Panda scan gave an error Trojan scan detected nothing These are in add/remove programs but I'm not sure what they are ; BigBrother ActiveAce v2.11 Interactual Player My websearch PIF designer scantoweb search assistane my web scan I'll wait for your advice on these b4 continuing

0

Try running ... Trend Micro: HouseCall And uninstall My websearch search assistant my web scan BigBrother ActiveAce v2.11 Interactual Player If the kids moan -- tell them you'll sell them to medical science. Carry out rest of instructions and post new log file. See the iDiOt walk See the idiot TaLk WaLk IdIoT WaLk

0

ok will do (tonight GMT) cheers

0

One footnote to that though, now I've had a look at it this morning. search assistant my web scan I'm not sure that's part of MyWebSearch, or part of your scanners software (scantoweb). So after all this, don't be surprised if you have to re-install the scanner. Alternatively look on the scanners software CD and look for something called "search assistant my web scan". If it mentions it anywhere then you know it's part of the scanning software and should be left alone. PIF designer (PRINT Image Framer DESIGNER) is part of Epson printer software. So that's ok (provided you have it of course). MyWebSearch is very much spyware - so you get rid. BigBrother sounds like a game off the net. Get rid. ActiveAce v2.11 I'm not sure about either. A quick google suggests it's part of the WinAce archiving program (but WinAce should be in +/- programs anyway) - but a cracked version. If it's cracked and been downloaded from the net by someone then get rid of it. Interactual Player is considered spyware in some quarters - you don't need it. Get rid. See the iDiOt walk See the idiot TaLk WaLk IdIoT WaLk

0

1) C:\WINDOWS\INETM\SERVICES.exe and C:\WINDOWS\S.exe removed 2) PC-Cillin is one of Trend micro products 3) Add/remove progs deleted except for 'MyWebSearch (outlook, outlook express and incredimail)' which displayed a blank popup headed res://c\progra~1\mywebs~1\bar\1.bin\mwsbar.dll/106 when I tried to remove - it's still in A/R progs now 4) fixed checked items 5) ran hjt in safe mode - log below 6) At what point do I uncheck 'disable system restore' ? Thanks Martin Logfile of HijackThis v1.98.2 Scan saved at 20:26:05, on 05/10/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCIOMON.exe C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\TMPROXY.exe C:\WINDOWS\SYSTEM\DEVLDR16.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\LOADQM.exe C:\WINDOWS\SYSTEM\E_S4I0F2.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\QTTASK.exe C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.exe C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCGUIDE.exe C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\PCCCLIENT.exe C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2003\POP3TRAP.exe C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe C:\EXE\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\SYSTEM\E_S4I0F2.exe /P30 "EPSON Stylus Photo R300 Series" /O7 "EPUSB1:" /M "Stylus Photo R300" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe" O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakLogon O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe" O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe" O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

0

I know PC-Cillin is one of Trend Micros products. I want you to run an independent online virus scan, I'm not bothered whose it is, provided it's reputable and not run from the hard disk drive. So if you've run an online virus scan then you can re-enable system restore and set a new restore point. That's a clean log file and that original porn pop up should be gone ? The only minor concern is "MyWebSearch" not being removed from add and remove. Try it a couple of times on the bounce when your in safe mode. You can either leave it and see if it goes, or you can go into your program files and hunt the sucker down and either find an uninstall.exe (doubtful it's there) or delete it, along with cleaning the registry out of all mention of it. But that's entirely down to you. But like I said, according to that log file, your now clean. So what about the porn pop up ? See the iDiOt walk See the idiot TaLk WaLk IdIoT WaLk

0

For manual removal of MyWebSearch you'd have to wade your way through the specific variants to find yours. My Search Bar Information is there. Note that you said: res://c\progra~1\mywebs~1\bar\1.bin\mwsbar.dll/106 Note all the references in that article are for mwsbar.dll. So you have A version on there. I'd go with some form of email plugin version because you said 'MyWebSearch (outlook, outlook express and incredimail)'. But you'd have to determine which variant you have stuck in the add and remove programs if you wanted to be really really thorough and clean things out. But all the manual removal instructions are there for you to route through if you wanted to. See the iDiOt walk See the idiot TaLk WaLk IdIoT WaLk

0

Viking, Popup gone (as far as I can see) and I have no viruses. Many thanks for your time and patience - a real big help. Keep up the good work Regards Martin P.s. Apologies for the length of this post. I did get a warning from computing about posting hjt logs but as an 'expert' (you) requested it, I felt safe in ignoring it. :¬)

0