Pop up problems

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

misled

Thread Starter
Joined
Jan 17, 2003
Messages
7
My problem is with the Scratch and Sniff virus that bombards with popups...if someone would be kind enough to go step by step through the process i would really appreciate it. I tried doing Tony Klein's process for another member but it looks as if it has changed...please help if you can....
 

misled

Thread Starter
Joined
Jan 17, 2003
Messages
7
here is my registry...Please Help!!!!

StartupList report, 1/17/2003, 2:02:19 PM
StartupList version: 1.51
Started from : C:\My Music\startuplist\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\myCIO\Agent\swAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\userinit.exe
C:\My Music\startuplist\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
DellTouch = C:\WINDOWS\DELLMMKB.EXE
myCIO.com ASaP = C:\WINDOWS\myCIO\Agent\myagttry.exe
myCIO.com Splash = C:\WINDOWS\myCIO\VScan\Splash.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
XupiterToolbarUninstaller = C:\Documents and Settings\jamesr\Local Settings\Temporary Internet Files\Content.IE5\OLQFCT6N\XupiterToolbarUninstaller.exe
SQUpdatesChecker = C:\Program Files\Sqwire\uc.exe
SQConfigChecker = C:\Program Files\Sqwire\cc.exe
FSW = C:\Program Files\FSW\FSW.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Sqwire\u.dll (disabled by BHODemon) - {2662BDD7-05D6-408F-B241-FF98FACE6054}
(no name) - C:\WINDOWS\System32\BHO2.dll - {53E10C2C-43B2-4657-BA29-AAE179E7D35C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ISP signup reminder 1.job
ISP signup reminder 2.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{02BF25D5-8C17-0000-0000-000000000000}]
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CDKey Class]
InProcServer32 = C:\WINDOWS\System32\ITCDKey.dll
CODEBASE = http://www.cdkeybonus.com/cdkey/ITCDKey.cab

[Loader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.4\SQLoader.dll
CODEBASE = http://www.search-feed.com/bigbar/SQLoader.cab

[SecureObjectFactory Class]
InProcServer32 = C:\WINDOWS\myCIO\Agent\myAsUtil2.5.939.0.dll
CODEBASE = http://virusscanasap.mycio.com/VS2/SonicWall/bin/myCioAgt.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe

[BHO.clsUrlSearch]
InProcServer32 = C:\WINDOWS\System32\BHO2.dll
CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\bja.ocx
CODEBASE = http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab

[Fswinst Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\fswinst.ocx
CODEBASE = http://www.freescratchandwin.com/files/fswinst07.cab

[DepHlp Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\dephlp.ocx
CODEBASE = http://www.worldwinner.com/games/shared/dephlp.cab

[{731918D2-517A-47E2-886A-3BC1380C591D}]
CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------
End of report, 6,160 bytes
Report generated in 0.172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Joined
Nov 10, 2002
Messages
1,344
Download SS+D from Here

Update it via "Online" tab before scanning. Download all updates. Close down all IE windows and scan.

"Fix" all the RED entries only. Don't worry about the green entries.

This will help your current predicament.
 

misled

Thread Starter
Joined
Jan 17, 2003
Messages
7
i think this has solved my problems...

thank you...

should i Uninstall Spybot Search & Destroy or NO?
 
Joined
Aug 16, 2002
Messages
429
Keep it, Update it once a week, and run once a week. It will keep you safe and sane!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top