1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Missing Control Panel

Discussion in 'Virus & Other Malware Removal' started by CRodgers, Apr 3, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    Hi! A friend of mine has 2 teenage boys sharing her computer with her. Unfortunately, they have visited/downloaded things they should not.

    Issues:
    * Cannot seem to find Control Panel as user Admin
    * User Administrator is only a login option in Safe Mode, but also can not find Control Panel and has NO Password (need to set that somehow, right?)
    * Can not change the clock (1 hour behind, getting error window "This operation has been cancelled due to restrictions in effect on this compoter. Please contact your system administrator." twice)

    I used SuperAntiSpyware to quarantine a boatload of things (3 memory, 181 registry, 185 files) and I used SmitFraudFix to scan and fix several things. I still have the issues above.

    I have not connected her PC to the internet yet. If I add her to my router, is it possible for her PC to infect my other PCs? I have downloaded things (like the tools above and HiJackThis) to a thumbdrive to put on her PC while not connected to the net. Is it safe to give her an IP address on my lan?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:53 AM, on 4/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\Rundll32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - C:\WINNT\system32\cscdl.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINNT\system32\ddcbyxw.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll (file missing)
    O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINNT\fobapoto.dll
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ixsjolsx] regsvr32 /u "C:\Documents and Settings\All Users.WINNT\Application Data\ixsjolsx.dll"
    O4 - HKLM\..\Run: [BMa3b12406] Rundll32.exe "C:\WINNT\system32\kxlyuabo.dll",s
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKLM\..\Policies\Explorer\Run: [2PFHit5knC] C:\Documents and Settings\All Users.WINNT\Application Data\rgtkhwni\nsfstwdy.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ddcbyxw - C:\WINNT\SYSTEM32\ddcbyxw.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 7542 bytes
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    I kept getting the following message window during sdfix:
    16bit MS-DOS Subsystem
    SDFix
    C:\PROGRA~1\\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed
    Dll initialization. Choose 'Close' to terminate the application.

    I chose Close dozens of times, then finally Ignore.
    After the reboot, the same message came up while SDFix was finishing.

    The control panel is now back in the admin account! Yea!

    SDFix report:

    SDFix: Version 1.165

    Run by Administrator on Mon 04/07/2008 at 07:33 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name:
    psrstbyn

    Path:
    system32\drivers\jvqzipdv.dat

    psrstbyn - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    Service psrstbyn - Deleted after Reboot

    Checking Files :

    Trojan Files Found:

    C:\WINNT\SYSTEM32\CSCDL.1 - Deleted
    C:\WINNT\kaepfbgr\1.png - Deleted
    C:\WINNT\kaepfbgr\2.png - Deleted
    C:\WINNT\kaepfbgr\3.png - Deleted
    C:\WINNT\kaepfbgr\4.png - Deleted
    C:\WINNT\kaepfbgr\5.png - Deleted
    C:\WINNT\kaepfbgr\6.png - Deleted
    C:\WINNT\kaepfbgr\7.png - Deleted
    C:\WINNT\kaepfbgr\8.png - Deleted
    C:\WINNT\kaepfbgr\9.png - Deleted
    C:\WINNT\kaepfbgr\bottom-rc.gif - Deleted
    C:\WINNT\kaepfbgr\config.png - Deleted
    C:\WINNT\kaepfbgr\content.png - Deleted
    C:\WINNT\kaepfbgr\download.gif - Deleted
    C:\WINNT\kaepfbgr\frame-bg.gif - Deleted
    C:\WINNT\kaepfbgr\frame-bottom-left.gif - Deleted
    C:\WINNT\kaepfbgr\frame-h1bg.gif - Deleted
    C:\WINNT\kaepfbgr\head.png - Deleted
    C:\WINNT\kaepfbgr\icon.png - Deleted
    C:\WINNT\kaepfbgr\indexwp.html - Deleted
    C:\WINNT\kaepfbgr\main.css - Deleted
    C:\WINNT\kaepfbgr\memory-prots.png - Deleted
    C:\WINNT\kaepfbgr\net.png - Deleted
    C:\WINNT\kaepfbgr\pc.gif - Deleted
    C:\WINNT\kaepfbgr\pc-mag.gif - Deleted
    C:\WINNT\kaepfbgr\poloska1.png - Deleted
    C:\WINNT\kaepfbgr\poloska2.png - Deleted
    C:\WINNT\kaepfbgr\poloska3.png - Deleted
    C:\WINNT\kaepfbgr\promowp1.html - Deleted
    C:\WINNT\kaepfbgr\promowp2.html - Deleted
    C:\WINNT\kaepfbgr\promowp3.html - Deleted
    C:\WINNT\kaepfbgr\promowp4.html - Deleted
    C:\WINNT\kaepfbgr\promowp5.html - Deleted
    C:\WINNT\kaepfbgr\reg.png - Deleted
    C:\WINNT\kaepfbgr\repair.png - Deleted
    C:\WINNT\kaepfbgr\scr-1.png - Deleted
    C:\WINNT\kaepfbgr\scr-2.png - Deleted
    C:\WINNT\kaepfbgr\start.png - Deleted
    C:\WINNT\kaepfbgr\styles.css - Deleted
    C:\WINNT\kaepfbgr\top-rc.gif - Deleted
    C:\WINNT\kaepfbgr\vline.gif - Deleted
    C:\WINNT\kaepfbgr\wp.png - Deleted
    C:\Temp\1cb\syscheck.log - Deleted
    C:\WINNT\PerfInfo\2PFHit5knCwp.exe - Deleted
    C:\Program Files\ISM\archupd.exe - Deleted
    C:\Program Files\ISM\dictionary.gz - Deleted
    C:\Program Files\ISM\ism.exe - Deleted
    C:\Program Files\ISM\targets.gz - Deleted
    C:\Program Files\ISM\Uninstall.exe - Deleted
    C:\Program Files\JavaCore\JavaCore.exe - Deleted
    C:\Program Files\JavaCore\UnInstall.exe - Deleted
    C:\Program Files\NoDNS\UnInstall.exe - Deleted
    C:\Program Files\nvcoi\mst.stt - Deleted
    C:\Program Files\nvcoi\nvcoi.exe - Deleted
    C:\Program Files\QdrDrive\qdrloader.exe - Deleted
    C:\Program Files\QdrPack\dicts.gz - Deleted
    C:\Program Files\QdrPack\QdrPack14.exe - Deleted
    C:\Program Files\QdrPack\trgts.gz - Deleted
    C:\Program Files\QdrModule\dic.gz - Deleted
    C:\Program Files\QdrModule\kwd.gz - Deleted
    C:\Program Files\QdrModule\QdrModule13.exe - Deleted
    C:\Program Files\Temporary\InsiDERInst.exe - Deleted
    C:\WINNT\b116.exe - Deleted
    C:\WINNT\b152.exe - Deleted
    C:\WINNT\b153.exe - Deleted
    C:\WINNT\b154.exe - Deleted
    C:\WINNT\b155.exe - Deleted
    C:\WINNT\Downloaded Program Files\UGA6P_0001_N122M2802NetInstaller.exe - Deleted
    C:\WINNT\mrofinu572.exe - Deleted
    C:\WINNT\mrofinu572.exe.tmp - Deleted
    C:\WINNT\system32\berg2.dll - Deleted
    C:\WINNT\system32\boa1.dat - Deleted
    C:\WINNT\system32\browse.dll - Deleted
    C:\WINNT\system32\cmds.txt - Deleted
    C:\WINNT\system32\mscorews.dll - Deleted
    C:\WINNT\system32\msratnit.dll - Deleted
    C:\WINNT\system32\pac.txt - Deleted
    C:\WINNT\system32\ps1.dat - Deleted
    C:\WINNT\system32\rc.dat - Deleted
    C:\WINNT\system32\tinox1.dll - Deleted
    C:\WINNT\system32\drivers\jvqzipdv.dat - Deleted



    Folder C:\Program Files\ISM - Removed
    Folder C:\Program Files\JavaCore - Removed
    Folder C:\Program Files\NoDNS - Removed
    Folder C:\Program Files\nvcoi - Removed
    Folder C:\Program Files\QdrDrive - Removed
    Folder C:\Program Files\QdrPack - Removed
    Folder C:\Program Files\QdrModule - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\Temp\1cb - Removed
    Folder C:\Temp\tn3 - Removed
    Folder C:\WINNT\PerfInfo - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-07 07:48:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710
    "AppInit_DLLs"=""

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
    "C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Disabled:AOL Instant Messenger"
    "D:\\2004\\CL Applications\\bin\\GeometryB Cognitive Model.exe"="D:\\2004\\CL Applications\\bin\\GeometryB Cognitive Model.exe:*:Disabled:Cognitive model for Geometry"
    "D:\\2004\\CL Applications\\Cognitive Tutor LMS\\Cognitive Tutor.exe"="D:\\2004\\CL Applications\\Cognitive Tutor LMS\\Cognitive Tutor.exe:*:Disabled:Cognitive Tutor"
    "D:\\2004\\CL Applications\\bin\\Algebra II Cognitive Model.exe"="D:\\2004\\CL Applications\\bin\\Algebra II Cognitive Model.exe:*:Disabled:Lisp tutor"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.0"
    "C:\\Program Files\\Toolbar\\TBPS.exe"="C:\\Program Files\\Toolbar\\TBPS.exe:*:Disabled:WebSearch Toolbar"
    "C:\\Program Files\\Toolbar\\PIB.exe"="C:\\Program Files\\Toolbar\\PIB.exe:*:Disabled:WebSearch Toolbar"
    "C:\\Program Files\\Toolbar\\radio.exe"="C:\\Program Files\\Toolbar\\radio.exe:*:Disabled:WebSearch Toolbar Plugin"
    "C:\\Program Files\\Toolbar\\TBPSSvc.exe"="C:\\Program Files\\Toolbar\\TBPSSvc.exe:*:Disabled:WebSearch Toolbar Service"
    "C:\\WINNT\\explorer.exe"="C:\\WINNT\\explorer.exe:*:Disabled:Windows Explorer"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :


    Finished!

    ###########################################
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:03:04 AM, on 4/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\Rundll32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - C:\WINNT\system32\cscdl.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINNT\system32\ddcbyxw.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll (file missing)
    O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINNT\fobapoto.dll
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ixsjolsx] regsvr32 /u "C:\Documents and Settings\All Users.WINNT\Application Data\ixsjolsx.dll"
    O4 - HKLM\..\Run: [BMa3b12406] Rundll32.exe "C:\WINNT\system32\kxlyuabo.dll",s
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ddcbyxw - C:\WINNT\SYSTEM32\ddcbyxw.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 7288 bytes
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
  5. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    The report below popped up, but after I saved the report to a thumb drive (can not get an IP renew to get on the internet), a dialog box explained that it could not remove some registry information and wanted to reboot (I said yes).

    Post too long, breaking it in two.

    #########################
    mbam-log-4-8-2008 (09-53-55).txt
    #########################
    Malwarebytes' Anti-Malware 1.09
    Database version: 507

    Scan type: Full Scan (A:\|C:\|)
    Objects scanned: 193778
    Time elapsed: 38 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 43
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 21
    Files Infected: 150

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{5a148cf2-9c7b-4499-8e25-c9383a5e8680} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{daa07812-5c88-4ccc-8d25-10fef65b77b1} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{89cc26bc-9256-4cca-a7f3-b9d6c48dba71} (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rabio.rabiobho (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rabio.rabiobho.1 (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{923ca88a-ae69-49af-bf65-9a3123b14ccb} (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8c36d71b-0a48-4d38-9def-2a2a2669d0c9} (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BndFibu7.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band.1 (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO.1 (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rabio.RabioBHO (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Rabio.DLL (Adware.RABCO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3615ee58-6f38-47ba-9dd9-c99bd611c6a6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3615ee58-6f38-47ba-9dd9-c99bd611c6a6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbyxw (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3615ee58-6f38-47ba-9dd9-c99bd611c6a6} (Trojan.Vundo) -> Delete on reboot.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\WINNT\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\ISM2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.
    C:\WINNT\system32\dr6 (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\WINNT\system32\ech5 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\system32\lows8 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\system32\sbc2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\system32\typ2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\Awola (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Awola (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users.WINNT\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users.WINNT\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINNT\system32\awuihiyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\oyihiuwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\gqrjketr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\rtekjrqg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\jdbevjun.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\nujvebdj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\kqcbyolt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\tloybcqk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\lichgslx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\xlsghcil.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\xouupoif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\fiopuuox.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Bat.dll (Adware.Batco) -> Quarantined and deleted successfully.
    C:\72.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\BAK15E.tmp (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\BatSetup.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\ismupd24.exe (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\SETUP_33347\00000#Bat.dll (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\SETUP_33347\Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\SETUP_33347\Engine.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\Microsoft\Windows\rbvaq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\WinTouch\WTUninstaller.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Local Settings\Temp\ismupd8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\X_Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\un_RABCOSetup_16230.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP17\A0012874.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP24\A0019195.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP25\A0020334.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP29\A0022534.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP36\A0027833.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP38\A0029938.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP38\A0029943.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP39\A0030974.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP39\A0030976.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP39\A0030977.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0033052.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0033061.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0033063.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0033064.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0035086.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0035088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0035089.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0037090.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0037093.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0037094.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0037106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0041108.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0041109.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0041115.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP40\A0041116.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP41\A0043135.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP41\A0050233.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0054270.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0054272.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0054273.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0054274.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0054275.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055312.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055313.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055316.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055317.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055318.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0055319.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP42\A0059338.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0072482.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0072483.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0072485.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0072486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0072500.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0074495.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0075496.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP44\A0076495.exe (Adware.Batco) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP45\A0077531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP46\A0077559.dll (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP46\A0077573.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP46\A0077575.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP46\A0077579.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077735.exe (Adware.ISM) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077737.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077741.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077742.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077743.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077744.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077745.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077746.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077747.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077748.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077750.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077763.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077764.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077766.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077770.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077771.exe (Adware.ISM) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077772.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077773.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077777.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077778.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP49\A0077779.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP7\A0004389.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{0D7753CC-D2C6-448A-A8CA-AECF5719BE51}\RP9\A0009447.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\WINNT\system32\L3465.tmp (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\WINNT\system32\dr6\crecomdll1.exe (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\WINNT\system32\typ2\key89104.exe (Adware.TTC) -> Quarantined and deleted successfully.
    C:\Program Files\ISM2\dictionary.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\ISM2\targets.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\ExecutionDll.dll (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\RABCO.dll.intermediate.manifest (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\RABCOse.info (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\RABCOse.original (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\Setup.log (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\un_RABCOSetup_16230.txt (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\RABCO\X_RABCOse.log (Adware.RABCO) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\Info.dll (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\Awola\Awola.exe (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Application Data\Awola\settings.ini (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Awola\Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\Documents and Settings\theresa\Start Menu\Programs\Awola\Uninstall Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.
    C:\WINNT\system32\sf.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINNT\Fonts\alk3.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\system32\ddcbyxw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINNT\system32\yayaayv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINNT\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
    C:\Documents and Settings\theresa\~tmp1174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Start Menu\Programs\Startup\Bat - Auto Update.lnk (Adware.Batco) -> Quarantined and deleted successfully.
    C:\WINNT\system32\dllcache\svchost.exe.tmp (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ryan\Local Settings\Temp\svchost.bin (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
  6. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    #########################
    hijackthis.log
    #########################
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:04:48 AM, on 4/8/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\Rundll32.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - C:\WINNT\system32\cscdl.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll (file missing)
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINNT\fobapoto.dll
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ixsjolsx] regsvr32 /u "C:\Documents and Settings\All Users.WINNT\Application Data\ixsjolsx.dll"
    O4 - HKLM\..\Run: [BMa3b12406] Rundll32.exe "C:\WINNT\system32\kxlyuabo.dll",s
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 6790 bytes
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    next to get the internet back

    Download LSPfix here: http://www.cexx.org/lspfix.htm
    and now run the LSPFIX application. You will see a list of files in the left hand pane and possibly some in the right hand pane. Tick the"I know what i'm doing" box & select any instances of webhdll.dll that are in the left hand keep pane and move them to the right hand remove pane, DO NOT MOVE ANY OTHER FILES, press finish and the program will do anything necessary

    reboot & the net should work

    then

    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix: especially follow the advice about installing the recovery console

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply
     
  8. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    The LSPFix worked great! It also fixed the Verizon issue I had (must have needed an internet connection).

    I can not get ComboFix to run. I see a small rectangle that does a quick progress bar, then the desktop icons blink, then I see the flash of a blue window - looks like a DOS-type session. Then nothing.

    I see that the PC has Verizon Internet Security Suite. I turned off all protection options (anti-virus, anti-spyware, etc). No good. I right-clicked from the system tray and said Exit and got a warning about no protection, said OK, but still could not get the ComboFix to run. I also saw that there were Symantec progs on here. They have Corp Ed Antivirus. I turned it off in the options, but still could not get ComboFix to run.

    I would bet the Symantec is not legal, how can I remove it (add/remove has issues)? Where is a good link to get rid of *all* of the Symantec junk?

    Also, should I get rid of the Verizon suite? The CombiFix instructions do not list that one in the list of how to disable tools before running ComboFix (although I did my best to disable it). Or do you think they may need it if Verizon is providing their internet service?

    Here is a fresh HiJack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:35:55 PM, on 4/8/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\Rundll32.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - C:\WINNT\system32\cscdl.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - berg2.dll (file missing)
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINNT\fobapoto.dll
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ixsjolsx] regsvr32 /u "C:\Documents and Settings\All Users.WINNT\Application Data\ixsjolsx.dll"
    O4 - HKLM\..\Run: [BMa3b12406] Rundll32.exe "C:\WINNT\system32\kxlyuabo.dll",s
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 6982 bytes
     
  9. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    Now that the internet is working, if I use IE, it starts up without a problem. I changed the start page to be www.google.com. But after a few seconds of just sitting there, it starts spawning new instances of IE going to various web sites. Some porn, some free junk, etc.

    I also re-ran Malwarebytes' Anti-Malware and removed more malware (with the newest updated definitions). SuperAntiSpyware still reports a rootkit (but can't seem to successfully get rid of it).

    ComboFix still behaves as above: quick progress bar, flashes of icons, flash of a blue screen window, then nothing.

    Is SuperAntiSpyware Pro worth buying? They have a deal for $20 (US) including lifetime upgrades. Or is it better to just manually scan and update periodically?
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    lets uninstall all norton stuff first

    user their uninstall tool
    http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    then redownload combofix & see if it will work

    if combofix won't work this time then

    Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    4. Now click the Run Scan button on the toolbar.
    5. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    6. When the scan is complete Notepad will open with the report file loaded in it.
    7. Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  11. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    Attached is the OTScanIt output. I went ahead and downloaded FireFox because IE finally went nuts and started opening dozens of windows really fast. Once I killed it in Task manager, I still get a page once every few minutes - even though ie is not running!
     

    Attached Files:

  12. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    While I am at it, here is a HijackThis log:
     

    Attached Files:

  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Unregister Dlls]
    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> ixsjolsx -> %AllUsersProfile%\Application Data\ixsjolsx.dll [regsvr32 /u "C:\Documents and Settings\All Users.WINNT\Application Data\ixsjolsx.dll"]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YY -> {0E5B939C-F255-4D48-94EF-CB28051D97D9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cscdl.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {4BA002CD-3226-426D-9C3F-D0D487018DD9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\desktop.ini\cofeno89104.dll []
    YY -> {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\fobapoto.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {B6A1A116-60F5-1C75-8B28-4FE6718509E5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\plxl.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {B7A3AC14-33AA-4A25-D828-4FE671840EB2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nympon.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {E0A7FA11-35AF-1D25-D228-4FE671850DE0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wfxohf.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fdpnwr.dll [Reg Error: Value  does not exist or could not be read.]
    < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    [Files/Folders - Created Within 30 days]
    NY -> 10 C:\*.tmp files -> C:\*.tmp
    NY -> x5qave.exe -> %SystemDrive%\x5qave.exe
    NY -> core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk
    NY -> boisoedl.dll -> %SystemRoot%\System32\boisoedl.dll
    NY -> deqxfkbs.dll -> %SystemRoot%\System32\deqxfkbs.dll
    NY -> didbxfem.ini -> %SystemRoot%\System32\didbxfem.ini
    NY -> duplpmna.dll -> %SystemRoot%\System32\duplpmna.dll
    NY -> ejkqmqjm.dll -> %SystemRoot%\System32\ejkqmqjm.dll
    NY -> faxdjjix.dll -> %SystemRoot%\System32\faxdjjix.dll
    NY -> gpumgtea.ini -> %SystemRoot%\System32\gpumgtea.ini
    NY -> hrtvfqhk.dll -> %SystemRoot%\System32\hrtvfqhk.dll
    NY -> jdtgvtjh.ini -> %SystemRoot%\System32\jdtgvtjh.ini
    NY -> jixlsmjp.dll -> %SystemRoot%\System32\jixlsmjp.dll
    NY -> khadfoop.dll -> %SystemRoot%\System32\khadfoop.dll
    NY -> ltluhmvy.dll -> %SystemRoot%\System32\ltluhmvy.dll
    NY -> march_madness.ico -> %SystemRoot%\System32\march_madness.ico
    NY -> mlJCTMef.dll -> %SystemRoot%\System32\mlJCTMef.dll
    NY -> mnqnjqnn.ini -> %SystemRoot%\System32\mnqnjqnn.ini
    NY -> nesmmico.dll -> %SystemRoot%\System32\nesmmico.dll
    NY -> njiowqjq.dll -> %SystemRoot%\System32\njiowqjq.dll
    NY -> oldfeffx.ini -> %SystemRoot%\System32\oldfeffx.ini
    NY -> orxxldti.ini -> %SystemRoot%\System32\orxxldti.ini
    NY -> oypanlcm.dll -> %SystemRoot%\System32\oypanlcm.dll
    NY -> ppbdgswg.dll -> %SystemRoot%\System32\ppbdgswg.dll
    NY -> ptlamqwp.dll -> %SystemRoot%\System32\ptlamqwp.dll
    NY -> sdhmhxjv.dll -> %SystemRoot%\System32\sdhmhxjv.dll
    NY -> txvkhyav.dll -> %SystemRoot%\System32\txvkhyav.dll
    NY -> vjyjpnve.ini -> %SystemRoot%\System32\vjyjpnve.ini
    NY -> vleuysoj.dll -> %SystemRoot%\System32\vleuysoj.dll
    NY -> xiokwnql.dll -> %SystemRoot%\System32\xiokwnql.dll
    NY -> xvnjqjjk.dll -> %SystemRoot%\System32\xvnjqjjk.dll
    NY -> xwqnwmwf.dll -> %SystemRoot%\System32\xwqnwmwf.dll
    NY -> yilwgwsy.ini -> %SystemRoot%\System32\yilwgwsy.ini
    NY -> ?racle -> %SystemRoot%\System32\&#927;racle
    NY -> 15 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp
    NY -> ?ystem32 -> %SystemRoot%\System32\&#1109;ystem32
    NY -> 14 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp
    NY -> fobapoto.dll -> %SystemRoot%\fobapoto.dll
    NY -> F?nts -> %SystemRoot%\F&#1086;nts
    NY -> kaepfbgr -> %SystemRoot%\kaepfbgr
    NY -> pyxsjyrw.dll -> %SystemRoot%\pyxsjyrw.dll
    NY -> W?nSxS -> %SystemRoot%\W&#1110;nSxS
    NY -> ?ymbols -> %SystemRoot%\&#1109;ymbols
    NY -> ?dobe -> %SystemRoot%\&#1040;dobe
    NY -> ?icrosoft.NET -> %SystemRoot%\&#1052;icrosoft.NET
    NY -> ?asks -> %SystemRoot%\&#1058;asks
    [Files/Folders - Modified Within 30 days]
    NY -> 10 C:\*.tmp files -> C:\*.tmp
    NY -> 132 C:\Documents and Settings\admin\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Temp\*.tmp
    NY -> 132 C:\Documents and Settings\admin\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Temp\*.tmp
    NY -> 132 C:\Documents and Settings\admin\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Temp\*.tmp
    [Extra Files]
    Purity
    [Empty Temp Folders]
    [ZipFiles]
    [Reboot]
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  14. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    Weird stuff... OTScanIt would change the text I pasted and then hang. It created a set of folders under its home dir, but nothing. I let it go for 35 minutes, nothing. I killed it and tried again, but nothing. I copied the text from this thread to notepad and saved it as a text file, and I got a message about unicode characters. I pasted the text file into OTScanIt and still it hung. I even rebooted into safe mode and tried it and I got the same thing - and now 4 sets of empty directories under its home dir (top level is timestamped in its name).

    I went back to normal mode and tried ComboFix and it worked!!! Hooray!!! So, the ComboFix log is attached and the HijackThis log follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:16 PM, on 4/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
    C:\WINNT\system32\carpserv.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - C:\WINNT\system32\cscdl.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINNT\fobapoto.dll
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 6152 bytes
     

    Attached Files:

  15. CRodgers

    CRodgers Thread Starter

    Joined:
    Sep 23, 2007
    Messages:
    17
    After several iterations of SuperAntiSpyware, Malwarebytes' Anti-Malware, Verizon's anti-spyware, and combofix, I finally came up with all 3 scanners saying that I am clean. From the Hijack log, does it look like it?

    Is there anything else I need to look for? Over the last few days of anti-spyware tools, I would get one to say clean, another to say found a few things. Once I fixed those, then the other would complain about a couple more that it had not seen just a few hours before. Hopefully it is all gone now.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:54:30 PM, on 4/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINNT\system32\sistray.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: (no name) - {0E5B939C-F255-4D48-94EF-CB28051D97D9} - (no file)
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
    O2 - BHO: (no name) - {4BA002CD-3226-426D-9C3F-D0D487018DD9} - C:\Program Files\desktop.ini\cofeno89104.dll (file missing)
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - (no file)
    O2 - BHO: (no name) - {B6A1A116-60F5-1C75-8B28-4FE6718509E5} - C:\WINNT\system32\plxl.dll (file missing)
    O2 - BHO: (no name) - {B7A3AC14-33AA-4A25-D828-4FE671840EB2} - C:\WINNT\system32\nympon.dll (file missing)
    O2 - BHO: (no name) - {E0A7FA11-35AF-1D25-D228-4FE671850DE0} - C:\WINNT\system32\wfxohf.dll (file missing)
    O2 - BHO: (no name) - {E6A6FB16-34F9-4B27-DC28-4FE671820BB2} - C:\WINNT\system32\fdpnwr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINNT\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
    O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110507865433
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
    O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\kyze.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\howysy.html

    --
    End of file - 6423 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/699861

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice