Jump to content
Sign in to follow this  
jbwalters

"Add/Remove Programs" is Screwed

Recommended Posts

I think that I might have gotten hold of some bad stuff on my computer. My "Add/Remove Programs" list is all screwed up. Instead of the usual list of programs, there is a bunch of weird stuff listed. Plus, I can't uninstall anything. Anyway, here is a copy of my log. I'm not all that computer savvy so please be patient. Thanks ahead of time!

 

Logfile of HijackThis v1.99.1

Scan saved at 3:05:05 AM, on 5/19/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\arservice.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKCU\..\Run: [Azureus Ultra Accelerator] "C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe" -tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Edited by jbwalters

Share this post


Link to post
Share on other sites

Hi and welcome

 

Open HJT and click scan only, place a check by these entries

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

 

Close all open windows and browsers Except HJT and click fix checked

 

 

Download ComboFix from Here

to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites

Here is the ComboFix log:

 

"HP_Administrator" - 2007-05-20 22:43:11 Service Pack 2

ComboFix 07-05.21.6.V - Running from: "C:\Program Files\Mozilla Firefox\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\retadpu2000400.exe

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))

 

 

2007-05-18 03:11 <DIR> d-------- C:\Program Files\HP Sonic

2007-05-18 01:03 <DIR> d-------- C:\Program Files\Yahoo!

2007-05-15 04:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-14 21:24 <DIR> d-------- C:\temp

2007-05-10 18:48 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\RapidGet

2007-05-10 13:58 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\UseNeXT

2007-05-09 17:14 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore

2007-05-09 17:13 <DIR> d-------- C:\Program Files\Viewpoint

2007-05-09 17:13 <DIR> d-------- C:\Program Files\Common Files\AOL

2007-05-09 17:13 <DIR> d-------- C:\Program Files\AIM6

2007-05-09 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

2007-05-09 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP

2007-05-09 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL

2007-05-09 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads

2007-05-05 16:24 278,016 --a------ C:\WINDOWS\system32\vct3216.dll

2007-05-04 22:03 24 --a------ C:\WINDOWS\system32\sysogg.dll

2007-05-04 22:02 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll

2007-05-04 22:02 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll

2007-05-04 22:00 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MusicIP

2007-05-02 11:15 <DIR> d-------- C:\Program Files\Vodei

2007-04-27 02:54 <DIR> d-------- C:\Program Files\Windows Media Recorder

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-05-20 00:08:39 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus

2007-05-19 09:01:53 -------- d-----w C:\Program Files\mIRC

2007-05-19 07:59:26 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3

2007-05-15 08:33:29 -------- d--h--r C:\DOCUME~1\HP_ADM~1\APPLIC~1\yahoo!

2007-05-12 22:40:43 54,784 ---ha-w C:\WINDOWS\system32\mlfcache.dat

2007-05-09 22:13:15 335 ----a-w C:\WINDOWS\nsreg.dat

2007-04-27 07:47:38 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-04-17 21:39:05 1,901 ----a-w C:\WINDOWS\panose.bin

2007-04-15 07:09:17 -------- d-----w C:\Program Files\Common Files\NSV

2007-04-09 15:46:53 502 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

2007-03-25 19:38:22 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM

2007-03-24 23:04:12 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google

2007-03-24 23:03:40 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll

2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-03-07 23:51:00 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\upnphost.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll []

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}=C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-07-22 05:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 23:01]

"RTHDCPL"="RTHDCPL.EXE" []

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" []

"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]

"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 04:12]

"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 04:11]

"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" []

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 00:14]

"PCDrProfiler"="" []

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34]

"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 04:23]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 20:18]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 15:10]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 23:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Azureus Ultra Accelerator"="C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe" []

"Aim6"="" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

"DisableTaskMgr"=1 (0x1)

 

*Newly Created Service* -PROCEXP90

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070520-224212-363

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

 

backup-20070520-224212-284

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

 

backup-20070520-224212-459

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832216329B26033AAC

 

backup-20070520-224212-898

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

backup-20070520-224212-273

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-20 22:44:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

cmd.exe [2916]

 

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\WINDOWS\WindowsShell.Manifest 4096 bytes

C:\WINDOWS\WindowsUpdate.log 1531904 bytes

C:\WINDOWS\winhelp.exe 258048 bytes

C:\WINDOWS\winhlp32.exe 286720 bytes

C:\WINDOWS\WININIT.INI 160 bytes

C:\WINDOWS\winnt.bmp 49152 bytes

C:\WINDOWS\winnt256.bmp 49152 bytes

C:\WINDOWS\WINNT32.LOG 16384 bytes

C:\WINDOWS\WinSxS

C:\WINDOWS\WinSxS\InstallTemp

C:\WINDOWS\WinSxS\Manifests

C:\WINDOWS\WinSxS\Policies

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213

C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7

C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0

C:\WINDOWS\WMFDist11.log 28672 bytes

C:\WINDOWS\wmp11.log 24576 bytes

C:\WINDOWS\wmp11Uninst.log 12288 bytes

C:\WINDOWS\wmsetup.log 110592 bytes

C:\WINDOWS\wmsetup10.log 4096 bytes

C:\WINDOWS\WMSysPr9.prx 319488 bytes

C:\WINDOWS\wr.txt 448 bytes

C:\WINDOWS\wsdu.log 272 bytes

C:\WINDOWS\Wudf01000Inst.log 12288 bytes

C:\WINDOWS\xpsp1hfm.log 4096 bytes

C:\WINDOWS\yacs.log 12288 bytes

C:\WINDOWS\Zapotec.bmp 12288 bytes

C:\WINDOWS\_default.pif 712 bytes

 

scan completed successfully

hidden files: 41

 

 

********************************************************************

 

Completion time: 2007-05-20 22:45:11

C:\ComboFix-quarantined-files.txt ... 2007-05-20 22:45

 

--- E O F ---

Share this post


Link to post
Share on other sites

And here is the HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:49:24 PM, on 5/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\arservice.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKCU\..\Run: [Azureus Ultra Accelerator] "C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe" -tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Share this post


Link to post
Share on other sites

Welcome back

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

 

A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application. If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.

Your call

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

 

 

Please delete

 

Combofix

C:\QooBox

 

 

Open HJT and click scan only, place a check by these entries

 

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

 

Close all windows and browsers except HJT and click fix checked

 

 

 

 

Please download ATF Cleaner by Atribune and save it to your desktop.

 

 

 

Download AVG Anti-Spyware 7.5 from Here

And save that file to your desktop.

[*]Once you have downloaded AVG anti-spyware, locate the icon on the your desk top and double-click it to launch the set up program.

[*]Once the setup is complete you will need run AVG Anti-Spyware 7.5 and definition files.

[*]On the main screen select the icon "Update then select the"Update Now" link.

  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
*Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.

*Once in the Settings screen click on "Recommended Actions" and then select "Quarantine". <--VERY IMPORTANT"

*Under "Reports"

Select "Automatically generate report after every scan"

Un-Select "Only if threats were found"

 

Close AVG Anti-Spyware 7.5, Do not run a scan yet.

 

 

It is important that you print out these instructions or save them to notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.

 

 

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

 

 

Using windows explorer search for and delete these files/folders in bold

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <--file

 

 

 

Double-click ATF-Cleaner.exe to run the program.

  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

 

 

 

Important.. Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:

  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan"tab then click on "Complete Scan".
  • AVG will now begin the scanning process, be patient this may take a little time to complete.
Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system, (Make sure to remember where you have saved the file, this is important.
  • Close AVG Anti-Spyware 7.5 and reboot your system back into Normal Mode
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

 

 

 

I didn't detect any active process of a firewall on your system

Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

You should not rely on just the Windows XP firewall when there are firewalls that are free for personal use that are better, the Windows XP firewall only checks incoming data.

If you decide to download and install another Firewall....please disable Windows Firewall.

Start menu->>Control Panel->>Security Center->>Windows Firewall and disable Windows Firewall.

Sygate free firewall

ZoneAlarm free firewall

Outpost free Firewall

Comodo

Kerio Personal Firewall

Jetico Personal Firewall

 

The above are known good free Firewalls available for personal use. If one conflicts with your system, try another.

For a tutorial on Firewalls and a listing of some available ones see the link below

http://www.bleepingcomputer.com/tutorials/tutorial60.html

 

 

In your next reply I need:

AVG A/S log

New HJT log

Comments on how your computer is running now

Share this post


Link to post
Share on other sites

Ok, I tried to follow the direction as best I could, but I ran into two problems. First, I couldn't remove "Viewpoint Manager" via the Add/Remove Programs because it is not listed (that is part of my original problem - the Add/Remove Programs list is still screwed up). Secondly, I could not delete the following file because it was not listed in the folder to which I was directed:

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

 

However, I did produce a AVG A/S log and a new HJT log. Thanks for the help!

 

Here is the AVG A/S Log:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:31:47 PM 5/21/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\A0038017.dll -> Adware.WinZix : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP221\A0037809.exe -> Downloader.Agent.bls : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP225\A0038097.exe -> Downloader.Agent.bls : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP227\A0038136.exe -> Downloader.Agent.bls : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\A0038007.exe -> Hijacker.Small : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP222\A0037883.exe -> Not-A-Virus.Monitor.Win32.Ardamax : Cleaned.

:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.58:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.59:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.60:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.100:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.101:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.102:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.103:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.99:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.32:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.22:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.24:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.27:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.28:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.29:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.30:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.31:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.109:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.20:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.21:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.41:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.42:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.87:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.88:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.89:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.90:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.91:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.92:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.6:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP218\A0037476.exe -> Trojan.Legmir.517 : Cleaned.

C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhosts : Cleaned.

 

 

::Report end

Share this post


Link to post
Share on other sites

And here is the HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 9:41:46 PM, on 5/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Azureus Ultra Accelerator] "C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe" -tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Share this post


Link to post
Share on other sites

Welcome back

 

What AVG A/S found is located in System Restore...we'll handle that in a bit.

 

 

Download the HostsXpert ...from Here and unzip it to your desktop.

Next, open the HostsXpert

  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close the hoster
Uninstall List

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

 

 

 

 

 

Open My Computer>right click on C:\>Properties>Tools>Error Checking>Check Now> put a checkmark in both boxes>Start>OK reboot.

Allow this to scan

 

 

 

Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files.

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy.

 

Note: If you don’t have your original Windows XP installation CD, proceed with the scan anyway. If the scan prompts you to replace a corrupt OS file, direct it to the dllcache or i386 folder that should be present in your system. That’s where Windows XP keeps its backup OS files.

 

 

In your next reply post the Uninstall list and what other issues your having.

Share this post


Link to post
Share on other sites

Sorry that it has taken me so long to respond. Here is the uninstall list:

 

AVG Anti-Spyware 7.5

HijackThis 1.99.1

mIRC

 

I'm working on the Windows File Protection right now, but I seem to be having problems. I will update in a few minutes.

Share this post


Link to post
Share on other sites

I tried running Windows File Protection, but, when it almost gets to the end, I get a box that says:

 

"Files that are required for Windows to run properly must be copied to the DLL Cache.

 

Insert your Windows XP Professional CD2 now."

 

And I'm given three options: Retry, More Information, Cancel

 

Unfortunately, it appears that I wasn't given a Windows CD when I bought my computer so I can't insert a CD. So I try clicking on Retry anyway, but it says that the CD that I have provided is wrong. Thus, I ultimately have to press Cancel.

Share this post


Link to post
Share on other sites

Let's try to continue with the rest of the things I needed

 

AVG Anti-Spyware log

New HJT log

Uninstall List

 

By chance did it say which files that are required for Windows to run properly must be copied to the DLL Cache.?

 

If the scan prompts you to replace a corrupt OS file, direct it to the dllcache or i386 folder that should be present in your system. That’s where Windows XP keeps its backup OS files.

Share this post


Link to post
Share on other sites

No, it did not mention which files.

 

Here is the AVG Anti-Spyware Report:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:15:08 PM 5/23/2007

 

+ Scan result:

 

 

 

:mozilla.166:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.121:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.122:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.124:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.125:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.126:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.44:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.47:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.48:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.132:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.133:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.134:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.135:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.136:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.54:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.245:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.

:mozilla.246:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.27:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.94:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.95:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.15:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.16:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.23:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.24:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.28:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.29:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.6:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.32:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.33:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.108:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.109:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.205:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.117:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.137:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.138:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.49:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.50:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.51:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.52:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.255:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.256:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.257:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.258:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.264:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.265:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.266:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.267:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.214:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.217:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.158:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.159:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.160:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.161:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.162:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.163:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.164:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.63:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xsc90zsr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

 

Here is the HijackThis Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:22:02 PM, on 5/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Azureus Ultra Accelerator] "C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe" -tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

 

Here is the Uninstall List:

 

AVG Anti-Spyware 7.5

HijackThis 1.99.1

mIRC

Mozilla Firefox (2.0.0.3)

 

Please let me know if anything else is needed, and thanks again for the help!

Share this post


Link to post
Share on other sites

Welcome back

 

Your logs are coming back clean good job!

 

Open HJT and click scan only, place a check by these entries

 

The following are not necessarily spyware/malware, I suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [Reminder] \"C:\Windows\Creator\Remind_XP.exe\"

(Description: Subscription reminder to unlock unkimited use for SoftThinks CD Creator CD/DVD rewriting software, usually supplied with HP PC's as a pre-installed package. Unnecessary. Removing this will free up a small amount of system resources. )

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\"

(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

 

Close all windows and browsers except HJT and click fix checked.

 

Reboot to set the registry

 

 

 

Go to>Start->Control Panel->System, System restore. Check "Turn off System Restore" and reboot. That will erase all restore points.

After reboot, go back in and turn System Restore back on. That will flush system restore out

More info and screenshots:

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

You can find instructions on how to disable and reenable system restore here also:

Windows XP System Restore Guide

 

 

You can run a test at PCPitStop. Please register (it's free, don't worry) with PCPitStop and run the full tests http://www.pcpitstop.com/pcpitstop/default.asp

This is an excellent diagnostics scan that may help in determining problems not related to malware. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me to review.

 

 

 

You still show no signs of a running and active Firewall. In previous post I gave information on free Firewall programs.

 

 

 

About your Add/Remove programs panel.....

 

Have you used a registry cleaner or with a tweak program?. If you used such a program, see if there is an option to replace the last configuration.

 

If you look in the Program Files folder for each app, you may find an uninstall entry that you can launch (uninstall.exe, for example).

 

 

Below are a few links I found that may apply here.

 

All Installed Programs May Not Be Displayed in the Add/Remove Programs Tool

 

Programs May Not Be Displayed in the Add/Remove Programs

 

Programs missing from add/remove programs list

 

 

In your next reply I need to see your Pit test

Share this post


Link to post
Share on other sites

Welcome back JB

 

I'm curious....could some of your windows files and components have been moved to another Drive?

 

From your Pit test this is what I've found.

 

Data fragmentation 12% <--You should defragment drives as soon as possible for best performance

File fragmentation 5%

 

Drive D:\ has only 5 percent of its space available

You may be able to increase available disk space by uninstalling applications, deleting unneeded files, or moving rarely-needed files to a backup such as Zip, CD-R, or tape. If this does not free up enough disk space, you should consider installing another disk drive, either as a replacement to the existing one or as an addition to it.

 

The maximum size of your Internet Explorer browser cache is 1194 megabytes.

Start Internet Explorer

Select Tools | Internet Options | General

Under Temporary Internet Files click the Settings button.

In the box for the amount of disk space to use, enter a value between 10 and 100 megabytes.

Click OK to accept the changes.

 

This is about as far as I can go since there is no more malware on your system.

What I can do from here is direct you to our User to User forum and post a new thread to be viewed by the Experts in that forum found Here

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×