Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How can I get rid of these 'friends'? [RESOLVED]

Started by ALV , Aug 01 2005 02:30 PM

  • This topic is locked This topic is locked

#16
ALV
Posted 15 August 2005 - 02:28 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello again, Excal,

I'm so sorry... It was not until I had posted my reply that I followed the link you had sent and realised what had happened to usetobe.

This has been the 1st time I've benefitted from GeeksToGo's expertise and usetobe was indeed very helpful and really nice.

To his family and GeeksToGo's team, my most sincere condolences.

Regards,
ALV
  • 0

Advertisements

#17
Excal
Posted 15 August 2005 - 02:37 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Alv,

Thanks, it was a terrible loss for GTG and the spyware fighting community :tazz:


Can you post me a fresh silent runners. Seems like something is hiding.

Thanks,

:)

Excal
  • 0

#18
ALV
Posted 15 August 2005 - 03:36 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello again,

Here you have:

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PlaxoUpdate" = "C:\Program Files\Plaxo\2.3.4.5\InstallStub.exe -a" ["Plaxo, Inc."]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"PCTVOICE" = "pctspk.exe" [empty string]
"PV92TRAY" = "PV92Tray.exe" ["PCtel Inc."]
"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" ["Labtec"]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"ServiceLayer" = "C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" ["Nokia Mobile Phones"]
"Nokia Tray Application" = "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" ["Nokia Mobile Phones"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Deluxe\shlext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{fc181130-05a0-11d6-8140-000102e745a6}" = "My P900"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\auexpext.dll" ["Teleca Software Solutions AB"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\BTNEIG~1.DLL" ["WIDCOMM, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\SHERMA~1.SCR" (Sherman's Lagoon.scr) ["Lamplighter Studios"]


Startup items in "user" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"hpoddt01.exe" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"hp psc 1000 series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"C2CMonitor" -> shortcut to: "C:\Program Files\ClickToConvert\C2CMonitor.exe" [null data]
"PCSuiteForNokia3650 Detect" -> shortcut to: "C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe" ["Symbian Ltd."]
"PCSuiteForNokia3650 TS" -> shortcut to: "C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Phone Connection Monitor" -> shortcut to: "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe" ["Teleca Software Solutions AB"]
"BTTray" -> shortcut to: "C:\Program Files\Conceptronic\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]
"Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"FRU Task #Hewlett-Packard#hp psc 1200 series#1075239711" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1075239711"" [empty string]
"WebReg 20040302214308" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe /TaskName 20040302214308 /N "HP psc 1200 Series" /M Q1662A /S HU33OBP1G15H /AP 303 /F /T " ["Hewlett-Packard Co."]
"Norton AntiVirus - Scan my computer - user" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "D:\Lalanda\Guida\Ebay\Ebay.htm" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.sapo.pt/

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Bluetooth Service, btwdins, "C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 65 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 83 seconds.
---------- (total run time: 235 seconds)



Thanks & Rgds,
ALV
  • 0

#19
Excal
Posted 15 August 2005 - 04:56 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
ALV,

looks good? what sort of problems you having now?


Thanks,

:tazz:

Excal
  • 0

#20
ALV
Posted 16 August 2005 - 01:14 AM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

I ran Spy Doctor yesterday and apparently Pops Stop is 'living' in the hard disk, bringing an elevated risk. Is it true? A couple of weeks ago I did install a software that should have blocked pop ups, but it seems to have been this spyware I have now...

Do you think there are too many things running as the computer starts?

If you think none of this is relevant, I'll leave it as it is.

Thank you very, very much for your HUGE help!

Rgds,
ALV
  • 0

#21
Excal
Posted 16 August 2005 - 01:36 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please tell me exactly what it says..


Excal
  • 0

#22
ALV
Posted 16 August 2005 - 03:32 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

Please find attached the outcome of today's Spyware Doc's scan.

Thanks a lot,
ALV

Attached Thumbnails

  • Spyware_Doc__16Aug05_.JPG

  • 0

#23
Excal
Posted 16 August 2005 - 04:58 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Lets try to clean up your registry a bit before going any further.
  • Please dowload: RegSeeker.
  • Click on "Clean The Registry" in the left panel.
  • Check all boxes (make sure the backup box in the lower left corner is selected!).
  • After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
  • Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!
  • 0

#24
ALV
Posted 17 August 2005 - 03:23 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Excal,

Apart from a couple of stubborn ones that don't seem to go away, I managed to delete a few hundred invalid entries / unused registries, so I guess I can say the PC is clean now. Including the Popstop...?

Thank you very, very much for your huge help! And for all your pacience!

Regards,
ALV
  • 0

#25
Excal
Posted 17 August 2005 - 08:21 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Run this online virus scan: ActiveScan - Please save and post the results from the scan!
  • 0

Advertisements

#26
ALV
Posted 18 August 2005 - 03:51 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

For some reason I can't understand, I did everything I was asked to (download Active X, etc...), and when I finally click "Scan my Computer", it just stops and after a while exits internet. Or doen it mean that nothing relevant was found? Shall I run HJT instead?

Thanks,
ALV
  • 0

#27
Excal
Posted 18 August 2005 - 05:51 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download RegSearch from the attached on this post.
Unzip it to desktop



Open the RegSearch folder and double click RegSearch.vbs. Allow it to run.
Note: if your Antivirus or another program prompts about running a script file, allow the script to run.

copy and paste this in: Pops Stop then hit "ok" (might be with no space, so try both)

RegSearch will "disappear" but it is actually searching the registry for that entry.

Copy and paste what it finds into a Notepad file.
  • 0

#28
ALV
Posted 22 August 2005 - 01:41 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi,

Sorry, I was away for the week-end and have just returned...

Please find attached the txt file from RegSearch.

Thanks & regards,
ALV

Attached Files


  • 0

#29
Excal
Posted 22 August 2005 - 02:09 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi,

Those entries they are finding are harmless. It is an entry thats remembered by google toolbar, but like i said its harmless.
Hows everything else running?


Excal
  • 0

#30
ALV
Posted 22 August 2005 - 03:15 PM

ALV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi again,

Good to know those entries are harmless! :tazz: It's running at its normal speed, so I guess everything's fine now. :)

Thank you very, very much for all your help! This was the 1st time I benefited from GTG's team's expertise and... you have just been great!

Again, thanks a million and all the best,
ALV
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP