HiJack this logfile...can anyone tell me what to do?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

joegallard

Thread Starter
Joined
Jan 23, 2007
Messages
7
Logfile of HijackThis v1.99.1
Scan saved at 09:58:02, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\tms42\Tms4.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Alerter Client.exe.lnk = ?
O4 - Startup: RoadAngel USB.lnk = ?
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...tonmartin.com/configurator/vanquish_load.html
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - https://www4.king.com/midasa.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://2003server/capella/Codebase/arview2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emeadailydemos.webex.com/client/T23L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pangbourne2.local
O17 - HKLM\Software\..\Telephony: DomainName = pangbourne2.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pangbourne2.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
why have you got 2 antiviruses

AVG & Symantec

they will prevent each other fixing the problem

choose which one you want & uninstall the other

then

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

& post a new HJT log
 

joegallard

Thread Starter
Joined
Jan 23, 2007
Messages
7
Cheers for that have deleted AVG......results from combofix were:


"joe" - 07-01-25 12:35:22 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Joe"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\zlbw.dll


((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-25 12:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-24 15:27 <DIR> d-------- C:\Downloads
2007-01-24 15:26 <DIR> d-------- C:\Program Files\BitComet
2007-01-24 10:08 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-24 09:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-01-23 16:21 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-23 15:26 <DIR> d-------- C:\fixwareout
2007-01-23 10:31 32,387 --a------ C:\WINDOWS\system32\sgsanTk.exe
2007-01-22 16:24 32,387 --a------ C:\WINDOWS\system32\cAltRM3.exe
2007-01-22 15:01 32,387 --a------ C:\WINDOWS\system32\game5.exe
2007-01-22 12:35 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-22 12:35 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-22 12:34 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-22 12:32 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-22 12:31 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game4.exe
2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game2.exe
2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game1.exe
2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\adirss.exe
2007-01-22 08:44 48,259 --a------ C:\WINDOWS\system32\game3.exe
2007-01-22 08:44 47,235 ---h----- C:\WINDOWS\system32\alsys.exe
2007-01-22 08:44 31,363 --a------ C:\WINDOWS\system32\ru8Baf5.exe
2007-01-22 08:43 54,403 --a------ C:\WINDOWS\system32\game0.exe
2007-01-11 15:54 <DIR> d-------- C:\Program Files\CronoSoft
2007-01-10 16:15 <DIR> d-------- C:\Program Files\PARTYGAMING
2007-01-10 12:10 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-05 11:13 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-05 11:13 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-05 11:13 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-24 15:27 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-24 10:40 -------- d-------- C:\Program Files\symantec antivirus
2007-01-24 10:06 -------- d-------- C:\Program Files\symantec
2007-01-23 11:43 -------- d-------- C:\Program Files\documents and setting
2007-01-15 12:55 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-10 12:10 -------- d-------- C:\DOCUME~1\Joe\Application Data\mozilla
2007-01-10 11:24 -------- d-------- C:\Program Files\java
2007-01-03 16:45 -------- d---s---- C:\DOCUME~1\Joe\Application Data\microsoft
2006-12-19 17:04 -------- d-------- C:\Program Files\messenger
2006-12-19 14:19 -------- d-------- C:\Program Files\opera
2006-12-18 13:05 -------- d-------- C:\Program Files\movie maker
2006-12-18 13:01 -------- d-------- C:\Program Files\windows nt
2006-12-13 11:53 -------- d-------- C:\DOCUME~1\Joe\Application Data\utorrent
2006-12-12 10:13 -------- d-------- C:\DOCUME~1\Joe\Application Data\adobeum
2006-12-07 06:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-01 11:40 -------- d-------- C:\Program Files\itunes
2006-12-01 11:40 -------- d-------- C:\Program Files\ipod
2006-12-01 11:40 -------- d-------- C:\DOCUME~1\Joe\Application Data\apple computer
2006-12-01 11:39 -------- d-------- C:\Program Files\quicktime
2006-12-01 11:37 -------- d-------- C:\Program Files\apple software update
2006-11-27 16:52 -------- d-------- C:\Program Files\timeleft3
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Agent"="C:\\WINDOWS\\system32\\alsys.exe"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"
"Agent"="C:\\WINDOWS\\system32\\alsys.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"
"Agent"="C:\\WINDOWS\\system32\\alsys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-25 12:38:28
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
lets see how much this fixes before we go in manually to delete

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

joegallard

Thread Starter
Joined
Jan 23, 2007
Messages
7
Ok here is the spy sweeper file.....amd



14:34: Removal process completed. Elapsed time 00:00:25
14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
14:34: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
14:34: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
14:33: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
14:33: Quarantining All Traces: yadro cookie
14:33: Quarantining All Traces: passion cookie
14:33: Quarantining All Traces: go.com cookie
14:33: Quarantining All Traces: did-it cookie
14:33: Quarantining All Traces: overture cookie
14:33: Quarantining All Traces: atwola cookie
14:33: Quarantining All Traces: ask cookie
14:33: Quarantining All Traces: xiti cookie
14:33: Quarantining All Traces: myaffiliateprogram.com cookie
14:33: Quarantining All Traces: trb.com cookie
14:33: Quarantining All Traces: toplist cookie
14:33: Quarantining All Traces: tacoda cookie
14:33: Quarantining All Traces: partypoker cookie
14:33: Quarantining All Traces: 2o7.net cookie
14:33: Quarantining All Traces: webtrends cookie
14:33: Quarantining All Traces: infospace cookie
14:33: Quarantining All Traces: ic-live cookie
14:33: Quarantining All Traces: burstnet cookie
14:33: Quarantining All Traces: bizrate cookie
14:33: Quarantining All Traces: a cookie
14:33: Quarantining All Traces: atlas dmt cookie
14:33: Quarantining All Traces: touchclarity cookie
14:33: Quarantining All Traces: hbmediapro cookie
14:33: Quarantining All Traces: yieldmanager cookie
14:33: Quarantining All Traces: about cookie
14:33: Quarantining All Traces: 180search assistant/zango
14:33: Quarantining All Traces: systemprocess
14:33: Quarantining All Traces: trojan-backdoor-securemulti
14:33: Removal process initiated
14:33: Traces Found: 77
14:33: Full Sweep has completed. Elapsed time 00:41:00
14:33: File Sweep Complete, Elapsed Time: 00:35:36
14:27: Warning: Failed to access drive D:
14:26: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0598o.htm". The operation completed successfully
14:26: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0598n.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05687.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05685.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05684.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05683.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05682.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567z.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567w.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567v.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567u.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567t.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567n.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567m.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567l.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0567k.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567j.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567g.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567e.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567c.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05670.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566z.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566t.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566j.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566d.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566c.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566a.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05666.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05662.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr05660.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565q.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565o.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565f.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0565a.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05659.js". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05652.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566h.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564s.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0564n.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564g.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05647.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05646.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05645.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05643.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563z.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563x.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563v.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563s.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563r.jpg". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563q.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563l.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0563h.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563g.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563f.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056jz.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562z.jpg". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562y.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gk.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562p.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056au.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562i.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gi.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gh.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gg.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056jx.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562b.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05626.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ge.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gc.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gb.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ga.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g8.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g7.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05623.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g5.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05621.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05620.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g4.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g3.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dk.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056hb.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561z.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g2.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g1.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g0.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dj.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056fy.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056i5.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561u.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561t.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dh.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dg.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056df.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056de.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dd.js". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dc.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ib.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056db.js". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056da.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056fq.js". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056d9.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056cl.xml". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ck.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561s.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561n.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056cf.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561j.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561i.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561h.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561g.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561e.jpg". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562a.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05629.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561a.gif". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562t.htm". The operation completed successfully
14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05617.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05678.js". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05616.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0560w.xml". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0569c.htm". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563a.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05639.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0560q.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0560p.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0560k.xml". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05697.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056hg.htm". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056c5.xml". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr054hm.html". The operation completed successfully
14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05628.gif". The operation completed successfully
14:24: Warning: Failed to open file "c:\program files\symantec antivirus\savrt\0257nav~.tmp". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0565m.gif". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562q.gif". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05627.gif". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0567i.xml". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056av.xml". The operation completed successfully
14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr04yd4.html". The operation completed successfully
14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056d7.js". The operation completed successfully
14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564k.htm". The operation completed successfully
14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr055cv.xml". The operation completed successfully
14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056i7.htm". The operation completed successfully
14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05648.htm". The operation completed successfully
14:21: Warning: Failed to open file "c:\program files\symantec antivirus\savrt\0534nav~.tmp". The operation completed successfully
13:57: Starting File Sweep
13:57: Cookie Sweep Complete, Elapsed Time: 00:00:04
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 3743)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3557)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 6444)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2038)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2729)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 3113)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2728)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2523)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3106)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2027)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2255)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2245)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\mpl\cookies\[email protected]tacoda[1].txt (ID = 6445)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3751)
13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2037)
13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 1957)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3743)
13:57: Found Spy Cookie: yadro cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3557)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 6444)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2038)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2729)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3113)
 

joegallard

Thread Starter
Joined
Jan 23, 2007
Messages
7
13:57: Found Spy Cookie: passion cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2728)
13:57: Found Spy Cookie: go.com cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2523)
13:57: Found Spy Cookie: did-it cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3106)
13:57: Found Spy Cookie: overture cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2027)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2255)
13:57: Found Spy Cookie: atwola cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2245)
13:57: Found Spy Cookie: ask cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 6445)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3751)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2037)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3717)
13:57: Found Spy Cookie: xiti cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3032)
13:57: Found Spy Cookie: myaffiliateprogram.com cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2337)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3587)
13:57: Found Spy Cookie: trb.com cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3557)
13:57: Found Spy Cookie: toplist cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 6444)
13:57: Found Spy Cookie: tacoda cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3111)
13:57: Found Spy Cookie: partypoker cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 1958)
13:57: Found Spy Cookie: 2o7.net cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2038)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3669)
13:57: Found Spy Cookie: webtrends cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2865)
13:57: Found Spy Cookie: infospace cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2821)
13:57: Found Spy Cookie: ic-live cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2038)
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2336)
13:57: Found Spy Cookie: burstnet cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2308)
13:57: Found Spy Cookie: bizrate cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2027)
13:57: Found Spy Cookie: a cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2253)
13:57: Found Spy Cookie: atlas dmt cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
13:57: Found Spy Cookie: touchclarity cookie
13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2768)
13:57: Found Spy Cookie: hbmediapro cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3751)
13:57: Found Spy Cookie: yieldmanager cookie
13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2037)
13:57: Found Spy Cookie: about cookie
13:57: Starting Cookie Sweep
13:57: Registry Sweep Complete, Elapsed Time:00:00:23
13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\system process\ || lastptime (ID = 860390)
13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\system process\ (ID = 860389)
13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\system process\ || lastptime (ID = 860390)
13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\system process\ (ID = 860389)
13:57: Found Adware: systemprocess
13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
13:57: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675)
13:57: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
13:57: Found Adware: 180search assistant/zango
13:57: Starting Registry Sweep
13:57: Memory Sweep Complete, Elapsed Time: 00:04:01
13:53: Starting Memory Sweep
13:53: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
13:53: Found Trojan Horse: trojan-backdoor-securemulti
13:52: Start Full Sweep
13:52: Sweep initiated using definitions version 816
13:52: Spy Sweeper 5.2.3.2138 started
13:52: | Start of Session, 25 January 2007 |
********
13:52: | End of Session, 25 January 2007 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
13:52: Shield States
13:52: Spyware Definitions: 816
13:52: Warning: Virus definitions files are invalid, please update your virus definitions. 220
13:52: Spy Sweeper 5.2.3.2138 started
13:52: Spy Sweeper 5.2.3.2138 started
13:52: | Start of Session, 25 January 2007 |
********
Logfile of HijackThis v1.99.1
Scan saved at 14:37, on 07-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Alerter Client.exe.lnk = ?
O4 - Startup: RoadAngel USB.lnk = ?
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...tonmartin.com/configurator/vanquish_load.html
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - https://www4.king.com/midasa.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://2003server/capella/Codebase/arview2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emeadailydemos.webex.com/client/T23L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pangbourne2.local
O17 - HKLM\Software\..\Telephony: DomainName = pangbourne2.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pangbourne2.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\alsys.exe
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\game4.exe
C:\WINDOWS\system32\game2.exe
C:\WINDOWS\system32\game1.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\game3.exe
C:\WINDOWS\system32\alsys.exe
C:\WINDOWS\system32\ru8Baf5.exe
C:\WINDOWS\system32\game0.exe
C:\WINDOWS\system32\sgsanTk.exe
C:\WINDOWS\system32\cAltRM3.exe
C:\WINDOWS\system32\game5.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger&#8217;s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

then when it reboots

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe

now Start killbox,

Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

then post anew HJT log & tell us how it is
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top