View Full Version : Pop Up Blocker
stefanus
10-25-2005, 06:54 AM
I am looking for a free pop up blocker. Any suggestions! Sorry guys! I used my eyes and brain and found one right here :o
Thanx
Budfred
10-25-2005, 07:57 AM
Which one did you find??
I use FireFox which does it quite well... I have also heard very good things about Google Toolbar...
stefanus
10-25-2005, 08:25 AM
I found Pop Up Manager from Sylvander in a previous thread 2003/4 Thanx but am going to try google also. I keep getting porn pop ups, even whilst being logged on here, how they got in I do not know, the application I have is not stopping them. And my web browser has changed to gopher and I cannot delete that also. So will now try google.
Thanx
ps I cannot access hjt. I do not have a zip file installed, but have never had a prob useing hjt form your links
PrntRhd
10-25-2005, 09:11 AM
If you have XP/2000 and never tried Ewido before on that PC, try running that one. Sounds more serious than just popup ads.
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html
stefanus
10-25-2005, 09:18 AM
OS is windows`98SE. Would love to use Ewido, but will not down load below win2000 Any suggestions for a free winzip down load. I had one 7Zip I think. Cannot understand why I cannot open HJT!!! I have been in Zambia for over 3 months I even used it there on a friends pc, down loaded from here.
PrntRhd
10-25-2005, 09:23 AM
TrojanHunter is about it for 98.
http://www.misec.net/
Also could try Stinger tool in SAFE mode to see if it is viral.
stefanus
10-25-2005, 09:32 AM
I have located HJT from Meirijn an exe file so will try and open it. I use AVG for viruses @ start up. Have just completed Adaware and Spybot they found between them 42 items and that is the 2nd scan in 24hrs but the re-appear in my Start> programs after changing from online to off and back ??? :mad:
Thanx will run TH and Stinger, think I stinger on a floppy.
stefanus
10-25-2005, 09:41 AM
Here is my latest log. The last one is in this forum somwheres, bout 3/4 months ago.
Logfile of HijackThis v1.97.7
Scan saved at 14:39:35, on 25/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: ohb - {F0C08B30-BA30-4FEB-924B-2E250CF0697D} - C:\WINDOWS\SYSTEM\SIQ.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: RealGuide (HKLM)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38508.4746990741[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - [url]http://204.157.0.193:8000/Java/cfs40320.cab[/url]
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (WHIP! Control) - [url]ftp://ftp.autodesk.com/pub/autocad/plugin/whip.cab[/url]
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - [url]http://office.microsoft.com/officeupdate/content/opuc2.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/url]
O16 - DPF: {DAB941D8-BC94-4819-AB4D-5598C65FA3FE} (iiittt Class) - [url]http://tb.searchitquick.com/v30/siq.cab[/url]
I think gopher is also a prob???
Thanx for help
david eaton
10-25-2005, 01:59 PM
You are using an outdated version of Hijack this. The current version can be downloaded from here (http://www.merijn.org/files/hijackthis.zip)
stefanus
10-25-2005, 03:50 PM
Tried to download it David, but tries to open in My Docs` and is just gibberish!!!
I am useing mozilla firefox @ the moment. If I try IE, all the rubish starts opening again because of Gopher I think. Incidently. I did not down load Gopher.
david eaton
10-25-2005, 05:39 PM
The file you downloaded is a zip file. It should open with Winzip/Winrar. that will give an EXe file which can be run
Budfred
10-25-2005, 09:21 PM
Here is a list of Zip file managers that you can use to unZip the HJT file...
http://www.pcworld.com/downloads/file_description/0,fid,7231,00.asp
This is a rogue program... I suggest uninstalling it ASAP...
SpywareCleaner
And without really analyzing your log, I suggest fixing these with HJT:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
Then post a log from the latest version...
stefanus
10-26-2005, 06:36 AM
Thanx for the Zip links. I have fixed gopher 5 or 6 times, but as soon as I try to access IE, wooossshhh it is back again with it`s familiars. It completely dominates IE. Whe I fix Gopher IE shows an *About Blank* in the address bar.
stefanus
10-26-2005, 07:15 AM
Here is the latest log after fixing Gopher yet again!!
Logfile of HijackThis v1.99.1
Scan saved at 11:58:24, on 26/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: ohb - {F0C08B30-BA30-4FEB-924B-2E250CF0697D} - C:\WINDOWS\SYSTEM\SIQ.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - [url]http://204.157.0.193:8000/Java/cfs40320.cab[/url]
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (WHIP! Control) - [url]ftp://ftp.autodesk.com/pub/autocad/plugin/whip.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/url]
O16 - DPF: {DAB941D8-BC94-4819-AB4D-5598C65FA3FE} (iiittt Class) - [url]http://tb.searchitquick.com/v30/siq.cab[/url]
I down loaded HJT from Davids link after installing WinZip!
Thanx!
Sylvander
10-26-2005, 07:24 AM
You MUST try "UltimateZip" for free from www.ultimatezip.com/
This thing is SOooo easy to use [I found Winzip a bit of a pain]. :D
e.g. You right-click on a zip file and choose "Extract to here...", or "Extract to...".
And it seems to handle every kind of archive file.
Budfred
10-26-2005, 08:01 AM
Please open an HJT scan and put checks by:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
O2 - BHO: ohb - {F0C08B30-BA30-4FEB-924B-2E250CF0697D} - C:\WINDOWS\SYSTEM\SIQ.DLL
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O16 - DPF: {DAB941D8-BC94-4819-AB4D-5598C65FA3FE} (iiittt Class) - http://tb.searchitquick.com/v30/siq.cab
Close all open windows except HJT and press Fix checked...
Find and delete this folder:
C:\PROGRAM FILES\SPYWARE CLEANER
Reboot and run CCleaner to clean out Temp files:
http://www.ccleaner.com/
Then try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...
http://www.mwti.net/products/mwav/mwav.asp
It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...
Reboot again and post a fresh HJT log and the MWavScan...
stefanus
10-26-2005, 08:29 AM
Thanx for the link Sylvander. Budfred I will do it now, much obliged.
stefanus
10-26-2005, 10:22 AM
This is from ccleaner. Do I delete all???
ANALYSIS COMPLETE - (4.774 secs)
------------------------------------------------------------------------------------------
105.3MB to be removed. (Approximate size)
This from wav!
Files of mvwav is quite long, with 4 viruses found. Will they be under lined red. Lots of *FILE/S* also
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.SC2" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.SCD" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.SCH" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\LOG_auto_file\shell\open\command" refers to invalid object "C:\hijackthis.zip %1". Action Taken: No Action Taken.
There is an A4 page and a half
Hope this helps
PrntRhd
10-26-2005, 11:22 AM
Stephanus,
I believe the answer will be yes for CCleaner.
The files Budfred needs for MWAV are the ones at the bottom of the list beginning with File.
stefanus
10-26-2005, 01:42 PM
Done, but cannot find: C:\PROGRAM FILES\SPYWARE CLEANER???
Budfred
10-26-2005, 09:37 PM
It is possible that the folder was already deleted and the HJT item was a leftover Registry entry... Don't worry about it for now, but we still need the MWavScan File items...
stefanus
10-27-2005, 08:21 AM
Thanx! The entry above is the MWAV scan, the only ones that I found with File/s entry. ACLFile, AWFile, COLFile etc. There is on the right window a message saying 4 viruses found also. But with my limited knowledge I cannot identify them. What do you suggest??
stefanus
10-27-2005, 12:22 PM
Latest HJT log
Logfile of HijackThis v1.99.1
Scan saved at 17:03:12, on 27/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ULTIMATEZIP\UZQKST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - [url]http://204.157.0.193:8000/Java/cfs40320.cab[/url]
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (WHIP! Control) - [url]ftp://ftp.autodesk.com/pub/autocad/plugin/whip.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/url]
stefanus
10-27-2005, 12:24 PM
Latest MWAV log from bottom window
Thanx
Object "target saver Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\siq.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Sierra On-Line\EREG3201.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Sierra On-Line\EREG.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "c:\WINDOWS\SYSTEM\MSRPJT40.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "c:\WINDOWS\SYSTEM\SQLOLEDB.TXT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "c:\WINDOWS\SYSTEM\SQLSOLDB.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "c:\WINDOWS\SYSTEM\JETERR40.CHM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\SYSTEM\siq.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Multimedia Keyboard" refers to invalid object "C:\Program Files\Netropa\Multimedia Keyboard\Multimedia Keyboard". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "c:\windows\SYSTEM\disktool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73CE630B-4C87-4E90-B856-CAC9F35E8E97}" refers to invalid object "C:\WINDOWS\SYSTEM\SIQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4BCE0AB8-BE84-4CB7-93BD-C897ACC88345}" refers to invalid object "C:\WINDOWS\SYSTEM\SIQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}" refers to invalid object "C:\PROGRA~1\SPYWAR~2\SWDOCTOR.EXE". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00025E04-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\Dao\dao2535.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{402A3367-D5D8-11D9-A398-81CD18F0CA3C}" refers to invalid object "c:\windows\TEMP\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F988179-3B50-4F07-AB89-ED40738719D7}" refers to invalid object "C:\WINDOWS\SYSTEM\SIQ.DLL". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\TSHOOT.TSHOOTCtrl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Action Taken: No Action Taken.
Entry "HKCR\NetscapeMarkup" refers to invalid object "{61D8DE20-CA9A-11CE-9EA5-0080C82BE3B6}". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.SC2" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.SCD" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.SCH" refers to invalid object "SchedulePlus.Application.7". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\LOG_auto_file\shell\open\command" refers to invalid object "C:\hijackthis.zip %1". Action Taken: No Action Taken.
Budfred
10-27-2005, 09:02 PM
Thanx! The entry above is the MWAV scan, the only ones that I found with File/s entry. ACLFile, AWFile, COLFile etc. There is on the right window a message saying 4 viruses found also. But with my limited knowledge I cannot identify them. What do you suggest??
I am sorry, but I don't quite understand... The logs you posted seem to be fine... I don't see any viruses... Your HJT log looks okay too... Are you having any problems??
stefanus
10-28-2005, 08:13 AM
Yes I do have a problem! Since Gopher took over IE, and all the porn pop ups started, I cannot load IE any more and since removeing Gopher the pop ups have stopped. How gopher got into my pc, I do not know. Closeing down my pc takes for ever and some times freezes, also changing forums. Another thing is the centre of a window, running horizontly across the screen becomes distorted when changeing when moveing from say PC Guide to Tom Coyote etc.
Budfred
10-28-2005, 09:12 AM
Okay, try a SilentRunners log:
Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile for me to see.
stefanus
10-28-2005, 12:16 PM
Thanx for help and patience. Will do it now!
stefanus
11-02-2005, 06:42 AM
Cannot open silentrun. It redirects me to wini9x which also will not down load ??? Deleted mozilla and firefox, still cannot enable IE. It opens but in the address bar it reads *Blank Page.
Budfred
11-02-2005, 07:48 AM
It is getting harder and harder to work with Win98x....
I don't remember if this applies to Win98... Try it and see if it works...
Please go to Start -> Run -> cmd and press Enter. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested. Then please restart your computer.
If it doesn't work, you could try reinstalling IE...
stefanus
11-11-2005, 08:30 AM
I eventually had to re-install IE. Incidently! The forum where I think I got the problem initially, has since crashed because of being hacked! It was a legit site for people ex South African and Zimbabwe with a suspect link/s I think.
Thanx all for the assistance and in particular Budfred! ;)
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.