• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

j?vaw might be the problem

3

3Caleb

New member
Logfile of HijackThis v1.99.1
Scan saved at 9:41:02 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\arservice.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\89ff902b.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CURITY~1\rundll.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [Wwx] C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\CURITY~1\rundll.exe" -vt yazr
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
hi 3Caleb


download, install update and scan with ewido anti spyware:

http://www.ewido.net/en/download/

download, install, click on update now

Ewido will download/install the latest def. file

Next:
--> Click on scanner.
-->Run a full system scan
-->ewido will scan.
-->While the scan is in progress you will be prompted to clean files, click OK.
Select Perform action on all infections
-->Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
-->Click Save report.
Save the report to your desktop.
--------------------------------------------------------------------
reboot once, and post a new hjt log and the saved ewido log.

shelf life
 
Logfile of HijackThis v1.99.1
Scan saved at 11:33:13 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\89ff902b.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [Wwx] C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\CURITY~1\rundll.exe" -vt yazr
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:25:33 PM 7/12/2006

+ Scan result:



C:\WINDOWS\system32\__delete_on_reboot__w_i_n_s_p_o_o_l_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
[1048] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1096] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1144] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1160] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1192] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1264] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1288] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1408] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1432] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1456] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1600] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1700] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1892] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1948] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2052] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2084] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2176] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2188] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2260] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2380] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2444] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2532] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2560] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2588] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2816] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3200] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[332] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3428] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[344] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3484] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3592] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3876] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3892] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[392] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3968] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[400] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[428] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[456] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[472] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[476] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[564] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[576] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[580] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[596] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[624] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[712] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[760] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[772] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[948] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\yayvtut.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-2221275095-282823305-3202771703-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.xt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.xt : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.303:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.366:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.179:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.180:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.509:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.510:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.511:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.344:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.345:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.50:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.563:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.564:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.565:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.566:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.219:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.220:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.365:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.147:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.337:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.338:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.264:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.266:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.268:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.559:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.560:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.561:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.562:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.140:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
 
:mozilla.141:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.624:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.625:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.218:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.270:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.271:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.442:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.446:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.447:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.126:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.127:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.128:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.589:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.590:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.591:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.592:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.593:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.594:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.595:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.596:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.278:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.279:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.280:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.281:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.457:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.458:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.459:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.460:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.339:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.340:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.341:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.342:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.343:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.472:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.473:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.474:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.475:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.484:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.485:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.486:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.558:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.175:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.195:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.196:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.197:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.198:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.199:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.200:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.201:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.202:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.495:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.186:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.187:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.188:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.189:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.190:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.191:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.192:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.193:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.194:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.568:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.25:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.516:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.517:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.518:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\ѕеcurity\rundll.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
[1308] C:\WINDOWS\system32\CURITY~1\rundll.exe -> Trojan.PurityAd : Error during cleaning.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6BDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA80C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE3BC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
 
Logfile of HijackThis v1.99.1
Scan saved at 2:12:12 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\89ff902b.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJK\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
hi 3Caleb,

this time we will use hjt, then boot into safe mode to look for a file and run ewido. ok:

first, to show all OS files do this:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

next:
to disable spybots tea timer so it will allow the fix do this:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
------------------------------------------------------------------------
next:

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.


O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe

O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe

ok time to boot into safe mode. might want ot copy/paste the rest of this into notepad and save it somewhere so you can find it in safe mode.
to reach safe mode you tap the f8 key during a computer restart, chsoe the first option safe mode.

once in safe mode see if you can find and delete these:
89ff902b.exe, located here>>C:\WINDOWS\system32

89ff902b.exe, located here>>C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data

also while in safe mode run ewido once.

shelf life
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:08:08 PM 7/15/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\!update-4095[1].0000 -> Downloader.PurityScan.co : No action taken.
:mozilla.126:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.213:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.214:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.49:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.62:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.173:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.176:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.48:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.50:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.51:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.52:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.53:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.55:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.64:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.65:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.163:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.164:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.193:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.134:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.100:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.94:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.95:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.96:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.97:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.98:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.99:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hypertracker[2].txt -> TrackingCookie.Hypertracker : No action taken.
:mozilla.153:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.127:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.197:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.198:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.199:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.200:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.201:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.189:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.190:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.223:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.179:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.143:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.39:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.40:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.41:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.42:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.43:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.44:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.45:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.47:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.105:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.148:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.150:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.151:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.152:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end
 
I'm still getting pop ups... :(

Logfile of HijackThis v1.99.1
Scan saved at 12:50:53 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DISC\myFTP.exe
C:\Program Files\iTunes\iTunes.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
hi 3Caleb,

first disable ewido "guard" exit it by clicking the icon by clock, if it running.
next disable spybots tea timer:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

the reason for all that is to allow hjt to make the changes
------------------------------------------------------

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe

reboot once more, see if popups end.

shelf life
 
Logfile of HijackThis v1.99.1
Scan saved at 9:35:34 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Am I good now? Thanks for your help. :)
 
hi 3Caleb,

yes your good now. my bad, should have removed that 016 item long ago.

if all is good heres some reference material for you:

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think Learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE? Check this database:Spyware Guide or this one: Library
before using free/shareware.

Make sure you keep your Windows OS current by visiting Windows update
occasionaly to download and install any critical updates and service packs.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox,


Install a Firewall:A firewall will help to control what comes in from the internet and what leaves your computer to the internet. Zone Alarm is a free and easy to use firewall that will provide in and outbound protection. The others have learning curves.
Zone Alarm
OutPost Lite
Jetico Personal Firewall
Look n Stop

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it. Windows SP1/SP2 updates have made some improvments to Outlook. Another reason to stay updated.
look here
and here
Or try Pegasus Mail, safer by default,no tweaking needed.

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download
AVG free version 7.0
AntiVir Personal Edition
Clam Win

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy Free trial version
Spybot Search and destroy
Ad-Aware SE Personal edition
Microsoft Windows Defender
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.Check here first.

Dont be tempted to click on popup ads offering free scans or free downloads for malware removers. Read the above line again.

AntiTrojan software to fill in the gap:
a2 free
Ewido Anti-Malware
Trojan Hunter (30 day trial version)
Tauscan trial version

Other programs to consider:
Process Guard stop events/processes with user intervention
SpywareBlaster add security to IE
IE-SPYAD adds adware peddlers sites/domains to IE restricted zone
ATF cleaner (W2K,XP only) cleans out temp files,history, autoforms etc

Learn More:
Browser Checkup
Parasite Free
Safe Hex
Shelf Lifes page
Home Computer Security
 
Logfile of HijackThis v1.99.1
Scan saved at 11:37:42 AM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Still seems to be running a little slow... is there anything in there?
 
I did that cleaning thing, but I just got hundreds of popups like 5 minutes ago.

Logfile of HijackThis v1.99.1
Scan saved at 7:58:54 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
hi 3Caleb,

still getting popups? do you notice anything common to the popups?
do this:

do a scan with spybot search and destroy. after its done click at the top: mode, then advanced. under the tools tab, click on view report, select all except the very first one :do not report disabled or known legit items.
then at the top click on view report. after the report is generated you can copy/paste the report into notepad or click the export button and save it somewhere like your desktop.

please post the spybot report in your next reply.

shelf life
 
hi 3Caleb,

thanks for the info. trying to get some clues to the origins of the popups. lets try silent runners by Andrew Aronoff. also please rescan with ewido and save the log it generates, (you can edit out the cookies) and post that also.

Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
 
You must log in or register to reply here.
Back
Top