The title is the main one I think causes the problem. SpyBot finds both of these every time I run it and says it 'fixes' it but comes back when I run SB again right away.

The problem is it keeps popping up 'official looking' warnings about security issues. These change titles, I guess they think if you don't fall for one and click ok for download fix you may if they just change the title. However the overall 'look' stays the same.

My PC has difficulty now getting to the net and seems to be getting more bogged down. Anyone else that knows what caused this or some fixes would be greatly appreciated.

The only 'different' site, we have gone to before w/o a problem, to but have heard has problems sometimes is iTunes.


--- Search result list ---
Windows Security Center.TaskManager: Settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr!=dword:0

Jupilites: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ATI_VER


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-25 Includes\Cookies.sbi (*)
2006-08-25 Includes\Dialer.sbi (*)
2006-08-25 Includes\Hijackers.sbi (*)
2006-08-25 Includes\Keyloggers.sbi (*)
2006-08-25 Includes\Malware.sbi (*)
2006-08-25 Includes\PUPS.sbi (*)
2006-08-25 Includes\Revision.sbi (*)
2006-08-25 Includes\Security.sbi (*)
2006-08-25 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-25 Includes\Trojans.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB867282
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB825119
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839643
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890047
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890175
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891711
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]


--- Startup entries list ---
Located: HK_LM:Run, a9cbd311.exe
command: C:\WINNT\system32\a9cbd311.exe
file: C:\WINNT\system32\a9cbd311.exe
size: 20992
MD5: 6622c079b0121e5ab6d75d1e35e78d3f

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\AK\Security\MSantiSpyware\gcasServ.exe"
file: C:\Program Files\AK\Security\MSantiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf

Located: HK_LM:Run, IPHSend
command: C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
file: C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
size: 124520
MD5: 012ae17b563954e6c6e0bdcf0957e996

Located: HK_LM:Run, Run StartupMonitor
command: StartupMonitor.exe
file: C:\WINNT\StartupMonitor.exe
size: 86016
MD5: 064805a7893898cbf058086832217771

Located: HK_LM:Run, stonedrv
command: c:\winnt\system32\stonedrv.exe
file: c:\winnt\system32\stonedrv.exe
size: 15088
MD5: fd35ab54c3024c87c8b0230f151d4216

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: HK_LM:Run, SystemDoctor 2006 Free
command: C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
file:

Located: HK_LM:RunServices, stonedrv
command: c:\winnt\system32\stonedrv.exe
file: c:\winnt\system32\stonedrv.exe
size: 15088
MD5: fd35ab54c3024c87c8b0230f151d4216

Located: HK_CU:Run, a9cbd311.exe
command: C:\Documents and Settings\Administrator\Local Settings\Application Data\a9cbd311.exe
file: C:\Documents and Settings\Administrator\Local Settings\Application Data\a9cbd311.exe
size: 20992
MD5: 6622c079b0121e5ab6d75d1e35e78d3f

Located: HK_CU:Run, ctfmon.exe
command: ctfmon.exe
file: C:\WINNT\system32\ctfmon.exe
size: 8192
MD5: d36a33c21eeed5a6c1daecb7c80a1909

Located: HK_CU:Run, Ecs
command: C:\WINNT\system32\?ymantec\wucrtupd.exe
file:

Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 413775
MD5: e729abbad56fe6a7142abbe1743c80bb

Located: HK_CU:Run, Reeu
command: "C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe" -vt yazr
file: C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe
size: 71680
MD5: 792c813d1f2841320bc94609197deaff

Located: HK_CU:Run, stonedrv
command: c:\winnt\system32\stonedrv.exe
file: c:\winnt\system32\stonedrv.exe
size: 15088
MD5: fd35ab54c3024c87c8b0230f151d4216

Located: System.ini, artm_newreg
command: C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
file: C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
size: 0
MD5: d41d8cd98f00b204e9800998ecf8427e ???

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll



--- Browser helper object list ---


--- ActiveX list ---
{A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control)
DPF name:
CLSID name: PopupSh Control
Installer:
Codebase: http://206.222.26.90/images/PopupSh.ocx
Path: C:\WINNT\DOWNLO~1\
Long name: PopupSh.ocx
Short name:
Date (created): 2/5/2006 3:44:26 PM
Date (last access): 8/23/2006 11:14:48 PM
Date (last write): 2/5/2006 3:44:26 PM
Filesize: 34104
Attributes: archive
MD5: AB11553C899F596EF72E14637F5A1389
CRC32: CFDF8ED2
Version: 1.0.0.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 8) \SystemRoot\System32\smss.exe
PID: 168 ( 144) \??\C:\WINNT\system32\csrss.exe
PID: 188 ( 144) \??\C:\WINNT\system32\winlogon.exe
PID: 216 ( 188) C:\WINNT\system32\services.exe
size: 89360
MD5: CFED2D28F5B8A24127E9E06043070643
PID: 228 ( 188) C:\WINNT\system32\lsass.exe
size: 33552
MD5: 0C13D582EDAF90CBEA454A1AC535B913
PID: 412 ( 216) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 444 ( 216) C:\WINNT\system32\spoolsv.exe
size: 45328
MD5: 987DAF317B917CFC973DE8364D62A76C
PID: 488 ( 216) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 516 ( 216) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 8AFC98EA506A007375B1BD58991CD32A
PID: 680 ( 216) C:\WINNT\system32\regsvc.exe
size: 68368
MD5: 250C4CE389783FA2398E3AFA4317008C
PID: 704 ( 216) C:\WINNT\system32\MSTask.exe
size: 119568
MD5: 37D7411389A10D7F3ABFE12B247B1AC5
PID: 752 ( 216) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 780 ( 216) C:\WINNT\system32\mspmspsv.exe
size: 53248
MD5: AF619B3908BB1C9336FB6981609018FE
PID: 968 ( 188) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: EB9EAF627F705525D01DE5FA07EA1818
PID: 1120 (1124) C:\WINNT\Explorer.EXE
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 1184 (1120) C:\WINNT\StartupMonitor.exe
size: 86016
MD5: 064805A7893898CBF058086832217771
PID: 1264 (1120) C:\WINNT\system32\a9cbd311.exe
size: 20992
MD5: 6622C079B0121E5AB6D75D1E35E78D3F
PID: 1020 (1120) C:\WINNT\system32\ctfmon.exe
size: 8192
MD5: D36A33C21EEED5A6C1DAECB7C80A1909
PID: 1280 (1120) C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 413775
MD5: E729ABBAD56FE6A7142ABBE1743C80BB
PID: 1220 (1120) C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe
size: 71680
MD5: 792C813D1F2841320BC94609197DEAFF
PID: 1316 ( 412) C:\Program Files\AK\Security\MSantiSpyware\gcasDtServ.exe
size: 756552
MD5: 21BD4696317A4A6383F86CDC5E026BFD
PID: 1352 (1120) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: EB9EAF627F705525D01DE5FA07EA1818
PID: 1436 (1120) C:\Program Files\Downloads\spybot\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1204 (1120) C:\Program Files\Downloads\Ad-Aware SE Personal\Ad-Aware.exe
size: 824832
MD5: 1B0EDBF799B57EAD6EF68A82906C2097
PID: 1100 ( 216) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 788 (1120) C:\WINNT\System32\sol.exe
size: 34064
MD5: 8B9150DA8CA709F30F4FEBFF6B282E0E
PID: 628 ( 216) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 962BC769D1008D83F6A00B9DE887EEF4
PID: 1252 (1120) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 91136
MD5: EB9EAF627F705525D01DE5FA07EA1818
PID: 1248 (1436) C:\WINNT\regedit.exe
size: 73488
MD5: 72FA62B02F6D274C9C114F533BA2F560
PID: 8 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/26/2006 5:23:12 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/access/allinone.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
1999 TurboTax Deluxe (1999 TurboTax Deluxe)
uninstall cmd: C:\Program Files\Quicken\TaxUnst.EXE "C:\Program Files\Quicken\Uninstall.log" -NoGui

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\DOWNLO~1\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\DOWNLO~1\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Acrobat Reader for Pocket PC 1.0 (Adobe Acrobat Reader for Pocket PC 1.0)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft ActiveSync\Adobe\Uninst.isu" -c"C:\Program Files\Adobe\Acrobat Reader for Pocket PC\UnInstall.dll"

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

AOL Uninstaller (Choose which Products to Remove) (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

(AvantGo Client)

Belarc Advisor 7.0 (Belarc Advisor 2.0)
uninstall cmd: C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG

(Branding)

(Connection Manager)

DAO 3.5 (DAO 3.5)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Intuit\DAO 3.5\Uninst.isu"

Diner Dash 2 (remove only) (Diner Dash 2)
uninstall cmd: "C:\Documents and Settings\Administrator\Desktop\kathy\Diner Dash 2\Uninstall.exe"

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(expinst)

Family Lawyer 2000 (Family Lawyer 2000)
uninstall cmd: C:\PROGRA~1\Quicken\FAMILY~1\UNWISE.EXE C:\PROGRA~1\Quicken\FAMILY~1\INSTALL.LOG

(Fontcore)

Handmark® Scrabble® for Pocket PC (Handmark® Scrabble® for Pocket PC)
uninstall cmd: C:\WINNT\unvise32.exe C:\Program Files\Handmark\Scrabble for Pocket PC\uninstal.log

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

(InstallShield Uninstall Information)

Quicken 2004 13.00.0000 (InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8})
version: 218103808
version (major): 13
estimated size: 64800
install date: 20050919
install source: D:\disk1\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt

iTunes 6.0.4.2 (InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709})
version: 100663300
version (major): 6
estimated size: 33968
install date: 20060315
install location: C:\Program Files\iPod\
install source: C:\WINNT\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Hello Rich9,

Welcome to Safer Networking Forums :)

* Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Thanks,
tea

Logfile of HijackThis v1.99.1
Scan saved at 11:17:21 PM, on 8/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\aspi197768.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\StartupMonitor.exe
C:\winnt\system32\stonedrv.exe
C:\WINNT\system32\a9cbd311.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe
C:\Program Files\AK\Security\MSantiSpyware\gcasDtServ.exe
C:\Program Files\Downloads\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4DA41A7A-BF2C-0A2D-9BD6-0AC7C3DD244D} - C:\WINNT\system32\vbejvug.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\DOWNLO~1\spybot\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\AK\Security\MSantiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKLM\..\Run: [a9cbd311.exe] C:\WINNT\system32\a9cbd311.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\RunServices: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Reeu] "C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe" -vt yazr
O4 - HKCU\..\Run: [Ecs] C:\WINNT\system32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [a9cbd311.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\a9cbd311.exe
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O20 - AppInit_DLLs: javaw.dll
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: muvoOVTLPiG - {E41A3D87-4EB0-972D-DE1B-86BEBBA32195} - C:\WINNT\system32\ch.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINNT\system32\2234_32.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi197768.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Hello,

I notice that you do not seem to be running Antivirus software or a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them!!

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.Some good free firewalls are ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za), or Outpost (http://www.agnitum.com/products/outpostfree/download.php)
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

When you've done this, run a full system scan.

SystemDoctor 2006 is a rogue anti-spyware application that gets installed by Spyware/malware without asking for permission. Via Add/Remove programs, uninstall the program, if present.

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4DA41A7A-BF2C-0A2D-9BD6-0AC7C3DD244D} - C:\WINNT\system32\vbejvug.dll
O4 - HKLM\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKLM\..\Run: [a9cbd311.exe] C:\WINNT\system32\a9cbd311.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\RunServices: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [Reeu] "C:\PROGRA~1\COMMON~1\PPPATC~1\winspool.exe" -vt yazr
O4 - HKCU\..\Run: [Ecs] C:\WINNT\system32\?ymantec\wucrtupd.exe
O4 - HKCU\..\Run: [a9cbd311.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\a9cbd311.exe
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O20 - AppInit_DLLs: javaw.dll
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: muvoOVTLPiG - {E41A3D87-4EB0-972D-DE1B-86BEBBA32195} - C:\WINNT\system32\ch.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINNT\system32\2234_32.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi197768.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to, and delete the following, if present:

C:\WINNT\system32\vbejvug.dll
c:\winnt\system32\stonedrv.exe
C:\WINNT\system32\a9cbd311.exe
C:\PROGRA~1\COMMON~1\PPPATC~1 <---this folder. May have more letters in the name
C:\WINNT\system32\?ymantec\wucrtupd.exe<---this file, and the folder it's in.
C:\Documents and Settings\Administrator\Local Settings\Application Data\a9cbd311.exe
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\WINNT\system32\ch.dll
C:\WINNT\system32\2234_32.dll
C:\WINNT\system32\aspi197768.exe


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from Ewido and a new HijackThis log. Let me know how it's running now. :)

Thanks,
tea

How is it going Rich9

:spider:
Rich9 this topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.

Thank you tea.