|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Please take a look at this!(Click here to view the original thread with full colors/images)Posted by: Jay Francis I have just followed all instructions re: rstones12 and southernlady again just to be sure nothing has been missed. Also , I have included the Panda scan results as well. I`m still getting popups. Maybe you all can help. Many thanks. ####################################### Panda Scan results "Activescan" Incident Status Location Adware:Adware/MediaTickets No disinfected Windows Registry Adware:Adware/eZula No disinfected C:\olddata\WINDOWS\Installer\18d012e.msi[unk_0039] ######################################### Logfile of HijackThis v1.99.1 Scan saved at 5:28:40 PM, on 2/28/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://sympatico.msn.ca/[/url] F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - [url]https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab[/url] O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]https://www-secure.symantec.com/techsupp/activedata/SymAData.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] Posted by: rstones12 Jay, Sorry for the delay, was out of pocket for about a week with no access to the Internet. Your log looks clean. Have you tried running both Spybot and Ad-Aware SE in safe mode. Either one of those programs should remove what you listed. Give that a try. Here is a third option. Webroot SpySweeper 3.5 Make sure to update the definitions. Here is the: [url=http://www.webroot.com/downloads/]Trial Link[/url] I really like this program, but I am very biased on this one. Give this a go and see if the pop ups go away. You can also try an alternative browser: Firefox is a great choice IMO Here is the link: [url]http://www.mozilla.org/products/firefox/[/url] Again, sorry for the delay. Sometimes the real world get's involved: rstones12 Posted by: Jay Francis Rstones12 Totally understandable and I can relate. I wasn`t at all concened about you being late in replying... Like I said, I followed all of the original instructions you had given me earlier and in those , it said to run AdAware SE as well as Spyboy S&D in safe mode which I did as well. I will later on, download the Webroot Spysweeper 3.5 . I really appreciate your help. There isn`t much else to do when it`s so cold up here! Jay Posted by: rstones12 It was a frigid 70 degrees here in Arizona today, I had to wear a jacket this morning.... :laughing: Posted by: Jay Francis Rstones12; Yeah, right! Frigid at 70 !!! Did the Webroot Spysweeper download and it picked up 7 things, but they seemed to be the usual "low grade" cookies as usual. I cleared them out but didn`t seem to make any real difference as the popups still came in. Then ,this morning when I booted up the system, I got the infamous "Blue Screen of Death". I assumed that it may have had something to with the Spysweeper program download, so I removed it and all went OK afterwards. There was obviously some conflict there. It was worth a try though, and I do appreciate what you are attempting to do. Many thanks. If I download firefox, will it ...1. Import my current email address book, or does it have nothing to do with email? 2. Should I remove IE or do it keep it in the background in the event Firefox hits the ditch? Thanks again...Jay Posted by: rstones12 Jay, I have not come across this with SpySweeper giving the blue screen. Firefox is a stand alone browser, you can import your IE favorites not your email. If you want to import email addresses the program is Thunderbird. [url]http://www.mozilla.org/[/url] You should keep IE, just make sure that when you surf the web to use Firefox. IMO rstones12 Posted by: Jay Francis Rstones12 I just think that over the last while, I`ve downloaded so many things of that sort, such as Spywareblaster, Spysweeper, CWshredder, Spybot S&D and the upgraded Ad-Aware SE that the computer is more confused than I am! I`ll give the firefox a try next. Thanks again. BTW... I no sooner asked that question about the importing of the email and I got my Kim Komando newsletter that said the same thing you did. I guess someone asked the same question to her. Timing is everything! Posted by: rstones12 No problem, Let me know if you need any help with either the browser or the email client. I cant provide tier 1 support but I can answer most of the questions. Here are some good links to use regarding Firefox and Thunderbird. Support Forums: [url]http://forums.mozillazine.org/[/url] Thanks, rstones12 Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |