# pop up adds



## Perfuse (Apr 5, 2003)

How do I disable all the pop up adds I get. I get one, I x It out, and 4 more pop up, PLEASE HELP ! Thank you..


----------



## jmatt (Apr 7, 2000)

I use any of these Free browsers , which have a built in pop up stopper . ( don't add , About Blank , to your filter list ) 
Use very little resources ( No Add's ) & are as good as any other browser . 
Intergrates quitely into your system , do not take over . You can still run your normal browser , if you wish .

http://www.crazybrowser.com/

myIE Web Browser ( not Nemesis MyIE ) from , 
http://www.myie2.com/index_en.htm
Cancel the Chinese to English download box , it's now in English .
http://www.majorgeeks.com/article.php?sid=1244
http://www.webattack.com/Freeware/misctools/fwbrowser.shtml

Opera
http://www.operasoftware.com/


----------



## bandit429 (Feb 12, 2002)

[tsg=welcome][/tsg]

Hi click the link at the bottom and download then run the startup list program paste all the generated text back here in a post so we can look at it.

Click here


----------



## Perfuse (Apr 5, 2003)

Ok, here is everything that was listed in my Note Pad ..

StartupList report, 4/5/03, 6:06:43 PM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 6.0 Tray Icon.lnk = C:\WINDOWS\HWINFO.EXE
Windows Startup.lnk = C:\Program Files\BrowserEnh\winstartup.exe
PowerReg Scheduler.exe
InterTrust Quick Start.lnk = C:\Program Files\InterTrust\InterRights Point\Program\it_cpquickstart.exe
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
DLHelperEXE.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ATIGART = c:\ati\gart\atigart.exe
AtiCwd32 = Aticwd32.exe
AtiQiPcl = AtiQiPcl.exe
SO5 Integrator Pass Two = C:\OFFICE51\SOINTGR.EXE
iCn = C:\PROGRAM FILES\ICHOOSE\NAG.EXE
eMachine eBoard = C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
VirusScan Online = "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
wcmdmgr = C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
RapidBlaster = c:\program files\RapidBlaster\rb32.exe
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SO5 Integrator Pass One = C:\OFFICE51\SOINTGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

media_manager = C:\Program Files\ebkrdr\mediaman.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 5/4/2003, 3:3:36)

[rename]
NUL=c:\PROGRA~1\COMMON~1\GMT\AUTOUP~1\GATOR_~1.GUA
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

c:\windows\cwcdata\cwrdos.exe

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ICHOOSE\BPIECLIENT.DLL - {B40A6610-1D16-11D3-80B2-005004994DA2}
My Search BHO - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL - {014DA6C1-189F-421a-88CD-07CFE51CFF10}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 03052003135241.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37612.2124305556

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WildTangent Control]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab

[{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}]
CODEBASE = http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=2003257

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab

[Support.com RemoteControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGRC.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgrc.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[WebHandler Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DLHELPER.DLL
CODEBASE = http://activex.microgaming.com/DLhelper/version6/dlhelper.cab

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = http://216.129.173.30/xxxnaughty/activeinstaller.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,682 bytes
Report generated in 0.567 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## bandit429 (Feb 12, 2002)

Ok there is some advertising spyware you could download and run spybot,,when it starts click to update to make sure you have the latest version.. Then when it runs it will detect all the spyware and highlight them in red.. Only remove the items in red.
Then run the startup list again and post it so we can see it after.

http://www.pchell.com/support/gator.shtml
http://security.kolla.de/index.php?lang=en&page=download


----------



## Perfuse (Apr 5, 2003)

Ok I did what I was directed to do, and so far, so good, thank you. This is what I have gotten from the start up list..

StartupList report, 4/10/03, 4:45:39 AM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 6.0 Tray Icon.lnk = C:\WINDOWS\HWINFO.EXE
Windows Startup.lnk = C:\Program Files\BrowserEnh\winstartup.exe
PowerReg Scheduler.exe
InterTrust Quick Start.lnk = C:\Program Files\InterTrust\InterRights Point\Program\it_cpquickstart.exe
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
DLHelperEXE.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ATIGART = c:\ati\gart\atigart.exe
AtiCwd32 = Aticwd32.exe
AtiQiPcl = AtiQiPcl.exe
SO5 Integrator Pass Two = C:\OFFICE51\SOINTGR.EXE
iCn = C:\PROGRAM FILES\ICHOOSE\NAG.EXE
eMachine eBoard = C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
VirusScan Online = "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
wcmdmgr = C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SO5 Integrator Pass One = C:\OFFICE51\SOINTGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

media_manager = C:\Program Files\ebkrdr\mediaman.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 5/4/2003, 3:3:36)

[rename]
NUL=c:\PROGRA~1\COMMON~1\GMT\AUTOUP~1\GATOR_~1.GUA
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

c:\windows\cwcdata\cwrdos.exe

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ICHOOSE\BPIECLIENT.DLL - {B40A6610-1D16-11D3-80B2-005004994DA2}
My Search BHO - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL - {014DA6C1-189F-421a-88CD-07CFE51CFF10}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 03102003043932.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37612.2124305556

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WildTangent Control]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab

[{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}]
CODEBASE = http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=2003257

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab

[Support.com RemoteControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGRC.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgrc.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[WebHandler Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DLHELPER.DLL
CODEBASE = http://activex.microgaming.com/DLhelper/version6/dlhelper.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,587 bytes
Report generated in 0.522 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## bandit429 (Feb 12, 2002)

Did you run spybot? Your computer is still full of spyware that should have been removed. Open spybot then click search for updates,, then download updates and run it again. Either your not allowing it to be removed or the removal was not in the version you downloaded,,,,or the best possiblity is you revisited and or redownloaded the same stuff again. Only remove the items highlighted in red.


----------



## gmh (Mar 29, 2003)

jmatt --

I checked the websites for the free browsers you provided and found the 'crazybrowser' site is non-existent, and the Opera browser is not free...
you might want to check this ??


----------



## Perfuse (Apr 5, 2003)

Ok, I tried to updat the spybot version 1.2 but I got an error could not retrieve update to this file or something like that. Also, I cannot fully search all my files, it gets stuck around halfway, is that a problem ? Sorry it takes me so long to reply to your helping me, but i have a busy schedule most of the time  . Thank you.


----------



## Perfuse (Apr 5, 2003)

Oh yeah, btw I went and redownloaded Spybot again, just incase, but still the same result in errors..


----------



## TonyKlein (Aug 26, 2001)

Downloading a fresh copy isn't enough. Did you actually update SpyBot before scanning?

Please do this:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'. 
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless, so don't fix anything yet.
Someone here will be happy to help you analyze the results.


----------



## Perfuse (Apr 5, 2003)

Ok I have to log file, but It promped me to choose a program to open it with, so i chose Adobe acrobat reader. I was wrong and now I cannot get to it, to post it, any suggestions ?


----------



## TonyKlein (Aug 26, 2001)

. Highlight the logfile by clicking on it once
· Hold down the shift key and then right-click your mouse 
· Select "Open With" from the menu 
. Pick Notepad.exe.

Be sure to check the box, "Always use this program to open these files". 
· Click "OK" and you are all done!


----------



## Perfuse (Apr 5, 2003)

Ok, I tried to do that, but only Open comes up, not open with. I went through my computer and deleted the hijackthis files, and tried to redo the whole process, yes still, when I try and open it with something else, adobe automatically opens it


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by Perfuse:_
> *Ok, I tried to do that, but only Open comes up, not open with. *


Uninstalling or reinstalling Hijack This will not make any difference.

FIRST highlight the file by clicking it once.

Now press the Shift key, and WHILE HOLDING the Shift key click that highlighted file with your RIGHT mouse button.

Now you ought to get an "Open With" option.


----------



## Perfuse (Apr 5, 2003)

Yes I have done that, several times, with the same result. I followed your directions to the "T". It's just not working, sorry.


----------



## TonyKlein (Aug 26, 2001)

Go to Start > Run, type *Sendto* and click OK

Your Windows\SendTo folder will now open in Notepad.

Rightclick anywhere in that folder, and choose New > Shortcut.

Browse to C:\Windows\Notepad.exe, highlight it, and create that shortcut.

Now close the SendTo folder, rightclick that Log file again, and choose Send To > Notepad.exe.

Now post the log the way I described.


----------



## TonyKlein (Aug 26, 2001)

BTW, later have a look here for another way of associating *.log files with Notepad.exe:

How to Create a File Association in Windows 98 and Windows Me

Scroll down to "Associate a File Extension with a File Type"


----------



## Perfuse (Apr 5, 2003)

There ya go, thanks for being patient with me.

Logfile of HijackThis v1.93.0
Scan saved at 4:48:03 AM, on 4/16/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.findwhatevernow.com/searchband/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFB&ence=&pnce=&sid=86146640158011D7AB39001095A3B39A&cat=&v=17&hp=http%3a%2f%2fie%2etwrds%2ecom%2fr%2ephtml%2fd%2f35%2fn%2fVlUWXUsWQVEAXA9NWwoL%2f%3fClick+-YES-+To+Set
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFB&ence=&pnce=&sid=86146640158011D7AB39001095A3B39A&cat=&v=17&hp=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3d%7bSUB_PRD%7d%26clcid%3d%7bSUB_CLSID%7d%26pver%3d%7bSUB_PVER%7d%26ar%3dhome
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: (no name) - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRAM FILES\ICHOOSE\BPIECLIENT.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [DownloadWare] "[ProgramFiles]\DownloadWare\dw.exe" /H
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: Windows Startup.lnk = C:\Program Files\BrowserEnh\winstartup.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: InterTrust Quick Start.lnk = C:\Program Files\InterTrust\InterRights Point\Program\it_cpquickstart.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37612.2124305556
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=2003257
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://www.comcastsupport.com/sdccommon/download/tgrc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB


----------



## TonyKlein (Aug 26, 2001)

You have a whopping amounbt of spyware and other thrash, most of which SpyBot ought to have removed.

I rather think you somehow didn't quite run the program correctly.

Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
Next, shut down _all_ Internet Explorer Windows, and have HT fix all checked.

You NEED to reboot when you're done.

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.findwhatevernow.com/searchband/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gohip.com/browser/?id=AAAAAAAAAAAAFB&ence=&pnce=&sid=86146640158011D7AB39001095A3B39A&cat=&v=17& hp=http%3a%2f%2fie%2etwrds%2ecom%2fr%2ephtml%2fd%2f35%2fn%2fVlUWXUsWQVEAXA9NWwoL%2f%3fClick+-YES-+To+Set
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gohip.com/browser/?id=AAAAAAAAAAAAFB&ence=&pnce=&sid=86146640158011D7AB39001095A3B39A&cat=&v=17& hp=http%3a%2f%2fwww%2emicrosoft%2ecom%2fisapi%2fredir%2edll%3fprd%3d%7bSUB_PRD%7d%26clcid%3d%7bSUB_CLSID%7d%26pver%3d%7bSUB_PVER%7d%26ar%3dhome

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O2 - BHO: (no name) - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRAM FILES\ICHOOSE\BPIECLIENT.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL

O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [DownloadWare] "[ProgramFiles]\DownloadWare\dw.exe" /H
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - Startup: Windows Startup.lnk = C:\Program Files\BrowserEnh\winstartup.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: DLHelperEXE.exe

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/...wave/wtinst.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...ab?rand=2003257
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n6/dlhelper.cab*

After rebooting, launch SpyBot.

Now _first_ press *Online*, and search for, put a check mark at, and install *all updates*.

Next, _close_ all Internet Explorer windows, hit 'Check for Problems', select ALL found items, and have SpyBot remove everything.

Reboot once again.

Cheers,


----------



## Perfuse (Apr 5, 2003)

Ok I'm not sure if this is still a problem, but Spybot still only goes through 3 thousand out of 5 thousand files. Anyway, I went to PC pitstop.com, and ran a test on my computer, and it shows that I don't have a problem with spyware anymore. I still get pop up adds though. Here is the start up list just incase there is still something wrong. Thank you for your help.

StartupList report, 4/16/03, 7:05:50 AM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\EBKRDR\MEDIAMAN.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 6.0 Tray Icon.lnk = C:\WINDOWS\HWINFO.EXE
PowerReg Scheduler.exe
InterTrust Quick Start.lnk = C:\Program Files\InterTrust\InterRights Point\Program\it_cpquickstart.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ATIGART = c:\ati\gart\atigart.exe
AtiCwd32 = Aticwd32.exe
AtiQiPcl = AtiQiPcl.exe
SO5 Integrator Pass Two = C:\OFFICE51\SOINTGR.EXE
eMachine eBoard = C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
VirusScan Online = "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SO5 Integrator Pass One = C:\OFFICE51\SOINTGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

media_manager = C:\Program Files\ebkrdr\mediaman.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 5/4/2003, 3:3:36)

[rename]
NUL=c:\PROGRA~1\COMMON~1\GMT\AUTOUP~1\GATOR_~1.GUA
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

c:\windows\cwcdata\cwrdos.exe

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 03162003050616.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37612.2124305556

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab

[Support.com RemoteControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGRC.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgrc.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[DiskHealth2 Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DISKFAU.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,787 bytes
Report generated in 0.478 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

You didn't have Hijack This fix this one, as it's still there:

O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe

And yes, you need SpyBot to finish its task, so it needs to be run again.

Did SpyBot maybe hang at C2.Lop detection? It's a known bug that occurs on a number of systems.

Launch SpyBot, press Excludes > All Products, and check the three C2.Lop entries.

Then shut down all unnecessarily running programs, including your antivirus, and do aother scan. It needs to be cpompleted.

Next, have SB remove everything it finds.


----------



## Perfuse (Apr 5, 2003)

I'm probably overlooking something, but I cannot seem to find "excludes" section anywhere


----------



## Perfuse (Apr 5, 2003)

Never mind I figured it out, and I cleaned all the files. So far there have neeb NO pop up files THANK YOU ! To prove it, here is the start up list ...

StartupList report, 4/16/03, 9:03:53 AM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 6.0 Tray Icon.lnk = C:\WINDOWS\HWINFO.EXE
PowerReg Scheduler.exe
InterTrust Quick Start.lnk = C:\Program Files\InterTrust\InterRights Point\Program\it_cpquickstart.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ATIGART = c:\ati\gart\atigart.exe
AtiCwd32 = Aticwd32.exe
AtiQiPcl = AtiQiPcl.exe
SO5 Integrator Pass Two = C:\OFFICE51\SOINTGR.EXE
eMachine eBoard = C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
VirusScan Online = "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SO5 Integrator Pass One = C:\OFFICE51\SOINTGR.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 5/4/2003, 3:3:36)

[rename]
NUL=c:\PROGRA~1\COMMON~1\GMT\AUTOUP~1\GATOR_~1.GUA
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

c:\windows\cwcdata\cwrdos.exe

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 03162003050616.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37612.2124305556

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab

[Support.com RemoteControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGRC.DLL
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgrc.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[DiskHealth2 Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DISKFAU.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,306 bytes
Report generated in 0.179 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

THANK YOU again. I am very greatful for your time and help my friend
Sincerely,
John


----------



## TonyKlein (Aug 26, 2001)

You're welcome! 



> _Originally posted by Perfuse:_
> *I'm probably overlooking something, but I cannot seem to find "excludes" section anywhere  *


You may be running SpyBot in Simple Mode.

Shut down SpyBot, and go to Start > Programs > SpyBot S&D

In that Folder you'll find an option to start SpyBot in "Advanced Mode".

Choose it, and you'll have your Settings, and other buttons back.

Next, go to Settings > Settings > Installation, and check the "Advanced" boxes.

Cheers,


----------



## Perfuse (Apr 5, 2003)

Done, Thank you very much for your time!


----------



## TonyKlein (Aug 26, 2001)

No prob!


----------

