Please take a look at this!

[Jay Francis]

I have just followed all instructions re: rstones12 and southernlady again just to be sure nothing has been missed. Also , I have included the Panda scan results as well. I`m still getting popups. Maybe you all can help. Many thanks.
#######################################
Panda Scan results "Activescan"
Incident Status Location

Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/eZula No disinfected C:\olddata\WINDOWS\Installer\18d012e.msi[unk_0039] #########################################

Logfile of HijackThis v1.99.1
Scan saved at 5:28:40 PM, on 2/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

[rstones12]

Jay,
Sorry for the delay, was out of pocket for about a week with no access to the Internet.

Your log looks clean. Have you tried running both Spybot and Ad-Aware SE in safe mode. Either one of those programs should remove what you listed.

Give that a try.

Here is a third option.
Webroot SpySweeper 3.5
Make sure to update the definitions.

Here is the:
Trial Link

I really like this program, but I am very biased on this one.
Give this a go and see if the pop ups go away.

You can also try an alternative browser:
Firefox is a great choice IMO
Here is the link:
http://www.mozilla.org/products/firefox/

Again, sorry for the delay.
Sometimes the real world get's involved:

rstones12

 

[Jay Francis]

Rstones12
Totally understandable and I can relate. I wasn`t at all concened about you being late in replying...
Like I said, I followed all of the original instructions you had given me earlier and in those , it said to run AdAware SE as well as Spyboy S&D in safe mode which I did as well.
I will later on, download the Webroot Spysweeper 3.5 . I really appreciate your help. There isn`t much else to do when it`s so cold up here!
Jay

 

[rstones12]

It was a frigid 70 degrees here in Arizona today, I had to wear a jacket this morning....

:laughing:

 

[Jay Francis]

Rstones12;
Yeah, right! Frigid at 70 !!!
Did the Webroot Spysweeper download and it picked up 7 things, but they seemed to be the usual "low grade" cookies as usual. I cleared them out but didn`t seem to make any real difference as the popups still came in. Then ,this morning when I booted up the system, I got the infamous "Blue Screen of Death". I assumed that it may have had something to with the Spysweeper program download, so I removed it and all went OK afterwards. There was obviously some conflict there.
It was worth a try though, and I do appreciate what you are attempting to do. Many thanks.
If I download firefox, will it ...1. Import my current email address book, or does it have nothing to do with email? 2. Should I remove IE or do it keep it in the background in the event Firefox hits the ditch?
Thanks again...Jay

 

[rstones12]

Jay,
I have not come across this with SpySweeper giving the blue screen.

Firefox is a stand alone browser, you can import your IE favorites not your email.

If you want to import email addresses the program is Thunderbird.

http://www.mozilla.org/

You should keep IE, just make sure that when you surf the web to use Firefox.

IMO
rstones12

 

[Jay Francis]

Rstones12
I just think that over the last while, I`ve downloaded so many things of that sort, such as Spywareblaster, Spysweeper, CWshredder, Spybot S&D and the upgraded Ad-Aware SE that the computer is more confused than I am!
I`ll give the firefox a try next.
Thanks again.
BTW... I no sooner asked that question about the importing of the email and I got my Kim Komando newsletter that said the same thing you did. I guess someone asked the same question to her. Timing is everything!

 

[rstones12]

No problem,
Let me know if you need any help with either the browser or the email client. I cant provide tier 1 support but I can answer most of the questions.

Here are some good links to use regarding Firefox and Thunderbird.

Support Forums:

http://forums.mozillazine.org/

Thanks,
rstones12

 

[southernlady]

Closed. Liz