Dial Up connection infected

hello guys, I'm making my second attempt at cleaning my dial up connection, on the family computer, and run HiJack this, anyone have a look at it for me? cheers

Logfile of HijackThis v1.98.2
Scan saved at 20:13:38, on 28/01/2007
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TWINMOS\MOBILE DISK V3.0\MOBMON.EXE
C:\PROGRAM FILES\TWINMOS\MOBILE DISK V3.0\USBTD.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\BTMODEMPROTECTION.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\3COM\MODEMMGR\PROGRAM\MDMMGR.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HIJACKTHIS1-98-2.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [BTModemProtection] BTModemProtection.lnk
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [DialerZapper] C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: 3Com Modem Manager.lnk = C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL (file missing)

I dont really want to have to wipe the disk and start again, as I think I've lost the disk with the dellnet free net access (Still have to pay for phone bill) and I dont want to have to go to broadband, too pricey at the moment

cheers guys

 

Ok, so how do I go about fixing this? I know cra* all about the registry settings, and stuff, is there anything in there that could be a rogue dialler?

 

sorry to be very very dumb, but how do I remove them, is it inside HiJackThis? Step by steps would be the best way to help me on this, as I know crap all about registry settings/entries.

I have tried to run AVG and downloaded AdAware on my laptop and copied over to my family comp, but I think that my proc is not fast enough to run them, its a P3 455 mhz, off the top of my head.

 

thanks, I'll give it a whirl tonight, when I go home from uni

 

Ok, sorry for the looooooong delay in replying to this, but I tried it last night, and then dialled up, i have BT Modem Protection active which tells me if another number is being dialled, and i got no messages, so it looks like it worked.

Now, the thing is, its a 28k modem (go on, laugh..) SO, if i rip it out, and whack a 56k modem in, would I keep the dial up settings? as i think i had to enter a password when we set it up 4-5 years ago, and I am certain I've lost the password

 

Ok, no it hasnt worked, I got another dial made last night, it only seems to happen when I go on hotmail, I'm thinking its got something to do with MSN messenger, you know, when MSN will download temporarally download messenger while you are on a .net site? I really dont know whats doing this now, but Its really getting on my nerves, as last time I had a bill for £45 more than usual

 

I've done Adaware, tired Spybot a while back, but it didnt find anything of relevance. I'm still running IE5 (I know) would this problem be helped a bit if I installed IE6?

 

I really dont want to have to wipe the disk and start again

 

Are there any dialler blockers out there that work properly? Seeing as how I cant seem to find out what is doing this, is there a program that can monitor and block dial attempts?

 

Probably. How easy this is to find, I don't know. You could try password protection for your Internet connection, with shareware progs like iNet Protector.

I'd recommend you keep trying to find a solution to this issue though. I would feel very uncomfortable knowing that something on my computer was even attempting to establish connections outside without my consent.

Does your computer dial up even when you're not using it? Have you tried using Firefox?

 

I only have the computer turned on and connected to the phone line when I want to go online, so when it dials, I know about it, due to BT Modem Protection informing me of the dial, but it doesnt block it, just tells me - ARG!

I havent tried using firefox, I could give it a whirl.