PDA

View Full Version : j?vaw might be the problem


3Caleb
2006-07-12, 04:42
Logfile of HijackThis v1.99.1
Scan saved at 9:41:02 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\arservice.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\89ff902b.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CURITY~1\rundll.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [Wwx] C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\CURITY~1\rundll.exe" -vt yazr
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
shelf life
2006-07-13, 04:02
hi 3Caleb


download, install update and scan with ewido anti spyware:

http://www.ewido.net/en/download/

download, install, click on update now

Ewido will download/install the latest def. file

Next:
--> Click on scanner.
-->Run a full system scan
-->ewido will scan.
-->While the scan is in progress you will be prompted to clean files, click OK.
Select Perform action on all infections
-->Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
-->Click Save report.
Save the report to your desktop.
--------------------------------------------------------------------
reboot once, and post a new hjt log and the saved ewido log.

shelf life
3Caleb
2006-07-13, 06:36
Logfile of HijackThis v1.99.1
Scan saved at 11:33:13 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\89ff902b.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [Wwx] C:\WINDOWS\system32\WNSXS~1\JVAW~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\CURITY~1\rundll.exe" -vt yazr
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
3Caleb
2006-07-13, 06:37
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:25:33 PM 7/12/2006

+ Scan result:



C:\WINDOWS\system32\__delete_on_reboot__w_i_n_s_p_o_o_l_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
[1048] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1096] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1144] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1160] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1192] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1264] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1288] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1408] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1432] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1456] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1600] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1700] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1892] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[1948] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2052] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2084] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2176] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2188] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2260] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2380] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2444] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2532] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2560] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2588] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[2816] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3200] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[332] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3428] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[344] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3484] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3592] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3876] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3892] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[392] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[3968] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[400] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[428] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[456] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[472] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[476] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[564] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[576] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[580] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[596] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[624] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[712] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[760] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[772] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[948] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\yayvtut.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-2221275095-282823305-3202771703-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.xt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.xt : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.303:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.366:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.179:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.180:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.509:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.510:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.511:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.344:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.345:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.50:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.563:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.564:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.565:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.566:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.219:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.220:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.365:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.147:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.337:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.338:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.264:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.266:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.268:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.559:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.560:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.561:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.562:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.140:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
3Caleb
2006-07-13, 06:38
:mozilla.141:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.624:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.625:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.218:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.270:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.271:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.442:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.446:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.447:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.126:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.127:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.128:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.589:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.590:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.591:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.592:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.593:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.594:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.595:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.596:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.278:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.279:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.280:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.281:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.457:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.458:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.459:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.460:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.339:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.340:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.341:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.342:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.343:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.472:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.473:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.474:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.475:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.484:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.485:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.486:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.558:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.175:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.195:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.196:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.197:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.198:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.199:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.200:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.201:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.202:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.495:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.186:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.187:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.188:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.189:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.190:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.191:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.192:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.193:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.194:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.568:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.25:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.516:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.517:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.518:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\ѕеcurity\rundll.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
[1308] C:\WINDOWS\system32\CURITY~1\rundll.exe -> Trojan.PurityAd : Error during cleaning.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6BDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA80C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE3BC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
shelf life
2006-07-14, 02:28
hi 3Caleb,



Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed (http://www.outerinfo.com/howto.html)

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

Post a fresh HJT log.
3Caleb
2006-07-14, 04:42
I am out of town until sunday, so I will try that as soon as I get home. Thanks.
3Caleb
2006-07-15, 21:12
Logfile of HijackThis v1.99.1
Scan saved at 2:12:12 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\89ff902b.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJK\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\winspool.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
shelf life
2006-07-15, 22:30
hi 3Caleb,

this time we will use hjt, then boot into safe mode to look for a file and run ewido. ok:

first, to show all OS files do this:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

next:
to disable spybots tea timer so it will allow the fix do this:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
------------------------------------------------------------------------
next:

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.


O4 - HKLM\..\Run: [89ff902b.exe] C:\WINDOWS\system32\89ff902b.exe

O4 - HKCU\..\Run: [89ff902b.exe] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\89ff902b.exe

ok time to boot into safe mode. might want ot copy/paste the rest of this into notepad and save it somewhere so you can find it in safe mode.
to reach safe mode you tap the f8 key during a computer restart, chsoe the first option safe mode.

once in safe mode see if you can find and delete these:
89ff902b.exe, located here>>C:\WINDOWS\system32

89ff902b.exe, located here>>C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data

also while in safe mode run ewido once.

shelf life
3Caleb
2006-07-16, 02:13
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:08:08 PM 7/15/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\!update-4095[1].0000 -> Downloader.PurityScan.co : No action taken.
:mozilla.126:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.213:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.214:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.49:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.62:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.173:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.176:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.48:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.50:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.51:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.52:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.53:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.55:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.64:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.65:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.163:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.164:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.193:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.134:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.100:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.94:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.95:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.96:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.97:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.98:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.99:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hypertracker[2].txt -> TrackingCookie.Hypertracker : No action taken.
:mozilla.153:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.127:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.197:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.198:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.199:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.200:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.201:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.189:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.190:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.223:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.179:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.143:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.39:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.40:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.41:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.42:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.43:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.44:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.45:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.47:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.105:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.148:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.150:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.151:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.152:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end
3Caleb
2006-07-16, 19:52
I'm still getting pop ups... :(

Logfile of HijackThis v1.99.1
Scan saved at 12:50:53 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DISC\myFTP.exe
C:\Program Files\iTunes\iTunes.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
shelf life
2006-07-17, 00:49
hi 3Caleb,

first disable ewido "guard" exit it by clicking the icon by clock, if it running.
next disable spybots tea timer:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

the reason for all that is to allow hjt to make the changes
------------------------------------------------------

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe

reboot once more, see if popups end.

shelf life
3Caleb
2006-07-17, 16:36
Logfile of HijackThis v1.99.1
Scan saved at 9:35:34 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Am I good now? Thanks for your help. :)
shelf life
2006-07-18, 01:58
hi 3Caleb,

yes your good now. my bad, should have removed that 016 item long ago.

if all is good heres some reference material for you:

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think Learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE? Check this database:Spyware Guide (http://www.spywareguide.com/) or this one: Library (http://research.sunbelt-software.com/Browse_Library.cfm)
before using free/shareware.

Make sure you keep your Windows OS current by visiting Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp)
occasionaly to download and install any critical updates and service packs.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Working with Internet Explorer 6 Security (http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx)
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox (http://www.mozilla.org/products/firefox/),


Install a Firewall:A firewall will help to control what comes in from the internet and what leaves your computer to the internet. Zone Alarm is a free and easy to use firewall that will provide in and outbound protection. The others have learning curves.
Zone Alarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass)
OutPost Lite (http://www.agnitum.com/products/outpostfree/download.php)
Jetico Personal Firewall (http://www.jetico.com/index.htm#/jpfirewall.htm)
Look n Stop (http://www.looknstop.com/En/index2.htm)

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it. Windows SP1/SP2 updates have made some improvments to Outlook. Another reason to stay updated.
look here (http://www.codecutters.org/outlook/)
and here (http://www.tames.net/security/oesettings.htm)
Or try Pegasus Mail, safer by default,no tweaking needed. (http://www.pmail.com/)

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download (http://www.avast.com/eng/free_virus_protectio.html)
AVG free version 7.0 (http://free.grisoft.com/freeweb.php/doc/2/)
AntiVir Personal Edition (http://www.free-av.com/)
Clam Win (http://www.Clamwin.com/component/option,com_frontpage/Itemid,1/)

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy (http://www.sunbelt-software.com/)Free trial version
Spybot Search and destroy (http://www.safer-networking.org/en/index.html)
Ad-Aware SE Personal edition (http://www.lavasoft.de/)
Microsoft Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" (http://www.spywarewarrior.com/rogue_anti-spyware.htm) programs that "claim to remove" spyware.Check here first.

Dont be tempted to click on popup ads offering free scans or free downloads for malware removers. Read the above line again.

AntiTrojan software to fill in the gap:
a2 free (http://www.emsisoft.com/en/software/free/)
Ewido Anti-Malware (http://www.ewido.net/en/)
Trojan Hunter (30 day trial version) (http://www.misec.net/)
Tauscan trial version (http://www.agnitum.com/products/tauscan/)

Other programs to consider:
Process Guard (http://www.diamondcs.com.au/processguard/) stop events/processes with user intervention
SpywareBlaster (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49) add security to IE
IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD) adds adware peddlers sites/domains to IE restricted zone
ATF cleaner (W2K,XP only) (http://www.atribune.org/content/view/25/2/) cleans out temp files,history, autoforms etc

Learn More:
Browser Checkup (http://www.jasons-toolbox.com/BrowserSecurity/)
Parasite Free (http://www.doxdesk.com/parasite/prevention.html)
Safe Hex (http://www.claymania.com/safe-hex.html)
Shelf Lifes page (http://security-central.us/SafeHex/index.htm)
Home Computer Security (http://www.cert.org/homeusers/HomeComputerSecurity/)
3Caleb
2006-07-22, 18:39
Logfile of HijackThis v1.99.1
Scan saved at 11:37:42 AM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Still seems to be running a little slow... is there anything in there?
shelf life
2006-07-23, 15:24
hi 3Caleb,

try this:

http://www.atribune.org/content/view/19/2/

under the "main' setting,"select all" then click "empty selected"

see if that helps any
3Caleb
2006-07-27, 03:01
I did that cleaning thing, but I just got hundreds of popups like 5 minutes ago.

Logfile of HijackThis v1.99.1
Scan saved at 7:58:54 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
shelf life
2006-07-28, 02:46
hi 3Caleb,

still getting popups? do you notice anything common to the popups?
do this:

do a scan with spybot search and destroy. after its done click at the top: mode, then advanced. under the tools tab, click on view report, select all except the very first one :do not report disabled or known legit items.
then at the top click on view report. after the report is generated you can copy/paste the report into notepad or click the export button and save it somewhere like your desktop.

please post the spybot report in your next reply.

shelf life
3Caleb
2006-07-28, 04:03
hier ist es! :bigthumb:
shelf life
2006-07-29, 01:00
hi 3Caleb,

thanks for the info. trying to get some clues to the origins of the popups. lets try silent runners by Andrew Aronoff. also please rescan with ewido and save the log it generates, (you can edit out the cookies) and post that also.

Please RIGHT-CLICK HERE (http://www.silentrunners.org/Silent%20Runners.vbs) to download Silent Runner's.
Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
Do you want to skip supplementary searches?
click NO
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
3Caleb
2006-07-29, 03:01
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"DISCover" = "C:\Program Files\DISC\DISCover.exe" ["Digital Interactive Systems Corporation"]
"DiscUpdateManager" = "C:\Program Files\DISC\DiscUpdateMgr.exe" [null data]
"DMAScheduler" = "c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" ["Hewlett-Packard Co."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AlwaysReady Power Message APP" = "ARPWRMSG.EXE" ["Microsoft"]
"ICQ Lite" = ""C:\Program Files\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{0D07967B-967F-4D9C-BD7D-B9A487281CF5}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\vturr.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\(Default) = "HpWebHelper"
-> {HKLM...CLSID} = "hpWebHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll" ["TODO: <Company name>"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{DBFB267C-334F-4F19-A304-63B7130C20C7}" = "MediaCenter Property Page"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "arpower.dll" ["Microsoft"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{259BA022-2005-45E9-A965-10EDB9C00605}" = "Windows Updater"
-> {HKLM...CLSID} = "blank"
\InProcServer32\(Default) = "blank" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! vturr\DLLName = "C:\WINDOWS\system32\vturr.dll" [null data]
INFECTION WARNING! WB\DLLName = "C:\Program Files\AlienGUIse\fastload.dll" ["Stardock"]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! windeu32\DLLName = "windeu32.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\HP\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "Compaq_Administrator" & "All Users" startup folders:
----------------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Compaq Connections" -> shortcut to: "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe -startup" ["Hewlett-Packard"]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
xfire_lsp_10650.dll [null data], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Internet Connection Help"
"MenuText" = "Internet Connection Help"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ARSVC, ARSVC, "C:\WINDOWS\arservice.exe" ["Microsoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "arkbcfltr" [MS], INFECTION WARNING! "DumaNT" ["Windows (R) 2000 DDK provider"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 81 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 13 seconds.
---------- (total run time: 128 seconds)
3Caleb
2006-07-29, 03:30
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:23:07 PM 7/28/2006

+ Scan result:



C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : No action taken.
:mozilla.550:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.245:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.246:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.247:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.248:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.249:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.250:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.251:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.535:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.631:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.294:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.295:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.452:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adition : No action taken.
:mozilla.453:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adition : No action taken.
:mozilla.855:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.856:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.338:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.339:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.341:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.342:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.343:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.347:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.370:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.410:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.360:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.361:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.88:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.89:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.90:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.91:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.92:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.93:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.87:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.536:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.401:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.402:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.403:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.404:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.428:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.411:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.415:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.416:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.417:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.37:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.39:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.47:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.48:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.49:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.50:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.51:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.54:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.55:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.56:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.500:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.501:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.502:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.503:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.504:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.852:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.77:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.432:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.437:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.440:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.571:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.572:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.310:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.311:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.312:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.313:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.314:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.315:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.316:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.447:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.448:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.449:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.450:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.451:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.454:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.455:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.456:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.457:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.167:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.174:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.175:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.176:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.218:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.463:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
3Caleb
2006-07-29, 03:31
:mozilla.298:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.299:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.300:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.305:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.381:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.382:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.383:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.384:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.385:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.655:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.656:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Hypertracker : No action taken.
:mozilla.528:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.137:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.729:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.254:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.255:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.256:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.257:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.258:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.273:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.274:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.275:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.276:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.478:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.479:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.480:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.481:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.482:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.545:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.332:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.333:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.334:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.335:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.336:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.337:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.340:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.326:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.327:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.328:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.329:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.330:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.573:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.574:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.770:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.486:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.488:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.489:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.490:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.491:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.492:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.493:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.412:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.413:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.414:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.836:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.344:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.345:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.346:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.156:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.157:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.158:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.159:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.160:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.161:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.162:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.163:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.147:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.148:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.150:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.151:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.152:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.153:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.747:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.748:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.749:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.750:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.751:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.816:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.70:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.71:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.72:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.73:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.74:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.76:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.497:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.498:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.499:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\o5j19og7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end
shelf life
2006-07-30, 14:50
hi 3Caleb,

sorry for delay. thanks for all the info. one more download, hopefully will take care of the problem:

VundoFix by Atri
Please download VundoFix.exe to your desktop.

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log into your own topic.
3Caleb
2006-07-30, 16:20
VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:15:04 AM 7/30/2006

Listing files found while scanning....

C:\windows\system32\vturr.dll
C:\windows\system32\rrutv.ini
C:\windows\system32\rrutv.bak1
C:\windows\system32\rrutv.bak2
C:\windows\system32\rrutv.ini2
C:\windows\system32\rrutv.tmp

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\vturr.dll
C:\windows\system32\vturr.dll Has been deleted!

Attempting to delete C:\windows\system32\rrutv.ini
C:\windows\system32\rrutv.ini Has been deleted!

Attempting to delete C:\windows\system32\rrutv.bak1
C:\windows\system32\rrutv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\rrutv.bak2
C:\windows\system32\rrutv.bak2 Has been deleted!

Attempting to delete C:\windows\system32\rrutv.ini2
C:\windows\system32\rrutv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\rrutv.tmp
C:\windows\system32\rrutv.tmp Has been deleted!

Performing Repairs to the registry.
Done!
3Caleb
2006-07-30, 16:20
Logfile of HijackThis v1.99.1
Scan saved at 9:20:16 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2700BA8F-4EDC-4A78-95B0-1226FB27A9FC} - (no file)
O2 - BHO: (no name) - {2EA7671E-A51B-41B3-9FB6-3A327FAB5BEC} - (no file)
O2 - BHO: (no name) - {389E089C-02D5-44FD-A665-FAF47C271149} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {6C325158-1F09-4061-9B85-CD5D00FBD95B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8DC01C35-9406-4AFD-A611-64B05EA4065F} - (no file)
O2 - BHO: (no name) - {913DF38A-E397-4DF9-BCCA-C99977F73640} - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {D69DB871-2BA8-4889-A66B-BF34DF691226} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {D9799516-CB66-49E8-AC2F-B8FC53D16A4E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windeu32 - windeu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
shelf life
2006-07-30, 22:50
hi 3Caleb,

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O2 - BHO: (no name) - {2700BA8F-4EDC-4A78-95B0-1226FB27A9FC} - (no file)
O2 - BHO: (no name) - {2EA7671E-A51B-41B3-9FB6-3A327FAB5BEC} - (no file)
O2 - BHO: (no name) - {389E089C-02D5-44FD-A665-FAF47C271149} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {6C325158-1F09-4061-9B85-CD5D00FBD95B} - (no file)

O2 - BHO: (no name) - {8DC01C35-9406-4AFD-A611-64B05EA4065F} - (no file)
O2 - BHO: (no name) - {913DF38A-E397-4DF9-BCCA-C99977F73640} - (no file)

O2 - BHO: (no name) - {D69DB871-2BA8-4889-A66B-BF34DF691226} - C:\WINDOWS\system32\vturr.dll (file missing)

O2 - BHO: (no name) - {D9799516-CB66-49E8-AC2F-B8FC53D16A4E} - (no file)

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\

O20 - Winlogon Notify: windeu32 - windeu32.dll (file missing)

hows it looking on that end now?

shelf life
3Caleb
2006-07-31, 00:01
Logfile of HijackThis v1.99.1
Scan saved at 5:00:31 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Seems good now, thanks a lot.
shelf life
2006-07-31, 03:12
hi 3Caleb,


Seems good now, thanks a lot.

good, glad to help. happy safe surfing.

shelf life
tashi
2006-08-05, 17:28
As the problem appears to be resolved this topic has been archived. :)

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.