Tell your friend to stop installing every junk anti-spy program under the sun!
Having more programs does NOT make it better or safer.
That can only be achieved by using SAFE browsers like Firefox or Opera, an NOT using the buggy/holey Internet Explorer!
To start with, move HJT away from the Desktop to e.g. C:\Program Files\HJT
C:\Documents and Settings\DoNotEnter\
Desktop\HijackThis.exe
Boot in Safe Mode.
Switch System restore OFF, see how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
PSFree.exe
Popupscn.exe
vc multi.exe
swdoctor.exe
OBJ SOFT LOUD.exe
Ares.exe
Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Application Data\Online Wait Third Great\vc multi.exe
D:\Ares\Ares.exe
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\
Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.208.220.71::444
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\
SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ThirdGreatViewSupport] C:\Documents and Settings\All Users\Application Data\
Online Wait Third Great\vc multi.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\
Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [wave dumb] C:\DOCUME~1\DONOTE~1\APPLIC~1\
GRIDTY~1\OBJ SOFT LOUD.exe
O4 - HKCU\..\Run: [ares] "D:\
Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
Fix ALL
O16 - DPF: entries
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
Now tell your friend to go and install AT LEAST SP1, better is SP2 (includes SP1).
And to go to
www.getfirefox.com and do just that!
