Help! Before I rip all of my hair out!

[removed82807a]

So I've run ad-aware and spybot at least 20 times in the past 2 days, each time they find spyware, and each time I delete it. But I am still having pop-ups! I try to never use internet explorer (I prefer Firefox) and while I'm using Firefox I will get internet explorer pop-ups? My computer has also been running noticeably slower than usual. I followed all of the steps to do before posting my hijackthis thread.

Also, I'm not sure if this is the right forum to post in, but since I'm already posting something I thought maybe someone could help me out with another little issue I'm experiencing. Everytime I start up my computer I'm getting this message:

Runner Error
Runner file name (Compaq Connections.exe) lacks a '-' (the app id seperator)
What does that mean?

And everytime I shut down I get two little boxes coming up saying DLL INITIALIZATION FAILED (one is for FILXSAPI.EXE and one is NTOBDLV1.EXE)


Anyway, here is my hijackthis log. Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 1:58:36 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180s...bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

[removed82807a]

Just bumping this. I've been messing with my computer all day but for some reason I'm still getting pop-ups no matter how many spyware removers I run. So I did another hjt log just incase I changed things? Thanks, I know you guys are all super busy! I'm trying to fix it myself, but basically, well I suck at these things!


Logfile of HijackThis v1.99.1
Scan saved at 9:33:08 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

[MicroBell]

Hi and Welcome to TSF

If you read the thread about "5 Steps" before posting your log you ignored parts of it. DO NOT bump your post unless it's been 24hrs. It will be overlooked every time.

Let's address the shutdown messages first...as the other is an HP issue.

Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete!

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Open add/remove programs and remove Arovax AntiSpyware

*Note* There's a few things the development team are still trying to straighten out with this product and until they do so it's not recommend for spyware detection/prevention.

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY... io&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY... io&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY... io&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s

C:\Program Files\Arovax AntiSpyware<--delete that folder

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal mode....

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido log.

Let me know if you still get that message on shutdown.


Runner Error
Runner file name (Compaq Connections.exe) lacks a '-' (the app id seperator)

This error is useally associated with HP/Compaq update issues. Click START>> RUN>> Type in msconfig. Once that loads open the startup tab. Look for one of these entrys...

C:\HP\KBD\KBD.EXE
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe

and uncheck the box and reboot. It's likely going to be the Compaq Connections.exe entry thats the issue. If it's not try the other. If there are more HP/Compaq entrys in there please post them.

Also let me know if this error appeared right after you installed Spybot..as it also has an issue with this as it blocks the attempt from HP to access for updates.

[removed82807a]

Thank you so much! I want to apologize for posting twice within a 24 hour period, I didn't intentionally ignore the rule, I must've skimmed over it, sorry! Thank you for helping me even though I didn't follow the proper protocol!

I am not getting any of the error messages anymore! Thank you! And I haven't gotten any pop-ups yet, so hopefully it will remain that way!

After running the Panda ActiveScan there was nothing found so I did not get a log for that. Here is the Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:24:54 PM, 12/1/2005
+ Report-Checksum: 1918CC1E

+ Scan result:

HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2239381551-24660865-1321330579-1009\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ez6w4tan.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup



::Report End

[MicroBell]

Need to run one more scanner....

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

[removed82807a]

There was nothing found in the second scan! Yay! All that was in the log was:

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning






Perfect!

[MicroBell]

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 2000
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Select the Advanced settings box option.
• Select the Hidden files Folders.
• Deselect the Show all files option.
• Click Yes to confirm.
• Click OK.

Windows ME
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 95/98/98SE
===============

• Open My Computer.
• Select the View
• Select the Folder Options option.
• Select the View tab. option.
• Select the Advance Advanced settings box option.
• Select the Hidden files folder.
• Deselect the Show all files option
• Click Apply to confirm.
• Click OK.

Create a new System Restore point

Windows XP
===============

• Click Start >> Run - type SYSDM.CPL & press Enter
• Select the System Restore Tab
• Tick on the checkbox - "Turn off System Restore on all drives"
• Click Apply
• Then untick the same checkbox & click OK
• This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

• Click the Start tab.
• Select the Settings option.
• Select the Control Panel option.
• Double Click the System icon Performance tab option.
• Select File System
• Select the Troubleshooting tab
• Check the Disable System Restore box
• Click Apply to confirm.
• Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option

• Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

• Click the Start button.
• Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
• Choose Create a restore point, and then click Next.
• In the Restore point description box, type a name for your restore point, and then click Next.
  Click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• Tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
• WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/firewall
• Tiny Personal Firewall
• OutPost Firewall

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

• Grisoft AVG Anti-Virus System
• Alwil Avast 4 Home Edition
• Softwin BitDefender Free Edition Version 7

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.

[removed82807a]

thank you!!!