View Full Version : ErrorSafe/SystemDoctor Popups
Hi,
The over the past few days, I've had several popup messages re. purchasing ErrorSafe and SystemDoctor software. I've also been noticing that my computer seems to be running a lot slower than it used to.
Neither Spybot nor eTrust Antivirus Web Scanner have found any problems, and I also tried running Vundofix and SmitfraudFix with no success. I'm not very knowledgeable about this sort of thing, so am not sure what else to do.
Here's my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:48:48 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Works\wkswp.exe
c:\Program Files\Microsoft Works\WkDStore.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis - Downloaded June 20\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.80.38.243:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Any help would be appreciated!
pskelley
2007-06-25, 02:00
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
If you have waited FOUR days for advice post here.
http://forums.spybot.info/showthread.php?t=1137
Hi Marcie, have you fixed these malware problems yet? If not I will do my best to help.
C:\HijackThis - Downloaded June 20\HijackThis.exe <<< rename HJT, call it Marcie.exe or whatever you wish. Restart the computer and post a new HJT log so we can see if it is a hidden Vundo infection.
Thanks
Hi pskelley, thank you for your reply! I did read the "BEFORE you POST" information prior to making this thread; I hope I followed the instructions as I was supposed to!
My problem hasn't been fixed, but I haven't experienced any popups lately either, so I'm not sure what's going on. I renamed Hijack this and rebooted as you requested - here's the new log:
Logfile of HijackThis v1.99.1
Scan saved at 11:37:05 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\HijackThis - Downloaded June 20\Marcie.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.80.38.243:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Thanks.
pskelley
2007-06-27, 23:17
Thanks for returning your information and the feedback. The first thing I have to say is that I see no evidence of any malware in this HJT log?
How long since you have seen any of these popups? It is possible the tools you ran removed the infection. It is also a slight possibility there is a hidden rootkit infection causing the popups. I want you to keep an eye on things and tell me how often you are receiving the popups and exactly what the direct you to purchase. I want to know if they occur when you are offline as well as online.
Next, you are running an out of date program:
C:\Program Files\ewido anti-spyware 4.0\ Grisoft purchased this program a while ago and turned it in to AVG Anti-Spyware 7.5. Follow the instructions in this link:
http://www.ewido.net/en/download/ Look to the top right on the page for these words:
ewido anti-spyware 4.0 becomes
AVG Anti-Spyware 7.5
Follow those directions and once you have the new program installed and updated, scan your computer and delete or quarantine anything it finds. Save that scan report and post it.
Restart the computer and post the scan report from AVG Anti-Spyware and the information I requested.
Thanks...Phil
Hi Phil,
I haven't seen any popups since around the time I made this thread. (Maybe the virus scans I did prior to posting did find and fix something, even though nothing showed up in the logs? Otherwise I'm at a loss for what's happened!)
I'm connected to the Internet any time the computer is on, and every time I received an ad (3 in total, over a span of about 4 days), they warned me that my computer may be infected and urged me to purchase software ("Error Safe" and "System Doctor") to fix the problem. Each time, I hit alt+cntl+del to end the process rather than clicking on the ad.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:59:21 PM 6/28/2007
+ Scan result:
:mozilla.118:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.119:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.120:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.121:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.128:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.226:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.249:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.371:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.449:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@multiply.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.345:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.346:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.347:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.38:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.39:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.344:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Adengage : No action taken.
:mozilla.14:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.15:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.168:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.169:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.16:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.170:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.171:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.172:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.17:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.30:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.51:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.227:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.115:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.116:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.117:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.10:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.11:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.12:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.13:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.14:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.15:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.16:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.17:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.18:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.9:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.25:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.52:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.291:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.292:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.293:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.294:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.295:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.101:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.103:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.105:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.106:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.110:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.114:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.163:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.164:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.165:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.166:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.217:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.479:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.480:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.78:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.79:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.81:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.82:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ehg-ctv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.327:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.482:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.483:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.198:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.49:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.452:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.338:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.283:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.284:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.242:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.243:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.244:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.245:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.246:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.247:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.248:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.355:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.356:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.357:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.358:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.359:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.360:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.471:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.472:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.473:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.102:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.104:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.107:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
[continued]
:mozilla.111:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.109:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.112:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.113:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Marlene\Cookies\marlene@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.325:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.270:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.271:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.272:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.273:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.274:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.275:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.276:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.24:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.39:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.40:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.349:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.350:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.351:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.352:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.353:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.354:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.348:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.66:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.67:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.68:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.124:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.328:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.129:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.130:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.131:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.132:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.133:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.28:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\HP_Owner\Application Data\Flock\Browser\Profiles\52ailqxq.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.278:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.281:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.282:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\tpeok1v7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
::Report end
Thank you again for taking the time to look at this for me.
pskelley
2007-06-29, 01:45
Hi Marcie, I am sorry, but the insructions were to delete or quarantine anything it finds and every item indicates: No action taken :sad: They are all cookies you are storing in Firefox so I do not need to see the new scan. Here is some information to help you stop storing cookies:
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
ErrorSafe/System Doctor/Winfixer are usually caused by the Vundo trojan but I see no evidence of it and nothing in the AVG Scan? Let's look a little more in case this is a Rootkit infection.
1) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
2) Please download F-Secure BlackLight Beta:
https://europe.f-secure.com/exclude/blacklight/index.shtml
Save it to its own folder in the Desktop
Double-click blbeta.exe to run the program
Click : Scan
A list of all items found is created
The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers).
(do not fix anything, most if not all will be valid files)
Post the BlackLight scan results and the uninstall list.
Thanks...Phil
I'm sorry about the misunderstanding earlier.
When I did the Blacklight scan, it said no hidden items were found. All that was in the fsbl.xxxx.log file after the scan was this:
06/28/07 20:29:16 [Info]: BlackLight Engine 1.0.64 initialized
06/28/07 20:29:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/28/07 20:29:16 [Note]: 7019 4
06/28/07 20:29:16 [Note]: 7005 0
06/28/07 20:29:17 [Note]: 7006 0
06/28/07 20:29:17 [Note]: 7011 2224
06/28/07 20:29:17 [Note]: 7026 0
06/28/07 20:29:18 [Note]: 7026 0
06/28/07 20:29:19 [Note]: FSRAW library version 1.7.1022
06/28/07 20:36:59 [Note]: 7007 0
Here's the uninstall list:
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Agere Systems PCI Soft Modem
ArcSoft PhotoImpression 2000
ATI Control Panel
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Canon i550
CEP - Color Enable Package
Crystal Maze from Hewlett-Packard Desktops (remove only)
DivX Content Uploader
DivX Web Player
Easy Internet Sign-up
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
FinePixViewer Ver.3.2
Flock (Photobucket Edition) 0.7
FUJIFILM USB Driver
Google Earth
Google Updater
Help and Support Additions
HijackThis 1.99.1
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HPIZplus450
ImageMixer VCD for FinePix
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KBD
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
mIRC
Miscellaneous NPCs, Starter Pack
Mozilla Firefox (2.0.0.3)
Mozilla Firefox (2.0.0.4)
MSN
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.0
Overball from Hewlett-Packard Desktops (remove only)
Panda ActiveScan
PC-Doctor for Windows
Philips PC Camera
Phoenix Assault from Hewlett-Packard Desktops (remove only)
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Super Granny from Hewlett-Packard Desktops (remove only)
Tradewinds from Hewlett-Packard Desktops (remove only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
XviD 1.1 final uninstall
pskelley
2007-06-29, 11:02
Thanks for providing this information, according to BlackLight you have no rootkit infection. Something could still be deeply hiden but in my experience the lowlifes from Errorsafe, etc. are not using them. I am a bit puzzled, can you mention what program you use for a popup blocker?
Uninstall list:
J2SE Runtime Environment 5.0 Update 7
http://forums.spybot.info/showpost.php?p=12880&postcount=2
always uninstall old versions in Add Remove programs, they will get you infected.
Let's try a good free scanner to see if it picks up anything:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Post that log, a new HJT log and any comments you think will help. Tell me about your popup blocker also.
Thanks
Hi Phil,
The Dr.Web scanner found a few things that none of the other scanners I've used were able to pick up! I selected them all and clicked "move incurable" as you instructed.
As for my popup blocker, as far as I can remember, I only use the built in one on Firefox web browser. I'm using Mozilla Firefox v. 2.0.0.4, and under "options" I have "block pop-up windows" ticked. (I still get the occasional popup ad despite this.)
I also use Avast On-access scanner for virus protection, and have the Windows firewall enabled. Please let me know if there's anything else I should tell you.
Thanks
-Marcie
restart.exe;C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
GoogleUpdaterInstallMgr.exe;C:\WINDOWS\Temp\gis4edad4;Probably DLOADER.Trojan;Incurable.Moved.;
GoogleUpdaterInstallMgr.exe;C:\WINDOWS\Temp\gise179a;Probably DLOADER.Trojan;Incurable.Moved.;
firstopt.js;D:\I386\Apps\APP08168;Probably SCRIPT.Virus;Incurable.Moved.;
A0241396.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP356;Probably DLOADER.Trojan;Incurable.Moved.;
A0235764.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP350;Probably DLOADER.Trojan;Incurable.Moved.;
Logfile of HijackThis v1.99.1
Scan saved at 9:20:11 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\msiexec.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\HijackThis - Downloaded June 20\Marcie.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.80.38.243:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
pskelley
2007-06-30, 13:27
Thanks for the feedback, I would say an occaisional popup is not bad, we all get a few. I see you have the Google toolbar/blocker which I use. Make sure the block feature is activated.
Should be under Tools > Options.
I will post information from experts, once you have reviewed their suggestions, if you still have questions please post them and I will do my best to give you answers.
I did want to mention this from your uninstall list:
Mozilla Firefox (2.0.0.3)
Mozilla Firefox (2.0.0.4)
If you do have the old version installed, uninstall it. It is unsafe and wasting space.
Use HJT to remove these dead items:
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
(old WLM)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
(old Spysweeper)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
run cleanmgr
http://spyware-free.us/tutorials/cleanmgr/
Dr.Web: Remove Smitfraudfix from your computer. It does NOT update.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Thank you very much for all of your help, Phil! I really appreciate all the time you've spent getting to the bottom of my problem, and the resources you've linked me to will definitely be useful.
Thanks again! -Marcie