There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
All Other Software
Tag Cloud
adware audio bios blue screen boot bsod computer connection cpu crash dell dvd email error excel firefox freeze google hard drive hardware install internet laptop linux malware network no sound outlook problem recovery router safe mode screen server slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Software & Hardware > All Other Software >
removing movieland /mediapie spyware

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
06-Dec-2005, 12:20 PM #1
removing movieland /mediapie spyware
can you please tell me hove to remove movieland/mediapipe spyware from my pc
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
06-Dec-2005, 12:25 PM #2
Welcome to TSG

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
06-Dec-2005, 12:35 PM #3
Thank you, I am printing all your instructions and will continue this process I may not get finished today I have to go to work at 2:30 so I will get the info back to you tomorrow.
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
06-Dec-2005, 12:43 PM #4
Okay take your time
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
06-Dec-2005, 12:46 PM #5
Logfile of HijackThis

v1.99.1
Scan saved at 12:42:29

PM, on 12/6/2005
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer

v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss

.exe
C:\WINDOWS\system32\winl

ogon.exe
C:\WINDOWS\system32\serv

ices.exe
C:\WINDOWS\system32\lsas

s.exe
C:\WINDOWS\system32\svch

ost.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\system32\spoo

lsv.exe
C:\WINDOWS\System32\cisv

c.exe
C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\fwservice.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCR

IPT~1\scan.exe
C:\Program Files\Common

Files\Real\Update_OB\rea

lsched.exe
C:\WINDOWS\system32\ps2.

exe
C:\windows\system\hpsysd

rv.exe
C:\WINDOWS\system32\spoo

l\drivers\w32x86\3\hpzts

b12.exe
C:\Program

Files\HP\hpcoretech\hpcm

pmgr.exe
C:\WINDOWS\System32\hkcm

d.exe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\Unload\hpqcmon.e

xe
C:\Program

Files\Java\jre1.5.0_02\b

in\jusched.exe
C:\Program Files\Common

Files\eAcceleration\eant

hology.exe
C:\Program

Files\Acceleration

Software\Anti-Virus\stop

signav.exe
C:\PROGRA~1\ACCELE~1\DOW

NLO~1\dguard.exe
C:\Program

Files\Acceleration

Software\SystemPatcher\s

ys_alert.exe
C:\PROGRA~1\P2PNET~1\P2P

NET~1.EXE
c:\windows\system32\rlvk

nlg.exe
C:\Program

Files\Hewlett-Packard\HP

Software

Update\HPWuSchd2.exe
C:\PROGRA~1\HPINST~1\plu

gin\bin\pchbutton.exe
C:\Program Files\The

Weather Channel

FW\Desktop

Weather\DesktopWeather.e

xe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqtra08.exe
C:\Program

Files\Kodak\Kodak

EasyShare

software\bin\EasyShare.e

xe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqSTE08.exe
C:\Program

Files\Hewlett-Packard\Di

gital Imaging\Product

Assistant\bin\hprblog.ex

e
C:\WINDOWS\system32\cida

emon.exe
C:\Program

Files\Acceleration

Software\Anti-Virus\stop

signav.exe
C:\WINDOWS\System32\HPZi

pm12.exe
C:\Program

Files\Hijackthis\HijackT

his.exe

R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Default_Pa

ge_URL =

http://www.searchalot.co

m
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Default_Se

arch_URL =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Search Bar

=

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/sb/*http://www.

yahoo.com/search/ie.html
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Search

Page =

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/sp/*http://www.

yahoo.com
R0 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Start Page

= http://www.yahoo.com/
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Default_Pa

ge_URL =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/stp/ymsgr6/*http:/

/www.yahoo.com
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Default_Se

arch_URL =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/su/ymsgr6/*http://

www.yahoo.com
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Search Bar

=

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/sb/ymsgr6/*http://

www.yahoo.com/ext/search

/search.html
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Search

Page =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/sp/ymsgr6/*http://

www.yahoo.com
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Start Page

=

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/stp/ymsgr6/*http:/

/www.yahoo.com
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Search,SearchAs

sistant =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Search,Customiz

eSearch =

http://www.searchalot.co

m/search.htm
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Search,SearchAs

sistant =

http://www.searchalot.co

m/search.htm
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Search,Customiz

eSearch =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\SearchURL,(Defa

ult) =

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/su/*http://www.

yahoo.com
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Local Page

=

http://www.searchalot.co

m
R1 -

HKCU\Software\Microsoft\

Windows\CurrentVersion\I

nternet

Settings,ProxyServer =

https=sas.r21.mchsi.com:

8000
R1 -

HKCU\Software\Microsoft\

Windows\CurrentVersion\I

nternet

Settings,ProxyOverride =

*.r21.mchsi.com;localhos

t
F2 - REG:system.ini:

UserInit=C:\WINDOWS\syst

em32\Userinit.exe
O2 - BHO: MyWebSearch

Search Assistant BHO -

{00A6FAF1-072E-44cf-8957

-5838F569A31D} -

C:\Program

Files\MyWebSearch\SrchAs

tt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj

Class -

{06849E9F-C8D7-4D59-B87D

-784B7D6BE0B3} -

C:\Program

Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroI

EHelper.dll
O2 - BHO: Yahoo! IE

Services Button -

{5BAB4B5B-68BC-4B02-94D6

-2FC0DE4A7897} -

C:\Program

Files\Yahoo!\Common\yies

rvc.dll
O2 - BHO: (no name) -

{6ACD11BD-4CA0-4283-A8D8

-872B9BA289B6} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O3 - Toolbar: hp toolkit

-

{B2847E28-5D7D-4DEB-8B67

-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLK

T.DLL
O3 - Toolbar: Yahoo!

Toolbar -

{EF99BD32-C1FB-11D2-892F

-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\I

nstalls\cpn5\yt.dll
O4 - HKLM\..\Run:

[UpdateManager]

"C:\Program Files\Common

Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run:

[TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\rea

lsched.exe" -osboot
O4 - HKLM\..\Run:

[SpamNukeWeb] C:\Program

Files\SpamNuker\spamnuke

r.exe /auto
O4 - HKLM\..\Run:

[Recguard]

C:\WINDOWS\SMINST\RECGUA

RD.EXE
O4 - HKLM\..\Run: [PS2]

C:\WINDOWS\system32\ps2.

exe
O4 - HKLM\..\Run: [nwiz]

nwiz.exe /install
O4 - HKLM\..\Run:

[NvCplDaemon]

RUNDLL32.EXE

NvQTwk,NvCplDaemon

initialize
O4 - HKLM\..\Run:

[IgfxTray]

C:\WINDOWS\System32\igfx

tray.exe
O4 - HKLM\..\Run:

[hpsysdrv]

c:\windows\system\hpsysd

rv.exe
O4 - HKLM\..\Run: [HPDJ

Taskbar Utility]

C:\WINDOWS\system32\spoo

l\drivers\w32x86\3\hpzts

b12.exe
O4 - HKLM\..\Run: [HP

Component Manager]

"C:\Program

Files\HP\hpcoretech\hpcm

pmgr.exe"
O4 - HKLM\..\Run:

[HotKeysCmds]

C:\WINDOWS\System32\hkcm

d.exe
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\

tfswctrl.exe
O4 - HKLM\..\Run:

[checktime] c:\program

files\HPSelect\Frontend\

ct.exe
O4 - HKLM\..\Run:

[CamMonitor] c:\Program

Files\Hewlett-Packard\Di

gital

Imaging\Unload\hpqcmon.e

xe
O4 - HKLM\..\Run:

[AlcxMonitor]

ALCXMNTR.EXE
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

C:\Program

Files\Java\jre1.5.0_02\b

in\jusched.exe
O4 - HKLM\..\Run:

[EanthologyApp]

"C:\Program Files\Common

Files\eAcceleration\eant

hology.exe" /b Startup
O4 - HKLM\..\Run:

[StopSignSsTsMon]

Rundll32.exe "C:\Program

Files\Acceleration

Software\Anti-Virus\ssts

mon1.dll",VerifyStatus
O4 - HKLM\..\Run:

[webscan] "C:\Program

Files\Acceleration

Software\Anti-Virus\stop

signav.exe" -k
O4 - HKLM\..\Run:

[sginst]

C:\PROGRA~1\ACCELE~1\SCR

IPT~1\sginst.exe /upd
O4 - HKLM\..\Run:

[dguard]

C:\PROGRA~1\ACCELE~1\DOW

NLO~1\dguard.exe
O4 - HKLM\..\Run:

[eanth_system_patcher]

"C:\Program

Files\Acceleration

Software\SystemPatcher\s

ys_alert.exe" /Startup
O4 - HKLM\..\Run:

[StopSignSsFwMon]

Rundll32.exe "C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\ssfwmon.dll",

VerifyStatus
O4 - HKLM\..\Run:

[eMailEncryption]

C:\PROGRA~1\ACCELE~1\VEL

OZD~1\velozsys.exe

runstart
O4 - HKLM\..\Run:

[MediaPipe P2P Loader]

"C:\Program

Files\p2pnetworks\mpp2pl

.exe" /H
O4 - HKLM\..\Run:

[Notification Utility]

"C:\Program

Files\altpayV2\altpayV2.

exe"
O4 - HKLM\..\Run: [HP

Software Update]

C:\Program

Files\Hewlett-Packard\HP

Software

Update\HPWuSchd2.exe
O4 - HKCU\..\Run:

[Yahoo! Pager]

C:\Program

Files\Yahoo!\Messenger\y

pager.exe -quiet
O4 - HKCU\..\Run:

[Acme.PCHButton]

C:\PROGRA~1\HPINST~1\plu

gin\bin\pchbutton.exe
O4 - HKCU\..\Run: [DW4]

"C:\Program Files\The

Weather Channel

FW\Desktop

Weather\DesktopWeather.e

xe"
O4 - Global Startup: hp

center UI.lnk =

C:\Program Files\hp

center\137903\Shadow\Sha

dowBar.exe
O4 - Global Startup: HP

Digital Imaging

Monitor.lnk = C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqtra08.exe
O4 - Global Startup:

Kodak EasyShare

software.lnk =

C:\Program

Files\Kodak\Kodak

EasyShare

software\bin\EasyShare.e

xe
O4 - Global Startup:

Kodak software

updater.lnk = C:\Program

Files\Kodak\KODAK

Software

Updater\7288971\Program\

Kodak Software

Updater.exe
O4 - Global Startup:

QuickBooks Update

Agent.lnk = C:\Program

Files\Common

Files\Intuit\QuickBooks\

QBUpdate\qbupdate.exe
O8 - Extra context menu

item: &Yahoo! Search -

file:///C:\Program

Files\Yahoo!\Common/ycsr

ch.htm
O8 - Extra context menu

item: Yahoo! &Dictionary

- file:///C:\Program

Files\Yahoo!\Common/ycdi

ct.htm
O8 - Extra context menu

item: Yahoo! &Maps -

file:///C:\Program

Files\Yahoo!\Common/ycma

p.htm
O8 - Extra context menu

item: Yahoo! &SMS -

file:///C:\Program

Files\Yahoo!\Common/ycsm

s.htm
O9 - Extra button: (no

name) -

{08B0E5C0-4FCB-11CF-AAA5

-00401C608501} -

C:\Program

Files\Java\jre1.5.0_02\b

in\npjpi150_02.dll
O9 - Extra 'Tools'

menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5

-00401C608501} -

C:\Program

Files\Java\jre1.5.0_02\b

in\npjpi150_02.dll
O9 - Extra button: (no

name) -

{2F099F5D-7003-4441-82C2

-707C7C273FEB} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O9 - Extra 'Tools'

menuitem: Block This

Page -

{2F099F5D-7003-4441-82C2

-707C7C273FEB} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O9 - Extra button:

Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6

-2FC0DE4A7897} -

C:\Program

Files\Yahoo!\Common\yies

rvc.dll
O9 - Extra button:

Messenger -

{FB5F1910-F110-11d2-BB9E

-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.e

xe
O9 - Extra 'Tools'

menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E

-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.e

xe
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O12 - Plugin for .mid:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin2.dll
O12 - Plugin for .mp3:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .mpeg:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .mpg:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .spop:

C:\Program

Files\Internet

Explorer\Plugins\NPDocBo

x.dll
O12 - Plugin for .tiff:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin5.dll
O14 - IERESET.INF:

SEARCH_PAGE_URL=http://w

ww.searchalot.com/search

.htm
O14 - IERESET.INF:

START_PAGE_URL=http://ww

w.searchalot.com
O14 - IERESET.INF:

MS_START_PAGE_URL=http:/

/www.searchalot.com
O16 - DPF:

{11A02365-2859-4598-A9D5

-4FDE99D67723}

(PQIEBrowserConnector

Class) -

http://www.pqprintcenter

.com/plugin/axversion/16

11/printquick1611.cab
O16 - DPF:

{15589FA1-C456-11CE-BF01

-00AA0055595A} -

http://www.spamnuker.com

/product/camp/clickbank/

WebSpamNukerInstaller.ex

e
O16 - DPF:

{1D4DB7D2-6EC9-47A3-BD87

-1E41684E07BB} -

http://imgfarm.com/image

s/nocache/funwebproducts

/SmileyCentralInitialSet

up1.0.0.5.cab
O16 - DPF:

{30528230-99F7-4BB4-88D8

-FA1D4F56A2AB}

(YInstStarter Class) -

http://us.dl1.yimg.com/d

ownload.yahoo.com/dl/ins

talls/yinst20040510.cab
O16 - DPF:

{4F5E4276-C120-11D6-A1FD

-00508B9D48EA}

(dldisplay Class) -

http://www.gamehouse.com

/ghdlctl.cab
O16 - DPF:

{80DD2229-B8E4-4C77-B72F

-F22972D723EA}

(AvxScanOnline Control)

-

http://www.bitdefender.c

om/scan/Msie/bitdefender

.cab
O16 - DPF:

{90C9629E-CD32-11D3-BBFB

-00105A1F0D68}

(InstallShield

International Setup

Player) -

http://www.napster.com/c

lient/isetup.cab
O16 - DPF:

{A17E30C4-A9BA-11D4-8673

-60DB54C10000}

(YahooYMailTo Class) -

http://us.dl1.yimg.com/d

ownload.yahoo.com/dl/ins

talls/yse/ymmapi_416.dll
O16 - DPF:

{D92D7607-05D9-4DD8-B68B

-D458948FB883}

(QuickBooks Online

Edition Utilities Class

v7) -

https://accounting.quick

books.com/v11.283/qboax7

.cab
O16 - DPF:

{DC187740-46A9-11D5-A815

-00B0D0428C0C} -

http://www.pcpowerscan.c

om/pcpowerscan.cab
O16 - DPF:

{DF780F87-FF2B-4DF8-92D0

-73DB16A1543A}

(PopCapLoader Object) -

http://download.games.ya

hoo.com/games/web_games/

popcap/bejeweled2/popcap

loader_v6.cab
O20 - Winlogon Notify:

igfxcui -

C:\WINDOWS\SYSTEM32\igfx

srvc.dll
O23 - Service: FWService

- eAcceleration Corp. -

C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\fwservice.exe
O23 - Service: Kodak

Camera Connection

Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\driv

ers\KodakCCS.exe
O23 - Service: NVIDIA

Driver Helper Service

(NVSvc) - NVIDIA

Corporation -

C:\WINDOWS\System32\nvsv

c32.exe
O23 - Service: Pml

Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZi

pm12.exe
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
06-Dec-2005, 12:47 PM #6
Wow that's impossible to read.

Please rescan with Hijack This.
When the log opens in Notepad, go to Format and check WordWrap.
Then copy and paste the log here
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
07-Dec-2005, 09:05 AM #7
Question did I get you the correct information this time
Logfile of HijackThis

v1.99.1
Scan saved at 9:01:49

AM, on 12/7/2005
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer

v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss

.exe
C:\WINDOWS\system32\winl

ogon.exe
C:\WINDOWS\system32\serv

ices.exe
C:\WINDOWS\system32\lsas

s.exe
C:\WINDOWS\system32\svch

ost.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\system32\spoo

lsv.exe
C:\WINDOWS\System32\cisv

c.exe
C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\fwservice.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCR

IPT~1\scan.exe
C:\Program Files\Common

Files\Real\Update_OB\rea

lsched.exe
C:\WINDOWS\system32\ps2.

exe
C:\windows\system\hpsysd

rv.exe
C:\WINDOWS\system32\spoo

l\drivers\w32x86\3\hpzts

b12.exe
C:\Program

Files\HP\hpcoretech\hpcm

pmgr.exe
C:\WINDOWS\System32\hkcm

d.exe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\Unload\hpqcmon.e

xe
C:\Program

Files\Java\jre1.5.0_02\b

in\jusched.exe
C:\Program Files\Common

Files\eAcceleration\eant

hology.exe
C:\Program

Files\Acceleration

Software\Anti-Virus\stop

signav.exe
C:\PROGRA~1\ACCELE~1\DOW

NLO~1\dguard.exe
C:\Program

Files\Acceleration

Software\SystemPatcher\s

ys_alert.exe
C:\PROGRA~1\P2PNET~1\P2P

NET~1.EXE
C:\Program

Files\altpayV2\altpayV2.

exe
c:\windows\system32\rlvk

nlg.exe
C:\Program

Files\Hewlett-Packard\HP

Software

Update\HPWuSchd2.exe
C:\Program

Files\Yahoo!\Messenger\y

pager.exe
C:\PROGRA~1\HPINST~1\plu

gin\bin\pchbutton.exe
C:\Program Files\The

Weather Channel

FW\Desktop

Weather\DesktopWeather.e

xe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqtra08.exe
C:\Program

Files\Kodak\Kodak

EasyShare

software\bin\EasyShare.e

xe
C:\Program

Files\Kodak\KODAK

Software

Updater\7288971\Program\

Kodak Software

Updater.exe
C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZi

pm12.exe
C:\WINDOWS\system32\cida

emon.exe
C:\Program

Files\Hewlett-Packard\Di

gital Imaging\Product

Assistant\bin\hprblog.ex

e
C:\Program

Files\Internet

Explorer\iexplore.exe
C:\Program

Files\Hijackthis\HijackT

his.exe

R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Default_Pa

ge_URL =

http://www.searchalot.co

m
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Default_Se

arch_URL =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Search Bar

=

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/sb/*http://www.

yahoo.com/search/ie.html
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Search

Page =

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/sp/*http://www.

yahoo.com
R0 -

HKCU\Software\Microsoft\

Internet

Explorer\Main,Start Page

= http://www.yahoo.com/
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Default_Pa

ge_URL =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/stp/ymsgr6/*http:/

/www.yahoo.com
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Default_Se

arch_URL =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/su/ymsgr6/*http://

www.yahoo.com
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Search Bar

=

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/sb/ymsgr6/*http://

www.yahoo.com/ext/search

/search.html
R1 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Search

Page =

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/sp/ymsgr6/*http://

www.yahoo.com
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Start Page

=

http://red.clientapps.ya

hoo.com/customize/ie/def

aults/stp/ymsgr6/*http:/

/www.yahoo.com
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Search,SearchAs

sistant =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\Search,Customiz

eSearch =

http://www.searchalot.co

m/search.htm
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Search,SearchAs

sistant =

http://www.searchalot.co

m/search.htm
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Search,Customiz

eSearch =

http://www.searchalot.co

m/search.htm
R1 -

HKCU\Software\Microsoft\

Internet

Explorer\SearchURL,(Defa

ult) =

http://red.clientapps.ya

hoo.com/customize/ycomp/

defaults/su/*http://www.

yahoo.com
R0 -

HKLM\Software\Microsoft\

Internet

Explorer\Main,Local Page

=

http://www.searchalot.co

m
R1 -

HKCU\Software\Microsoft\

Windows\CurrentVersion\I

nternet

Settings,ProxyServer =

https=sas.r21.mchsi.com:

8000
R1 -

HKCU\Software\Microsoft\

Windows\CurrentVersion\I

nternet

Settings,ProxyOverride =

*.r21.mchsi.com;localhos

t
F2 - REG:system.ini:

UserInit=C:\WINDOWS\syst

em32\Userinit.exe
O2 - BHO: MyWebSearch

Search Assistant BHO -

{00A6FAF1-072E-44cf-8957

-5838F569A31D} -

C:\Program

Files\MyWebSearch\SrchAs

tt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj

Class -

{06849E9F-C8D7-4D59-B87D

-784B7D6BE0B3} -

C:\Program

Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroI

EHelper.dll
O2 - BHO: Yahoo! IE

Services Button -

{5BAB4B5B-68BC-4B02-94D6

-2FC0DE4A7897} -

C:\Program

Files\Yahoo!\Common\yies

rvc.dll
O2 - BHO: (no name) -

{6ACD11BD-4CA0-4283-A8D8

-872B9BA289B6} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O3 - Toolbar: hp toolkit

-

{B2847E28-5D7D-4DEB-8B67

-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLK

T.DLL
O3 - Toolbar: Yahoo!

Toolbar -

{EF99BD32-C1FB-11D2-892F

-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\I

nstalls\cpn5\yt.dll
O4 - HKLM\..\Run:

[UpdateManager]

"C:\Program Files\Common

Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run:

[TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\rea

lsched.exe" -osboot
O4 - HKLM\..\Run:

[SpamNukeWeb] C:\Program

Files\SpamNuker\spamnuke

r.exe /auto
O4 - HKLM\..\Run:

[Recguard]

C:\WINDOWS\SMINST\RECGUA

RD.EXE
O4 - HKLM\..\Run: [PS2]

C:\WINDOWS\system32\ps2.

exe
O4 - HKLM\..\Run: [nwiz]

nwiz.exe /install
O4 - HKLM\..\Run:

[NvCplDaemon]

RUNDLL32.EXE

NvQTwk,NvCplDaemon

initialize
O4 - HKLM\..\Run:

[IgfxTray]

C:\WINDOWS\System32\igfx

tray.exe
O4 - HKLM\..\Run:

[hpsysdrv]

c:\windows\system\hpsysd

rv.exe
O4 - HKLM\..\Run: [HPDJ

Taskbar Utility]

C:\WINDOWS\system32\spoo

l\drivers\w32x86\3\hpzts

b12.exe
O4 - HKLM\..\Run: [HP

Component Manager]

"C:\Program

Files\HP\hpcoretech\hpcm

pmgr.exe"
O4 - HKLM\..\Run:

[HotKeysCmds]

C:\WINDOWS\System32\hkcm

d.exe
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\

tfswctrl.exe
O4 - HKLM\..\Run:

[checktime] c:\program

files\HPSelect\Frontend\

ct.exe
O4 - HKLM\..\Run:

[CamMonitor] c:\Program

Files\Hewlett-Packard\Di

gital

Imaging\Unload\hpqcmon.e

xe
O4 - HKLM\..\Run:

[AlcxMonitor]

ALCXMNTR.EXE
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

C:\Program

Files\Java\jre1.5.0_02\b

in\jusched.exe
O4 - HKLM\..\Run:

[EanthologyApp]

"C:\Program Files\Common

Files\eAcceleration\eant

hology.exe" /b Startup
O4 - HKLM\..\Run:

[StopSignSsTsMon]

Rundll32.exe "C:\Program

Files\Acceleration

Software\Anti-Virus\ssts

mon1.dll",VerifyStatus
O4 - HKLM\..\Run:

[webscan] "C:\Program

Files\Acceleration

Software\Anti-Virus\stop

signav.exe" -k
O4 - HKLM\..\Run:

[sginst]

C:\PROGRA~1\ACCELE~1\SCR

IPT~1\sginst.exe /upd
O4 - HKLM\..\Run:

[dguard]

C:\PROGRA~1\ACCELE~1\DOW

NLO~1\dguard.exe
O4 - HKLM\..\Run:

[eanth_system_patcher]

"C:\Program

Files\Acceleration

Software\SystemPatcher\s

ys_alert.exe" /Startup
O4 - HKLM\..\Run:

[StopSignSsFwMon]

Rundll32.exe "C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\ssfwmon.dll",

VerifyStatus
O4 - HKLM\..\Run:

[eMailEncryption]

C:\PROGRA~1\ACCELE~1\VEL

OZD~1\velozsys.exe

runstart
O4 - HKLM\..\Run:

[MediaPipe P2P Loader]

"C:\Program

Files\p2pnetworks\mpp2pl

.exe" /H
O4 - HKLM\..\Run:

[Notification Utility]

"C:\Program

Files\altpayV2\altpayV2.

exe"
O4 - HKLM\..\Run: [HP

Software Update]

C:\Program

Files\Hewlett-Packard\HP

Software

Update\HPWuSchd2.exe
O4 - HKCU\..\Run:

[Yahoo! Pager]

C:\Program

Files\Yahoo!\Messenger\y

pager.exe -quiet
O4 - HKCU\..\Run:

[Acme.PCHButton]

C:\PROGRA~1\HPINST~1\plu

gin\bin\pchbutton.exe
O4 - HKCU\..\Run: [DW4]

"C:\Program Files\The

Weather Channel

FW\Desktop

Weather\DesktopWeather.e

xe"
O4 - Global Startup: hp

center UI.lnk =

C:\Program Files\hp

center\137903\Shadow\Sha

dowBar.exe
O4 - Global Startup: HP

Digital Imaging

Monitor.lnk = C:\Program

Files\Hewlett-Packard\Di

gital

Imaging\bin\hpqtra08.exe
O4 - Global Startup:

Kodak EasyShare

software.lnk =

C:\Program

Files\Kodak\Kodak

EasyShare

software\bin\EasyShare.e

xe
O4 - Global Startup:

Kodak software

updater.lnk = C:\Program

Files\Kodak\KODAK

Software

Updater\7288971\Program\

Kodak Software

Updater.exe
O4 - Global Startup:

QuickBooks Update

Agent.lnk = C:\Program

Files\Common

Files\Intuit\QuickBooks\

QBUpdate\qbupdate.exe
O8 - Extra context menu

item: &Yahoo! Search -

file:///C:\Program

Files\Yahoo!\Common/ycsr

ch.htm
O8 - Extra context menu

item: Yahoo! &Dictionary

- file:///C:\Program

Files\Yahoo!\Common/ycdi

ct.htm
O8 - Extra context menu

item: Yahoo! &Maps -

file:///C:\Program

Files\Yahoo!\Common/ycma

p.htm
O8 - Extra context menu

item: Yahoo! &SMS -

file:///C:\Program

Files\Yahoo!\Common/ycsm

s.htm
O9 - Extra button: (no

name) -

{08B0E5C0-4FCB-11CF-AAA5

-00401C608501} -

C:\Program

Files\Java\jre1.5.0_02\b

in\npjpi150_02.dll
O9 - Extra 'Tools'

menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5

-00401C608501} -

C:\Program

Files\Java\jre1.5.0_02\b

in\npjpi150_02.dll
O9 - Extra button: (no

name) -

{2F099F5D-7003-4441-82C2

-707C7C273FEB} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O9 - Extra 'Tools'

menuitem: Block This

Page -

{2F099F5D-7003-4441-82C2

-707C7C273FEB} -

C:\PROGRA~1\ACCELE~1\Sto

pSign\webcbrowse.dll
O9 - Extra button:

Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6

-2FC0DE4A7897} -

C:\Program

Files\Yahoo!\Common\yies

rvc.dll
O9 - Extra button:

Messenger -

{FB5F1910-F110-11d2-BB9E

-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.e

xe
O9 - Extra 'Tools'

menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E

-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.e

xe
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\progra~1\accele~1\vel

ozd~1\asiclayer.dll
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\rlls

.dll
O12 - Plugin for .mid:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin2.dll
O12 - Plugin for .mp3:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .mpeg:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .mpg:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin3.dll
O12 - Plugin for .spop:

C:\Program

Files\Internet

Explorer\Plugins\NPDocBo

x.dll
O12 - Plugin for .tiff:

C:\Program

Files\Internet

Explorer\PLUGINS\npqtplu

gin5.dll
O14 - IERESET.INF:

SEARCH_PAGE_URL=http://w

ww.searchalot.com/search

.htm
O14 - IERESET.INF:

START_PAGE_URL=http://ww

w.searchalot.com
O14 - IERESET.INF:

MS_START_PAGE_URL=http:/

/www.searchalot.com
O16 - DPF:

{11A02365-2859-4598-A9D5

-4FDE99D67723}

(PQIEBrowserConnector

Class) -

http://www.pqprintcenter

.com/plugin/axversion/16

11/printquick1611.cab
O16 - DPF:

{15589FA1-C456-11CE-BF01

-00AA0055595A} -

http://www.spamnuker.com

/product/camp/clickbank/

WebSpamNukerInstaller.ex

e
O16 - DPF:

{1D4DB7D2-6EC9-47A3-BD87

-1E41684E07BB} -

http://imgfarm.com/image

s/nocache/funwebproducts

/SmileyCentralInitialSet

up1.0.0.5.cab
O16 - DPF:

{30528230-99F7-4BB4-88D8

-FA1D4F56A2AB}

(YInstStarter Class) -

http://us.dl1.yimg.com/d

ownload.yahoo.com/dl/ins

talls/yinst20040510.cab
O16 - DPF:

{4F5E4276-C120-11D6-A1FD

-00508B9D48EA}

(dldisplay Class) -

http://www.gamehouse.com

/ghdlctl.cab
O16 - DPF:

{80DD2229-B8E4-4C77-B72F

-F22972D723EA}

(AvxScanOnline Control)

-

http://www.bitdefender.c

om/scan/Msie/bitdefender

.cab
O16 - DPF:

{90C9629E-CD32-11D3-BBFB

-00105A1F0D68}

(InstallShield

International Setup

Player) -

http://www.napster.com/c

lient/isetup.cab
O16 - DPF:

{A17E30C4-A9BA-11D4-8673

-60DB54C10000}

(YahooYMailTo Class) -

http://us.dl1.yimg.com/d

ownload.yahoo.com/dl/ins

talls/yse/ymmapi_416.dll
O16 - DPF:

{D92D7607-05D9-4DD8-B68B

-D458948FB883}

(QuickBooks Online

Edition Utilities Class

v7) -

https://accounting.quick

books.com/v11.283/qboax7

.cab
O16 - DPF:

{DC187740-46A9-11D5-A815

-00B0D0428C0C} -

http://www.pcpowerscan.c

om/pcpowerscan.cab
O16 - DPF:

{DF780F87-FF2B-4DF8-92D0

-73DB16A1543A}

(PopCapLoader Object) -

http://download.games.ya

hoo.com/games/web_games/

popcap/bejeweled2/popcap

loader_v6.cab
O20 - Winlogon Notify:

igfxcui -

C:\WINDOWS\SYSTEM32\igfx

srvc.dll
O23 - Service: FWService

- eAcceleration Corp. -

C:\Program

Files\Acceleration

Software\StopSignProduct

s\Firewall\fwservice.exe
O23 - Service: Kodak

Camera Connection

Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\driv

ers\KodakCCS.exe
O23 - Service: NVIDIA

Driver Helper Service

(NVSvc) - NVIDIA

Corporation -

C:\WINDOWS\System32\nvsv

c32.exe
O23 - Service: Pml

Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZi

pm12.exe
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
07-Dec-2005, 11:59 AM #8
No Is WordWrap checked?
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
07-Dec-2005, 01:24 PM #9
yes the word wrap is checked
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
07-Dec-2005, 01:33 PM #10
Is the log opening in Notepad or WordPad?
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
09-Dec-2005, 09:08 AM #11
it opens in notepad
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
09-Dec-2005, 09:29 AM #12
I found 2 things that had medipipe in them and I checked the fix box on the scan.
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
09-Dec-2005, 01:40 PM #13
There is more to fix. And I'm not trying to be a pain, I swear. I know how frustrating this is. But that log is so garbled up. I really cannot decipher it.

A log should look like this: http://forums.techguy.org/t423591.html

If you want to rescan with Hijack This and either attach the log here or email it to me, maybe that will help.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
tlhoglen@yah's Avatar
Junior Member with 8 posts.
  
Join Date: Dec 2005
Location: north carolina
Experience: Intermediate
10-Dec-2005, 10:48 AM #14
The picture of your dog with a Christmas hat is too cute! We raise miniature dachshunds. I mentioned yesterday I clicked fixed on the 2 logs I found with mediapipe in it and this morning it didn't show up when the pc was turned on. I know you said there is a lot more too do. I hope I can get rid of this pop up permanetly. I have dared my spouse to come near the pc. Thanks for all your help and when this thing is gone for good I will make a donation.
Cheeseball81's Avatar
Moderator with 74,154 posts.
  
Join Date: Mar 2004
Location: New York
10-Dec-2005, 05:36 PM #15
Thanks! The log you emailed me was much easier to read, so I am posting it here. I'll be back soon with further instructions.

Logfile of HijackThis v1.99.1
Scan saved at 9:24:33 AM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchalot.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com;localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpamNukeWeb] C:\Program Files\SpamNuker\spamnuker.exe /auto
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon1.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.searchalot.com/search.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.searchalot.com
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spamnuker.com/product/camp/clickbank/WebSpamNukerInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.283/qboax7.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
Closed Thread Bookmark and Share
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | All Other Software | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:13 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.