

Ads by Google

Response Number 1

Name: smithdk
Date: October 14, 2003 at 19:00:52 Pacific

Reply:

you have a trojan:
http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html

Response Number 2

Name: Derek
Date: October 14, 2003 at 19:07:10 Pacific

Reply:

When you've sorted the Trojan download Ad-Aware and/or Spyware Search & Destroy.
These will find and remove spyware/malware (I see you have already picked up Gator).
Derek

Response Number 3

Name: Al
Date: October 15, 2003 at 04:22:48 Pacific

Reply:

The log file you see was generated AFTER running NAV2001 with the latest update and also running Ad-Aware 6.0 with latest signature file. Now what???

Response Number 4

Name: Don Miller
Date: October 15, 2003 at 05:04:17 Pacific

Reply:

You wrote:
--------------
The log file you see was generated AFTER running NAV2001 with the latest update and also running Ad-Aware 6.0 with latest signature file. Now what???
--------------
But that seems strange to me. You have Malware (Gator, etc.) that Ad-Aware routinely removes quite well. So either your Ad-Aware version is not up to date or their latest definition file has not been applied. Also, are your NAV virus definitions up to date? Doesn't seem so to me since the Trojan is also removed by NAV.
Don

Response Number 5

Name: Derek
Date: October 15, 2003 at 10:47:57 Pacific

Reply:

Not all virus checkers find malware or spyware (only viruses). Just the same these can cause system irregularities. It would still be worth running either or both of the progs I suggested in #2. They have certainly found stuff my anti-virus missed.
Derek

pelmiced.exe vsmon.exe HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Ctfmon.exe CoolWeb	HOW TO MAKE A EXE FILE BY BUNDLE TWO EXE FILE Dell Latitude Master PW gen.exe b.exe removal tool
See More

Response Number 6

Name: Tom41
Date: October 16, 2003 at 02:25:37 Pacific

Reply:

Run HT again and check the following items. Next, close all browser Windows, and have HT fix all checked.
You NEED to restart your computer when you're done.
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS6335.TMP /R /A
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\bundle.exe
O16 - DPF: {730F2451-A3FE-4A72-938C-FC8A74F15978} - http://www.igetnet.com/downloads/nlmupgradev4.exe
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - http://webpdp.gator.com/v3/download/pdpplugin5093_hd3ptdmgainads.cab
After restarting delete the following:
C:\Program Files\Orbit foder
Contents of C:\Windows\Temp.

Response Number 7

Name: Al
Date: October 16, 2003 at 13:50:44 Pacific

Reply:

Thanks to all, everything appears to be normal again........thanx, Al

Response Number 8

Name: msatw
Date: November 18, 2003 at 21:51:57 Pacific

Reply:

Try this software. It kills in real time and is getting better all the time as it adds more definitions to it program.
http://members.shaw.ca/notispy
It will take care of all the spyware you see above.

Sponsored Link

Ads by Google

Cpu useage and free ram p...

Big problem please help

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 95/98 Forum Home

Sponsored links

Ads by Google

Results for: Bundle.exe parasite

Please help clean up HD

Summary

www.computing.net/answers/windows-95/please-help-clean-up-hd/154307.html

hard drive summoned

Summary

www.computing.net/answers/windows-95/hard-drive-summoned/149553.html

Deleted File Keeps Re-Appearing

Summary

www.computing.net/answers/windows-95/deleted-file-keeps-reappearing/143387.html

From the Geek Dictionary
cpu socket - in noob terms,a CPU socket is the spot on the motherboard,generally a squar...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Thin client question

Cant re-install XP after a major crash

Load program

IP address

Where to download Calmira II LFN?

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE