Spoke too soon

  rawprawn 17:15 09 Jul 2004
Locked

click here's back again, so any comments welcome.

  rawprawn 17:18 09 Jul 2004

Try this click here

  rawprawn 18:07 09 Jul 2004

I have followed the instructions but I don't have the entry specified HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. In the list of values on the right, delete the 'srng' entry.
I'm still at a loss.

  rawprawn 18:08 09 Jul 2004

I will reboot and try again, everything seems to hinge on either me rebooting, or going onto the net using IE.

  rawprawn 18:16 09 Jul 2004

rebooted, scanned with Hijackthis and found nothing, searched in regedit and found it again

  rawprawn 18:20 09 Jul 2004

Still nothing in the link you gave.

  rawprawn 18:22 09 Jul 2004

Is it doing any harm ? I can find nothing wrong with the machine, but I can't understand how it replicates itself.

  rawprawn 19:19 09 Jul 2004

Logfile of HijackThis v1.97.7
Scan saved at 19:16:02, on 09/07/2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BBC News alerts\skinkers.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Works\WkDetect.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Dennis Sutton.DENNIS\Local Settings\Temp\HijackThis.exe
C:\Program Files\Microsoft Works\WkDetect.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DSS Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = click here
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.111-big.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL,Run
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX

  rawprawn 19:20 09 Jul 2004

O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O8 - Extra context menu item: Zoom &In  - C:\Documents and Settings\Dennis Sutton.DENNIS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.tui
O8 - Extra context menu item: Zoom &Out  - C:\Documents and Settings\Dennis Sutton.DENNIS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.tui
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Acronis Pop-up Blocker (HKLM)
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F4511A2-4EDB-4E49-9991-20C6A32F9F1C}: NameServer = 212.74.114.129 212.74.114.193

  rawprawn 19:22 09 Jul 2004

I'm sorry for the mess but I kept getting an error when I tried to paste it. I hope you can make something of it.

  rawprawn 19:23 09 Jul 2004

Thanks I ran Spyhunter, but it found nothing.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy A9 review: Hands-on

Can the Huawei P20 Pro really replace a digital SLR?

Surface Laptop 2 vs MacBook Pro

Où acheter un Mac ?