Have a problem with my neighbours computer. Think it is riddled with spy/addware maybe some virus problems etc. Have installed Norton AV but can't update as can't connect to net, I think ISP server drops dialup connection...Maybe it feels threatened. Have tried running HijackThis but not sure what to fix and what not. Unable to install Ad-aware or Spybot or pretty much any tool if they install they I get 'corrupt file' type messages. HijackThis only managed to run from floppy. Anyone able to advise? Log follows: C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\PROGRAM FILES\RVP\BPC.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.exe C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.exe A:\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.austarmetro.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.commonname.com/english/toolbar/sidebar.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.commonname.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {139D88E5-C372-469D-B4C5-1FE00852AB9B} - C:\WINDOWS\SYSTEM\FAVORITE.DLL O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file) O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\PROGRAM FILES\FLT\FLT.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [TaskReg] C:\MY DOWNLOADS\YOUNG TEENS STRIP POKER.exe O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner1111.exe /S O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKCU\..\Run: [LoadWatcher] Test O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O11 - Options group: [CommonName] CommonName O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://downloads.spywarelabs.com/DistID/1111030203/VBouncerOuter1111.EXE O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

William, Your friend's PC does have a few problems. Here is a way you can try. It all depends on your access to a PC with a CD Writer. Install Ad-Aware to a CD! I have done it to make sure it works ok. And used different REF files to my PC installed version just for a test to see it run,, and it does. Just you make sure you have the latest REF file on the CD version. Make the CD readable in any CD-ROM etc, and then take it to your friend's PC. Boot that PC into SAFE MODE and run Ad-Aware from the CD. Use CUSTOMIZE to select everything you can, and all the drives etc on the duff PC. Spybot installs a little differently to CD because it's interaction with browsers and registry, so be careful with that one if you try it. However, Ad-Aware is like a standalone program, and works fine from a CD. Then there is STINGER and CSWhredder which are standalone EXE programs too. Stick them on the CD. You have nothing to loose...:o) Safe Computing;...:o)

Thanks pcfixinguy, Sounded like a great idea! Don't know why I didn't think of it. Put Ad-aware on CD tried on my own machines, ran well, even picked up a new visitor! However on neighbors PC, when starting up claims corrupt executable or runs fine but gets to end of scan and then illegal operation error and program shutdown. Thanks for the help but I think I'll suggest we do a reformat and reinstall on this one, I'll try to encourage him, and his children, into some protective behaviours. See if we can stop this happening again. Cheers, William

William, I am never a fan of reinstallations, mainly due to the fact that all the updates for the operating system go bye bye, opening up the PC to attacks previously protected. However, as you can't even get on to do any fixing, it's the only thing left. And, you are absolutely correct on education of "surfing the Net". I know you'll pop SpyBot on there for him to Immunize the IE, and so on. As the op sys is Win98, you may want to convince him to use WinME. That has some better features, and will run happily in 92Mb of RAM. It is also supported by Microsoft. I know that Microsoft have now given a stay of execution for 98 for one more year though. GOOD LUCK!!! SAfe COmputing...:o)

Recommend he read Prevention Is Better Than Cure and protect himself from there D4