Help please
-
Re: Help please
You done just fantastic. Lots of stuff has been removed.
There is still a couple of bad guys showing in your log let's see if we can get'em with a couple online scans.
Lets see what some virus scans can uncover and we will go from there.
Get the stinger here:
http://vil.nai.com/vil/stinger/
Download it to another computer if need be, and bring it to the affected computer on floppy disk.
It will kill the top 53 virus files if any are found there
then,
Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm
Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html
These scans will take more than an hour to complete, so make sure you have time to let them run thru. Save the Panda scan log and the BitDefender log and post them back here please with a new Hijackthis log.
Thanks.
-
Hi Neal,
Sorry I've been long in replying.
Downloaded Stinger and that worked fine. Panda wouldn't begin the scan so couldn't get that to work. But Bit defender worked fine. So here is the bit defender log -
BitDefender Online Scanner
Scan report generated at: Sun, Sep 18, 2005 - 17:38:38
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:29:03
Files
95557
Folders
2246
Boot Sectors
2
Archives
2920
Packed Files
11013
Results
Identified Viruses
7
Infected Files
10
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
10
Engines Info
Virus Definitions
223777
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;cl ass;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xl a;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp ;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cm d;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\SYSTEM\FGMGR32C.exe
Infected with: Trojan.Revop.B
C:\WINDOWS\SYSTEM\FGMGR32C.exe
Disinfection failed
C:\WINDOWS\SYSTEM\FGMGR32C.exe
Deleted
C:\WINDOWS\SYSTEM\eonardo da VinciL.exe
Infected with: Trojan.Revop.B
C:\WINDOWS\SYSTEM\eonardo da VinciL.exe
Disinfection failed
C:\WINDOWS\SYSTEM\eonardo da VinciL.exe
Deleted
C:\WINDOWS\SYSTEM\SVCP60M.exe
Infected with: Trojan.Revop.B
C:\WINDOWS\SYSTEM\SVCP60M.exe
Disinfection failed
C:\WINDOWS\SYSTEM\SVCP60M.exe
Deleted
C:\WINDOWS\SYSTEM\istinstall_adlogix.exe
Infected with: Trojan.Downloader.Istbar.ER
C:\WINDOWS\SYSTEM\istinstall_adlogix.exe
Disinfection failed
C:\WINDOWS\SYSTEM\istinstall_adlogix.exe
Deleted
C:\WINDOWS\Application Data\Defaultfivesurffor\kindatom.exe
Infected with: Trojan.Swizzor.AX
C:\WINDOWS\Application Data\Defaultfivesurffor\kindatom.exe
Disinfection failed
C:\WINDOWS\Application Data\Defaultfivesurffor\kindatom.exe
Deleted
C:\WINDOWS\Application Data\ThunkAudio\Play third.exe
Infected with: Trojan.Downloader.Swizzor.CO
C:\WINDOWS\Application Data\ThunkAudio\Play third.exe
Disinfection failed
C:\WINDOWS\Application Data\ThunkAudio\Play third.exe
Deleted
C:\WINDOWS\Application Data\ThunkAudio\pure flaw dent idol.exe
Infected with: Trojan.Downloader.Swizzor.DR
C:\WINDOWS\Application Data\ThunkAudio\pure flaw dent idol.exe
Disinfection failed
C:\WINDOWS\Application Data\ThunkAudio\pure flaw dent idol.exe
Deleted
C:\WINDOWS\Application Data\ThunkAudio\vskavvkq.exe
Infected with: Trojan.Swizzor.AX
C:\WINDOWS\Application Data\ThunkAudio\vskavvkq.exe
Disinfection failed
C:\WINDOWS\Application Data\ThunkAudio\vskavvkq.exe
Deleted
C:\WINDOWS\pup.exe=>wise0006
Infected with: Trojan.Downloader.Revop.C
C:\WINDOWS\pup.exe=>wise0006
Disinfection failed
C:\WINDOWS\pup.exe=>wise0006
Deleted
C:\WINDOWS\pup.exe
Update failed
C:\solo180.exe=>wise0006
Detected with: Application.Adware.180solutions.A
C:\solo180.exe=>wise0006
Disinfection failed
C:\solo180.exe=>wise0006
Deleted
C:\solo180.exe
Update failed
And here is the hijacklog this file-
Logfile of HijackThis v1.99.1
Scan saved at 18:16:15, on 18/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\SERVER.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\MSTMON_J.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Windows\desktop\neil\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\WINDOWS\DESKTOP\NEIL\REALJUKEBOX\tsystray. exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Eicon Diva 2400 Tray] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\assistant.exe TRAY
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE /autorun
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\SYSTEM\MSTMON_J.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL,Run
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SVCP60M] C:\WINDOWS\SYSTEM\SVCP60M.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [DIVA Server] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\server.exe
O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {408F3260-D3FD-11D4-BB48-A0DF70C1D3EF} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pc
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.201.1
O18 - Protocol: ayb - (no CLSID) - (no file)
Thanks for your continued support.
Neil
-
Welcome back,
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong
Thank you
Download CCleaner from here:
http://www.majorgeeks.com/download4191.html
or here:
http://www.filehippo.com/download_ccleaner.html
don't run the tool yet please
Install it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.
1.Uncheck "Cookies" under "Internet Explorer".
2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
show hidden files/folders
Windows 98
1. Open My Computer.
2. Select the View menu and click Folder Options.
3. Select the View Tab.
4. In the Hidden files section select Show all files.
5. Click OK.
Look in add/remove and remove if found:
seekseek
Gator
Gain
Claria
I need you to submit file(s) to see if it(they) are infected or legit:--http://virusscan.jotti.org/
Files:----C:\WINDOWS\SYSTEM\SVCP60M.exe---copy/paste results for me here please
Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
Again make sure all browser windows are closed and click FIX
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Now run CCleaner useing the windows tab only please.
Now go into PROGRAM FILES and delete these folder(s):
C:\Program Files\Common Files\slmss
Now navigate to these file(s) thru WINDOWS EXPLORER and delete them please:
C:\WINDOWS\aqadcup.exe
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter
Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start
Post a new HJT log for further review
-
Hi,
This is what was said on the virusscan website - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.
Here is the new hijackthis log-
Logfile of HijackThis v1.99.1
Scan saved at 22:27:56, on 18/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\SERVER.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\ASSISTANT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\MSTMON_J.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Windows\desktop\neil\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\WINDOWS\DESKTOP\NEIL\REALJUKEBOX\tsystray. exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Eicon Diva 2400 Tray] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\assistant.exe TRAY
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE /autorun
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\SYSTEM\MSTMON_J.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL,Run
O4 - HKLM\..\Run: [SVCP60M] C:\WINDOWS\SYSTEM\SVCP60M.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [DIVA Server] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\server.exe
O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {408F3260-D3FD-11D4-BB48-A0DF70C1D3EF} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pc
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.201.1
O18 - Protocol: ayb - (no CLSID) - (no file)
Thanks
-
Do me a favor and find that file on your computer, right click on it and select properties and post back what it says please.
-
Hi, I had a look for the file but couldn't find it unfortunately.
-
How is your computer running now after last set of instructions?
-
Well there still seems to be popups coming up on the computer. But nowhere near the volume as before.
Last edited by Steelyc; 22-10-2005 at 12:13 PM.
-
Do me a favor and do an Adaware SE scan check for updates and then run the scans and remove everything it finds.
Slso if you don't have Spybot Search & Destroy please get that now update and run the scan please.
Please get SpyBot
SpyBotS&D
Remove anything it finds
I was thumbing back thru the old posts you made and that file was not in any of the posts. If Adaware and SpyBot doesn't fix what is left I think we can fix that entry with HJT.
Let me know how it is running after doing above scans please.
