computer takes a nose dive [HijackThis Log]

computer takes a nose dive

Long day turns into night here. Intel Celeron 1G 120meg Windows 98SE updated windows today.
Trying to help a friend. Smitfraud had taken over his desktop. Spent the whole day...I ran Housecall, Adaware, Hijackthis and Spydoctor and finally killed it through MSCONFIG/selective startup. Ran fine all day. Rebooted numerous times without problem. Froze and then suddenly on reboot, MOUSE is gone, no cursor at all, display is at minimum setting (16color ).. When I open in Safe mode, the cursor works fine but D drive is not recognized, monitor remains at 16 color as expected. Tried normal startup and problem remains. Checked for corrupted or missing files and setupx.exe was noted but can't access internet to replace and I'm not sure if the installation disc has it or how to navigate without mouse. Could this missing file be the cause of such a disaster?
I'm limited by working in safe mode where I have a mouse but no CD only floppy and no internet for the affected computer. Besides setupx.dll indicated missing or damaged using sfc.exe command in msconfig, when open in safe mode, device manager indicates vmouse.vxd could not be loaded and instructs reinstall win98 but no CD in safe mode and can't figure how to navigate cd with keyboard to reinstall. Could this be root cause?Thanks for any guidance. Computer manufacturer is DEC and Magic Install disc is for SIS chipset motherboard if that means anything to you.

Logfile of HijackThis v1.99.1
Scan saved at 4:21:49 AM, on 6/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Eventmgr.exe] C:\WINDOWS\SYSTEM\Eventmgr.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE "
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q678340.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

Oh Brother!!!

Your still infested by more than one critter. You'll need to wait until an administrator/mod can relocate this to our sub security forum. Once there, those that are expert in dealing with the cleanups, will help you. Hang in there, help's on the way. I'm about to leave a note for the mods. Once redirected, this post will have a white arrow on the icon. You'll find it in the "Removing Spyware and Viruses Forum" room with a red arrow. You will be able to access it in either forum, however if entering the post from the win98 forum, you will find yourself, if you look up at the top of the page and notice the Forum heading, that you are in the security forum. After effect of the post redirect: Your post link is crossed linked but the final destination is the Security forum. This can be a little confusing for some. Please be patient, the security forum is a very highly popular and trafficed forum but rest assured, when done you will be cleaned and good to go. We have some excellent and experienced members who work this forum. There isn't a doubt in my mind that you have found one of the best, if not the best, sites on the net, for help. Welcome to Windowsbbs.com.

I'll leave a little red flag here also. Just ignore it.

Attention Moderators!! Looks like this post needs a redirect.

 

Welcome to WindowsBBS brus brother

Please download smitfraud.zip (it will fit on a floppy). If it saves as attachment.php, simply rename it. Transfer to the affected computer, place on the desktop and extract. Open the smitfraud folder and double click the RunThis.bat to start the tool. When it completes, please run disk cleanup if it will, checking all boxes to be cleaned. Open msconfig and recheck all entries, then close allowing reboot. If it still will not bootup in normal mode, reboot to the start menu and choose command prompt only. Type scanreg /restore and hit enter. **Note the space! Choose a date prior to doing any repairs/cleanup. Try booting again. If successful, reboot to safe mode and run the smitfraud tool again, then reboot to Windows and create, then post a new HijackThis log.

Please post back with your results in any event.

 

Ran Runthis.bat in Safe Mode and got notice batch file missing (?).
Did disc cleanup all checked.
Checked all for normal setup
Prompt mode scanreg /restore and was only offered 4 dates in the last two days (?) and all but one were unsuccessful. Ran the good one but still have no mouse in normal boot, only in safe mode.
Logfile of HijackThis v1.99.1
Scan saved at 6:36:03 PM, on 6/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Eventmgr.exe] C:\WINDOWS\SYSTEM\Eventmgr.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE "
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q678340.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

Download the stand-alone CWShredder 2.14 from here. Save it to the desktop.(fits on a floppy)

Create a new folder on the desktop named HJT and move HijackThis.exe to it.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77F267C0-AF5B-11D9-B5CC-003018655231} - (no file) (HKCU)
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q678340.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...e/bridge-c7.cab

Open CWShredder and click fix.
Open C:\Program Files\Common files and delete the folder WinTools.

Again, try running the smitfraud removal tool (that is a very odd error ).

Reboot back into Windows. You can navigate with the Window, tab, arrow and enter keys on your keyboard to get to the System File Checker utility and run sfc, if the mouse still does not work. Do you have another mouse you could try?

Post a new HijackThis log (preferrably from within Windows).

 

Don't know what I'm doing wrong but that **** eto keeps coming back. Here is the latest file. I checked for missing files and repaired with 98 disc. I even added the vmouse.vxd that was missing yesterday. I still have no mouse. I tried a usb mouse but it also was inoperable. Screen is still at 16 colors.I'm pretty good at following directions but???

Logfile of HijackThis v1.99.1
Scan saved at 9:49:55 PM, on 6/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Eventmgr.exe] C:\WINDOWS\SYSTEM\Eventmgr.exe
O4 - HKLM\..\Run: [Cassandra] C:\WINDOWS\SYSTEM\CASSANDRA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE "
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

Are you able to navigate with the keyboard well enough to download? Was the last HJT scan in safe mode?

 

Thanks so much!
I deleted the mouse from System and let Win 98 redetect it and TaDa!
Next I ran your programs as directed to remove the virulents and TaDa!
Then I downloaded the driver and updates for the graphic card and now I'm a happy chappy.
Thank you for your patience.

 

Excellent news!

Lets see one more Hijackthis log, and then I have some recommendations for future protection.

 

Logfile of HijackThis v1.99.1
Scan saved at 3:26:29 PM, on 6/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\AOL COMPUTER CHECK-UP\ACCAGNT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZTSB06.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\DIAGNOSTICS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Magic Install...] D:\SETUP.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE "
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Thanks inadvance for the look see.

 

Looks clean!

However, I don't see that your antivirus is running in the processes, despite being in the startup. Is it working? May need to uninstall/re-install if not.

Is there a firewall included with the AV? If not, I recommend you install one. Zone Alarm, Sygate and Kerio are all well known, free, easy to use and recommended.
http://www.webattack.com/freeware/security/fwfirewall.html

I also recommend you download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

 

Is there a free anti-virus protection that you would recommend? This computer belongs to a friend and I'm not sure if he wants to continue with a paid service if in fact his Panda is a paid service. Now that I cleaned up his mess, I'd like to check my own out. I have no AV, no Firewall etc.. I know, it's like walking across the street with your eyes closed... you can get away with it only so long!

 

AVG works well with Zone Alarm (and probably any other firewall) and used by many here.

Also used by many here and should play nice.
avast!
AntiVir
BitDefender
http://www.snapfiles.com/freeware/security/fwvirus.html

 

Thanks for all the help. I installed Zone Alarm for my friend's computer. He's an older gent and I fear he will find it rather intrusive. Of all the FREE anti-virus, firewall, spywareblaster, IEspy etc. are there any that just run quietly without signalling alarms and requiring any user involvement. Remember, this fellow will likely simply pull the plug out of the wall and walk away if the computer becomes confrontational.
For that matter it would suit me fine too
. I have to say that since I ditched IE in favor of Mozilla, my troubles have been non-existent. I am simply using Yahoo DSL with whatever protection they offer.
Again, I appreciate the caveat in the story of the fellow who fell from a skyscraper and was heard at every floor yelling out "so far, so good. "

 

IESpyad just adds sites to the restricted zone of IE, preventing those sites from placing cookies, installing activeX controls, etc. on the comp. He'll never know it's there.

SpywareBlaster does much the same type of thing. Only needs updated now and then, which the user must initiate. Again, will never know it's there otherwise.

A firewall can be configured to not alert to intrusion attempts, but will ask permission for new programs requesting internet access. This is a very important feature to have in case some nasty does slip in and try connecting 'home'. The user generally knows if they've started a new program requiring access and one click will deny or allow it. Two clicks with Zone Alarm and it can allow or deny and remember your answer, meaning that particular app won't ask again. Once setup, it's not something that will intrude often. The protection it offers is well worth the occasional alert, and trying to make him understand that should warrant at least as much effort as you've put into cleaning up the machine for him.

An antivirus program will only alert when it's real-time monitoring feature (if it has one....AVG does) detects a virus, or when a scan is run and a virus is detected. Again, hopefully with these other protections in place, there won't be enough alerts as to become an annoyance, and worth every alert he gets.

I'm happy to have been of assistance, and I extend kudos to you for helping a friend.