1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Missing .dll Files and weird computer behavior

Discussion in 'Windows XP' started by Stephdon, Jul 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    I have upon start up, 2 error messages stating that I have 2 missing or corrupt .dll files
    W0806cd4.dll
    W083667d.dll
    I have done a search for these files online and can not find any info on them or anyone talking about them on any post!


    I click ok and the computer continues to start up normally.

    The weird behavior I have been having with my Windows XP is that several times a day my system tray and page will go blank, I can't do anything when it does this, and it reloads everything, desktop buttons, system tray buttons and all..

    My computer will also not shut down all the way from time to time. I will "shut down" and it will proceed as normal and then it will go blue screen and I have to push and hold my tower button to get it completely off.
    It's done these things for a good while now and was curious about why.

    Also running really slow as well..
    I would appreciate any help with the above issues and cleaning up my computer! I'm afraid to do it anything on my own, I might delete something important!

    Here is my hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:14:11 AM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\System Files\System.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\raslb.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cuaplxo.exe
    O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcya.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ahgybq] C:\WINDOWS\system32\bqchbs.exe reg_run
    O4 - HKLM\..\Run: [qgo32808] RUNDLL32.EXE w0806cd4.dll,n 00232806000000030806cd4
    O4 - HKLM\..\Run: [w083667d.dll] RUNDLL32.EXE w083667d.dll,I2 0023282b0083667d
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kokprp.exe reg_run
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [wenbc] C:\WINDOWS\system32\bqchbs.exe reg_run
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\OXEACC.DLL
    O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
    O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\sqnsapi.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
    O20 - Winlogon Notify: Run-Disabled - C:\WINDOWS\system32\DEAUTH.DLL (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You are quite infected!

    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ==================
    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    · Double-click VundoFix.exe to run it.
    · Click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.
    · Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    ============================
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Thank you so much for your help!
    Here are my logs as requested.. I will post in different posts to help break them up...

    #1 combo fix log



    Start Time= Sun 07/30/2006 15:58:58.01
    Running from: C:\Documents and Settings\Stephanie Chaney\Desktop

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcya
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\logons
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\clsid\{444243CC-43EE-44FD-BFE2-5F7F5B237759}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{444243CC-43EE-44FD-BFE2-5F7F5B237759}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{444243CC-43EE-44FD-BFE2-5F7F5B237759}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{444243CC-43EE-44FD-BFE2-5F7F5B237759}\InprocServer32]
    @="C:\\WINDOWS\\system32\\OXEACC.DLL"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\SYSTEM32\fp6m03j1e.dll
    C:\WINDOWS\SYSTEM32\guard.tmp
    C:\WINDOWS\SYSTEM32\Lydic80n.dll
    C:\WINDOWS\SYSTEM32\o6480ghue6480.dll
    C:\WINDOWS\SYSTEM32\OXEACC.DLL
    C:\WINDOWS\SYSTEM32\whcsapi.dll


    Granting sedebugprivilege to Administrators ... successful


    ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

    16:16:57.90

    Qoologic uninstaller found and executed
    Registry entries fixed


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\drsmartload.exe
    C:\dfndref_7.exe
    C:\kybrdef_7.exe
    C:\Documents and Settings\Stephanie Chaney\Local Settings\Temporary Internet Files\Content.IE5\G9OZ0BWZ\dfndref_7[1].exe
    C:\Documents and Settings\Stephanie Chaney\Local Settings\Temporary Internet Files\Content.IE5\SH9TMAEO\kybrdef_7[1].exe
    C:\WINDOWS\keyboard1.dat
    C:\MTE3NDI6ODoxNgnew.exe
    C:\warebundlenewer.exe
    C:\Documents and Settings\Stephanie Chaney\Local Settings\Temporary Internet Files\Content.IE5\W1Y3W567\MTE3NDI6ODoxNg[1].exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\SYSTEM32\atmtd.dll
    C:\WINDOWS\SYSTEM32\atmtd.dll._
    C:\Program Files\network monitor
    C:\Documents and Settings\LocalService\Application Data\NetMon


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-07-30 11:00:28 ( .D... ) "C:\Program Files\Webroot"
    2006-07-28 23:58:52 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
    2006-07-28 19:00:30 ( .D... ) "C:\Documents and Settings\Stephanie Chaney\Application Data\AVG7"
    2006-07-28 17:28:28 278 ( A.... ) "C:\WINDOWS\alios.dll"
    2006-07-28 17:09:14 141 ( A.... ) "C:\WINDOWS\tctty.dll"
    2006-07-28 17:08:54 73216 ( A.... ) "C:\WINDOWS\SYSTEM32\auaipip.dll"
    2006-07-28 17:08:54 29184 ( A.... ) "C:\WINDOWS\SYSTEM32\cbcjdjd.exe"
    2006-07-28 17:08:54 12288 ( A.... ) "C:\WINDOWS\SYSTEM32\lklkr.dll"
    2006-07-28 17:08:50 199168 ( A.... ) "C:\WINDOWS\SYSTEM32\kokprp.exe"
    2006-07-28 12:26:20 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
    2006-07-28 12:26:10 159744 ( A.... ) "C:\WINDOWS\SYSTEM32\redist.dll"
    2006-07-28 12:24:48 1064 ( A.... ) "C:\WINDOWS\SYSTEM32\qgo32808.sys"
    2006-07-28 12:24:48 1064 ( A.... ) "C:\WINDOWS\SYSTEM32\qgo32808.sys"
    2006-07-28 12:24:02 51712 ( A.... ) "C:\WINDOWS\SYSTEM32\w083901d.dll"
    2006-07-28 12:22:30 ( .D... ) "C:\Program Files\System Icons"
    2006-07-28 12:22:30 ( .D... ) "C:\Program Files\System Files"
    2006-07-28 12:21:38 78336 ( A.... ) "C:\WINDOWS\unwn.exe"
    2006-07-28 12:20:14 48167 ( A.... ) "C:\WINDOWS\SYSTEM32\VSL05.exe"
    2006-07-28 12:19:42 51712 ( A.... ) "C:\WINDOWS\SYSTEM32\hxbhsba.dll"
    2006-07-28 12:19:42 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\raslb.exe"
    2006-07-28 12:19:42 23552 ( A.... ) "C:\WINDOWS\SYSTEM32\cuaplxo.exe"
    2006-07-28 12:18:32 111104 ( A.... ) "C:\numbsoftnew.exe"
    2006-07-28 12:18:12 389632 ( A.... ) "C:\webnexmknew.exe"
    2006-07-28 12:17:52 2560 ( A.... ) "C:\ac3_0003.exe"
    2006-07-28 12:17:52 ( .D... ) "C:\Program Files\Common Files\okqm"
    2006-07-28 12:17:34 587776 ( A.... ) "C:\626_101newer.exe"
    2006-07-28 12:17:06 27648 ( A.... ) "C:\dist13.exe"
    2006-07-28 12:16:28 290816 ( A.... ) "C:\installerwnusnewer.exe"
    2006-07-28 12:16:02 52104 ( A.... ) "C:\WINDOWS\pf79.exe"
    2006-07-28 12:15:50 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
    2006-07-28 12:15:40 30208 ( A.... ) "C:\SS1001newer.exe"
    2006-07-28 12:15:22 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
    2006-07-28 12:14:40 467968 ( A.... ) "C:\visfx500new.exe"
    2006-07-28 12:14:20 48190 ( A.... ) "C:\RDFX4.exe"
    2006-07-28 12:13:52 45056 ( A.... ) "C:\WINDOWS\system32ghynf.exe"
    2006-07-28 12:13:52 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
    2006-07-28 12:13:46 221184 ( A.... ) "C:\WINDOWS\SYSTEM32\xeymi.dll"
    2006-07-28 12:13:46 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\iqqr.exe"
    2006-07-28 12:13:40 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\bez6n4r21.exe"
    2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\SYSTEM32\tsuninst.exe"
    2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\SYSTEM32\wfxqhv.exe"
    2006-07-20 16:31:24 36864 ( A.... ) "C:\WINDOWS\SYSTEM32\zqskw.exe"
    2006-07-13 12:37:16 ( .D... ) "C:\Program Files\Norton SystemWorks"
    2006-07-10 11:54:08 ( .D... ) "C:\Program Files\INFOCLICKS RAM BLAST"
    2006-07-07 16:54:10 252928 ( A.... ) "C:\WINDOWS\WRUninstall.dll"
    2006-07-07 16:53:54 208896 ( A.... ) "C:\WINDOWS\SYSTEM32\WRLogonNtf.dll"
    2006-07-07 16:53:52 8704 ( A.... ) "C:\WINDOWS\SYSTEM32\ssiefr.EXE"
    2006-07-07 16:53:50 20992 ( A.... ) "C:\WINDOWS\SYSTEM32\wrlzma.dll"
    2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
    2006-06-08 12:08:36 534208 ( A.... ) "C:\WINDOWS\SYSTEM32\SymNeti.dll"
    2006-06-08 12:08:36 161472 ( A.... ) "C:\WINDOWS\SYSTEM32\SymRedir.dll"
    2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
    2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
    2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\SYSTEM32\dnsapi.dll"
    2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\SYSTEM32\dhcpcsvc.dll"
    2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\SYSTEM32\iphlpapi.dll"
    2006-05-16 14:34:38 87808 ( A.... ) "C:\WINDOWS\SYSTEM32\S32EVNT1.DLL"
    2006-05-15 18:24:34 466944 ( A.... ) "C:\WINDOWS\SYSTEM32\capicom.dll"
    2006-05-14 11:26:26 5120 ( A.SH. ) "C:\Program Files\Thumbs.db"
    2005-11-03 11:49:04 7260 ( A..H. ) "C:\Program Files\clthumbs.zdx"
    2005-11-03 11:49:04 57 ( A..H. ) "C:\Program Files\clipart.zdx"
    2003-11-08 21:47:16 6118 ( A.... ) "C:\Program Files\backdrop.imf"
    2003-08-06 01:00:00 69632 ( A.... ) "C:\Program Files\SYSTEM1X.MDW"
    2003-06-06 10:49:14 0 ( A.... ) "C:\Program Files\OPTIONS.PTL"
    2003-06-06 10:49:14 0 ( A.... ) "C:\Program Files\OPTIONS.LCK"
    2003-04-20 20:52:10 13736688 ( A...R ) "C:\Program Files\AcroReader51_ENU_full.exe"
    2003-03-28 14:08:42 0 ( ..... ) "C:\Program Files\STATUS.PTL"
    2002-11-14 11:06:00 207758 ( ..... ) "C:\Program Files\INSTALL.LOG"
    2002-10-08 17:44:50 23552 ( ..... ) "C:\Program Files\Readme.doc"
    2002-08-19 19:15:14 43 ( ..... ) "C:\Program Files\Example Database.csv"
    2002-07-08 12:50:54 208947 ( ..... ) "C:\Program Files\pod.dll"
    2002-05-10 16:06:38 151552 ( ..... ) "C:\Program Files\PodXSR.dll"
    2002-02-22 10:40:32 1052123 ( ..... ) "C:\Program Files\StaticCache.pvd"
    2002-02-22 10:40:32 8774 ( ..... ) "C:\Program Files\StaticCache.pvi"
    2002-02-21 11:23:26 155648 ( ..... ) "C:\Program Files\abook42.dll"
    2001-09-26 11:04:04 151552 ( ..... ) "C:\Program Files\abookcsv.dll"
    2001-09-25 15:40:52 20480 ( ..... ) "C:\Program Files\3d.PTX"
    2001-09-17 10:58:32 1450 ( ..... ) "C:\Program Files\Wallpaper Instructions.txt"
    2001-09-17 10:38:42 154060 ( ..... ) "C:\Program Files\blessamericawallpaper.jpg"
    2001-02-14 18:34:54 1294 ( ..... ) "C:\Program Files\NetpropAdwiting.txt"


    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


    2006-07-30 11:01 208,896 C:\WINDOWS\system32\WRLogonNtf.dll
    2006-07-30 11:00 8,704 C:\WINDOWS\system32\ssiefr.EXE
    2006-07-30 11:00 684,032 C:\WINDOWS\libeay32.dll
    2006-07-30 11:00 252,928 C:\WINDOWS\WRUninstall.dll
    2006-07-30 11:00 20,992 C:\WINDOWS\system32\wrlzma.dll
    2006-07-30 11:00 155,648 C:\WINDOWS\ssleay32.dll
    2006-07-28 17:08 73,216 C:\WINDOWS\system32\auaipip.dll
    2006-07-28 17:08 29,184 C:\WINDOWS\system32\cbcjdjd.exe
    2006-07-28 17:08 199,168 C:\WINDOWS\system32\kokprp.exe
    2006-07-28 17:08 141 C:\WINDOWS\tctty.dll
    2006-07-28 17:08 12,288 C:\WINDOWS\system32\lklkr.dll
    2006-07-28 12:26 38,412 C:\WINDOWS\ssqbn.exe
    2006-07-28 12:26 159,744 C:\WINDOWS\system32\redist.dll
    2006-07-28 12:24 51,712 C:\WINDOWS\system32\w083901d.dll
    2006-07-28 12:24 1,064 C:\WINDOWS\system32\qgo32808.sys
    2006-07-28 12:21 78,336 C:\WINDOWS\unwn.exe
    2006-07-28 12:20 48,167 C:\WINDOWS\system32\VSL05.exe
    2006-07-28 12:19 51,712 C:\WINDOWS\system32\hxbhsba.dll
    2006-07-28 12:19 28,672 C:\WINDOWS\system32\raslb.exe
    2006-07-28 12:19 278 C:\WINDOWS\alios.dll
    2006-07-28 12:19 23,552 C:\WINDOWS\system32\cuaplxo.exe
    2006-07-28 12:18 389,632 C:\webnexmknew.exe
    2006-07-28 12:18 111,104 C:\numbsoftnew.exe
    2006-07-28 12:17 587,776 C:\626_101newer.exe
    2006-07-28 12:17 27,648 C:\dist13.exe
    2006-07-28 12:17 2,560 C:\ac3_0003.exe
    2006-07-28 12:17 127,578 C:\WINDOWS\system32\tsuninst.exe
    2006-07-28 12:16 52,104 C:\WINDOWS\pf79.exe
    2006-07-28 12:16 290,816 C:\installerwnusnewer.exe
    2006-07-28 12:15 30,208 C:\SS1001newer.exe
    2006-07-28 12:15 232,749 C:\WINDOWS\pf78.exe
    2006-07-28 12:15 14,848 C:\stub_113_4_0_4_0newer.exe
    2006-07-28 12:14 48,190 C:\RDFX4.exe
    2006-07-28 12:14 467,968 C:\visfx500new.exe
    2006-07-28 12:13 45,056 C:\WINDOWS\system32ghynf.exe
    2006-07-28 12:13 36,864 C:\WINDOWS\system32\zqskw.exe
    2006-07-28 12:13 28,672 C:\WINDOWS\system32bez6n4r21.exe
    2006-07-28 12:13 28,672 C:\WINDOWS\system32\iqqr.exe
    2006-07-28 12:13 28,672 C:\WINDOWS\system32\bez6n4r21.exe
    2006-07-28 12:13 221,184 C:\WINDOWS\system32\xeymi.dll
    2006-07-28 12:13 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
    2006-07-13 12:32 87,808 C:\WINDOWS\system32\S32EVNT1.DLL
    2006-06-23 23:19 71,168 C:\WINDOWS\system32\ijl11pro.DLL


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "Dit"="Dit.exe"
    "Pop-Up Stopper"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\dpps2.exe\""
    "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "Norton Ghost 10.0"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
    "TheMonitor"="C:\\WINDOWS\\SYSC00.exe"
    "qgo32808"="\"RUNDLL32.EXE\" w0806cd4.dll,n 00232806000000030806cd4"
    "w083667d.dll"="\"RUNDLL32.EXE\" w083667d.dll,I2 0023282b0083667d"
    "NwCplMonitor"="C:\\WINDOWS\\system32\\redistributor.exe"
    "AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
    "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
    "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "HostsToggle"="\"C:\\Documents and Settings\\Stephanie Chaney\\Desktop\\hoststoggle[1]\\HostsToggle.exe\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "WinFixer2006"="\"C:\\Program Files\\WinFixer_2006\\uwfx6.exe\" /scan"
    "DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
    "CAS2"="\"C:\\Program Files\\System Files\\System.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
    "flags"=dword:00000008

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewContextMenu"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "ModemOnHold"="C:\\PROGRA~1\\DELLMO~1\\moh.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="http://www.chakerestheatres.com/pics/background.gif"
    "SubscribedURL"="http://www.chakerestheatres.com/pics/background.gif"
    "FriendlyName"=""
    "Flags"=dword:00000001
    "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,00
    "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,ec,03,00,00,95,01,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,c6,fe,ff,ff,cc,00,00,00,ec,03,00,00,95,01,\
    00,00,01,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:01,00,00,00
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
    "Daily Weather Forecast"="C:\\Program Files\\Daily Weather Forecast\\weather.exe"
    "eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "BCMSMMSG"="BCMSMMSG.exe"
    "InCD"="C:\\Program Files\\ahead\\InCD\\InCD.exe"
    "PCTVOICE"="pctspk.exe"
    "SystemInit"=""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "InCD"="C:\\Program Files\\ahead\\InCD\\InCD.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
    "Open Site"="C:\\Program Files\\Open Site\\opnste.exe"
    "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "VetTray"="C:\\PROGRA~1\\CA\\ETRUST~1\\ETRUST~1\\VetTray.exe"
    "Zone Labs Client"="C:\\PROGRA~1\\CA\\ETRUST~1\\ETRUST~2\\ca.exe"
    "eac_cnry"="C:\\DOCUME~1\\STEPHA~1\\LOCALS~1\\Temp\\EACDownload\\nccr.exe raven.veloz.com /pub/download/eanthology_install.exe spamblock_setup.exe testsp -k"
    "iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
    "DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
    "QBCD Autorun"="D:\\autorun.exe restart TIMER_SEQUENCE first"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
    DisableTaskMgr REG_DWORD 0 (0x0)
    DisableRegistryTools REG_DWORD 0 (0x0)

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Stephanie Chaney.job
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    C:\WINDOWS\tasks\Symantec Drmc.job

    Completion time: Sun 07/30/2006 16:22:09.90
    ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
     
  4. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Hijackthis log after combo fix:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:51:45 PM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\System Files\System.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcya.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4
    O4 - HKLM\..\Run: [w083667d.dll] "RUNDLL32.EXE" w083667d.dll,I2 0023282b0083667d
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  5. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Vundo log and new hijack log


    VundoFix V5.1.5

    Checking Java version...

    Scan started at 5:04:16 PM 7/30/2006

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    -------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 2:25:03 PM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\System Files\System.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcya.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4
    O4 - HKLM\..\Run: [w083667d.dll] "RUNDLL32.EXE" w083667d.dll,I2 0023282b0083667d
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  6. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Spysweeper log- too long for post so I split it up into 2 posts:

    9:48 PM: Spy Sweeper 5.0.5.1286 started
    3:17 PM: | End of Session, Monday, July 31, 2006 |
    3:13 PM: Sweep Status: 3 Items Found
    3:13 PM: Traces Found: 7
    3:13 PM: Sweep Canceled
    3:11 PM: C:\Program Files\System Files\System.exe (ID = 1126535)
    3:11 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\windows\currentversion\run\ || cas2 (ID = 1126535)
    3:11 PM: Found Adware: cas
    3:11 PM: HKCR\clsid\{d623bc2f-a58d-4a75-a10d-cc244a702a35}\inprocserver32\ (ID = 1561601)
    3:11 PM: C:\WINDOWS\SYSTEM32\xeymi.dll (ID = 1561600)
    3:11 PM: HKCR\clsid\{b5f86455-bf18-4e12-965a-6642a0ac0549}\inprocserver32\ (ID = 1561600)
    3:11 PM: Found Adware: forethought
    3:11 PM: C:\WINDOWS\SYSTEM32\ddcya.dll (ID = 1142174)
    3:11 PM: HKCR\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\inprocserver32\ (ID = 1142174)
    3:11 PM: Found Adware: virtumonde
    3:10 PM: Sweep initiated using definitions version 729
    3:10 PM: Spy Sweeper 5.0.5.1286 started
    3:10 PM: | Start of Session, Monday, July 31, 2006 |
    ********
    9:43 PM: Removal process completed. Elapsed time 01:23:23
    9:43 PM: Preparing to restart your computer. Please wait...
    9:42 PM: Warning: Quarantine process could not restart Explorer.
    9:42 PM: Warning: Timed out waiting for explorer.exe
    9:42 PM: Warning: Timed out waiting for explorer.exe
    9:42 PM: Warning: Timed out waiting for explorer.exe
    9:42 PM: Quarantining All Traces: zedo cookie
    9:42 PM: Quarantining All Traces: stopzilla cookie
    9:42 PM: Quarantining All Traces: burstbeacon cookie
    9:42 PM: Quarantining All Traces: realtracker cookie
    9:42 PM: Quarantining All Traces: tripod cookie
    9:42 PM: Quarantining All Traces: tribalfusion cookie
    9:42 PM: Quarantining All Traces: trafficmp cookie
    9:42 PM: Quarantining All Traces: tickle cookie
    9:42 PM: Quarantining All Traces: reliablestats cookie
    9:42 PM: Quarantining All Traces: statcounter cookie
    9:42 PM: Quarantining All Traces: spylog cookie
    9:42 PM: Quarantining All Traces: server.iad.liveperson cookie
    9:42 PM: Quarantining All Traces: realmedia cookie
    9:42 PM: Quarantining All Traces: questionmarket cookie
    9:42 PM: Quarantining All Traces: nextag cookie
    9:42 PM: Quarantining All Traces: top-banners cookie
    9:42 PM: Quarantining All Traces: webtrends cookie
    9:42 PM: Quarantining All Traces: kmpads cookie
    9:42 PM: Quarantining All Traces: fortunecity cookie
    9:42 PM: Quarantining All Traces: ru4 cookie
    9:42 PM: Quarantining All Traces: 360i cookie
    9:42 PM: Quarantining All Traces: exitexchange cookie
    9:42 PM: Quarantining All Traces: casalemedia cookie
    9:42 PM: Quarantining All Traces: burstnet cookie
    9:42 PM: Quarantining All Traces: bravenet cookie
    9:42 PM: Quarantining All Traces: searchingbooth cookie
    9:42 PM: Quarantining All Traces: azjmp cookie
    9:42 PM: Quarantining All Traces: atwola cookie
    9:42 PM: Quarantining All Traces: ask cookie
    9:42 PM: Quarantining All Traces: apmebf cookie
    9:42 PM: Quarantining All Traces: tacoda cookie
    9:42 PM: Quarantining All Traces: adserver cookie
    9:42 PM: Quarantining All Traces: pointroll cookie
    9:42 PM: Quarantining All Traces: addynamix cookie
    9:42 PM: Quarantining All Traces: yieldmanager cookie
    9:42 PM: Quarantining All Traces: about cookie
    9:42 PM: Quarantining All Traces: 2o7.net cookie
    9:42 PM: Quarantining All Traces: humanclick cookie
    9:42 PM: Quarantining All Traces: winantispyware 2005
    9:42 PM: Quarantining All Traces: screenscenes
    9:42 PM: Quarantining All Traces: deskwizz
    9:42 PM: Quarantining All Traces: bullguard popup ad
    9:42 PM: Quarantining All Traces: mrfindalot hijack
    9:41 PM: Quarantining All Traces: command
    9:41 PM: Quarantining All Traces: accoona toolbar
    9:41 PM: Quarantining All Traces: trojan-dropper-joiner
    9:41 PM: Quarantining All Traces: trojan-downloader-basebar
    9:41 PM: Quarantining All Traces: linkmaker
    9:41 PM: Quarantining All Traces: delfin
    9:41 PM: Quarantining All Traces: hotbar
    9:41 PM: Quarantining All Traces: enbrowser
    9:41 PM: Quarantining All Traces: winad
    9:41 PM: Quarantining All Traces: blazefind
    9:41 PM: C:\Program Files\System Files\System.exe is in use. It will be removed on reboot.
    9:41 PM: cas is in use. It will be removed on reboot.
    9:41 PM: Quarantining All Traces: cas
    9:40 PM: Quarantining All Traces: forethought
    9:40 PM: Quarantining All Traces: cws-aboutblank
    9:40 PM: Quarantining All Traces: invisible keylogger
    9:39 PM: Quarantining All Traces: directrevenue-abetterinternet
    9:39 PM: Quarantining All Traces: rbot
    9:39 PM: C:\WINDOWS\SYSTEM32\ddcya.dll is in use. It will be removed on reboot.
    9:39 PM: C:\WINDOWS\SYSTEM32\ddcya.dll is in use. It will be removed on reboot.
    9:39 PM: virtumonde is in use. It will be removed on reboot.
    9:38 PM: Quarantining All Traces: virtumonde
    8:20 PM: Removal process initiated
    6:05 PM: Traces Found: 144
    6:05 PM: Full Sweep has completed. Elapsed time 02:42:07
    6:05 PM: File Sweep Complete, Elapsed Time: 02:35:51
    5:13 PM: Warning: Stream read error
    5:13 PM: Warning: Stream read error
    5:13 PM: Warning: Stream read error
    5:13 PM: Warning: Stream read error
    4:20 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:20 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:19 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:19 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:18 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:18 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:17 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:17 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:15 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:15 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:14 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:14 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:14 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:14 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:12 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:12 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    4:09 PM: Warning: Stream read error
    4:09 PM: Warning: Stream read error
    4:08 PM: Warning: Unable to sweep compressed file: "c:\recycler\nprotect\00345519.cab": File not found
    4:08 PM: Warning: Unable to sweep compressed file: "c:\recycler\nprotect\00345511.cab": File not found
    4:08 PM: Warning: Failed to access drive F:
    4:08 PM: Warning: Failed to access drive E:
    4:08 PM: Warning: Failed to access drive D:
    4:08 PM: C:\WINDOWS\U3RlcGhhbmllIENoYW5leQ\oal5w311vA55KHhCsqc5yk.vbs (ID = 185675)
    4:08 PM: C:\WINDOWS\INF\Belt.inf (ID = 83154)
    4:05 PM: Warning: Failed to open file "c:\documents and settings\stephanie chaney\local settings\temporary internet files\content.ie5\nf9fvtcs\search[1].". The operation completed successfully
    4:04 PM: Warning: Failed to open file "c:\documents and settings\stephanie chaney\local settings\temporary internet files\content.ie5\wpg5mzoh\search[1].". The operation completed successfully
    4:04 PM: C:\Documents and Settings\All Users\Application Data\DelFin\PromulGate\delfinLO.ebd (ID = 57687)
    4:03 PM: Warning: Failed to open file "c:\recycler\nprotect\00345502.dat". The operation completed successfully
    4:02 PM: C:\WINDOWS\SYSTEM32\VSL05.exe (ID = 299775)
    4:02 PM: Found Trojan Horse: trojan-dropper-joiner
    4:02 PM: Warning: Failed to open file "c:\recycler\nprotect\00345681.dat". The operation completed successfully
    4:02 PM: C:\WINDOWS\SYSTEM32\zqskw.exe (ID = 328031)
    4:02 PM: C:\WINDOWS\SYSTEM32\iqqr.exe (ID = 327343)
    4:01 PM: C:\WINDOWS\SYSTEM32\wfxqhv.exe (ID = 328039)
    4:01 PM: C:\WINDOWS\SYSTEM32\xeymi.dll (ID = 327345)
    4:01 PM: Warning: Failed to open file "c:\recycler\nprotect\00345686.sol". The operation completed successfully
    4:01 PM: Warning: Failed to open file "c:\program files\norton systemworks\norton antivirus\savrt\0578nav~.tmp". The operation completed successfully
    4:01 PM: Warning: Failed to open file "c:\recycler\nprotect\00345682.dat". The operation completed successfully
    4:00 PM: C:\WINDOWS\U3RlcGhhbmllIENoYW5leQ\command.exe (ID = 144946)
    4:00 PM: C:\WINDOWS\U3RlcGhhbmllIENoYW5leQ\asappsrv.dll (ID = 144945)
    3:58 PM: C:\Program Files\html2.htm (ID = 323861)
    3:58 PM: C:\WINDOWS\ssqbn.exe (ID = 323511)
    3:58 PM: Found Trojan Horse: trojan-downloader-basebar
    3:58 PM: C:\Program Files\html1.htm (ID = 310472)
    3:58 PM: Found Adware: deskwizz
    3:57 PM: C:\Program Files\System Files\plugin.dll (ID = 316428)
    3:48 PM: C:\WINDOWS\pf78.exe (ID = 244430)
    3:47 PM: C:\Program Files\filesubmit\darkcastlebylac.zip\atoolbar400134.exe (ID = 257155)
    3:31 PM: C:\WINDOWS\SYSTEM32\DRIVERS\d_kmd.sys (ID = 238540)
    3:31 PM: C:\WINDOWS\SYSTEM32\pixk5gp2.phy (ID = 276229)
    3:31 PM: Found Adware: linkmaker
    3:30 PM: C:\Documents and Settings\All Users\Application Data\DelFin (4 subtraces) (ID = 2147486158)
    3:30 PM: Found Adware: delfin
    3:30 PM: C:\WINDOWS\Temp\BullGuard (ID = 2147490887)
    3:30 PM: Found Adware: bullguard popup ad
    3:29 PM: Starting File Sweep
    3:29 PM: Warning: Failed to access drive A:
    3:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3762)
    3:29 PM: Found Spy Cookie: zedo cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3466)
    3:29 PM: Found Spy Cookie: stopzilla cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2337)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2335)
    3:29 PM: Found Spy Cookie: burstbeacon cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3242)
    3:29 PM: Found Spy Cookie: realtracker cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3591)
    3:29 PM: Found Spy Cookie: tripod cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3589)
    3:29 PM: Found Spy Cookie: tribalfusion cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3581)
    3:29 PM: Found Spy Cookie: trafficmp cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3529)
    3:29 PM: Found Spy Cookie: tickle cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 6444)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3254)
    3:29 PM: Found Spy Cookie: reliablestats cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3447)
    3:29 PM: Found Spy Cookie: statcounter cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3415)
    3:29 PM: Found Spy Cookie: spylog cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3341)
    3:29 PM: Found Spy Cookie: server.iad.liveperson cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3321)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3235)
    3:29 PM: Found Spy Cookie: realmedia cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3217)
    3:29 PM: Found Spy Cookie: questionmarket cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 1958)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 5014)
    3:29 PM: Found Spy Cookie: nextag cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3548)
    3:29 PM: Found Spy Cookie: top-banners cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3669)
    3:29 PM: Found Spy Cookie: webtrends cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2909)
    3:29 PM: Found Spy Cookie: kmpads cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2810)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2686)
    3:29 PM: Found Spy Cookie: fortunecity cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2633)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 3269)
    3:29 PM: Found Spy Cookie: ru4 cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 1962)
    3:29 PM: Found Spy Cookie: 360i cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2634)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2634)
    3:29 PM: Found Spy Cookie: exitexchange cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2354)
    3:29 PM: Found Spy Cookie: casalemedia cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2336)
    3:29 PM: Found Spy Cookie: burstnet cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2322)
    3:29 PM: Found Spy Cookie: bravenet cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 1958)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2038)
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3322)
    3:29 PM: Found Spy Cookie: searchingbooth cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2270)
    3:29 PM: Found Spy Cookie: azjmp cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2255)
    3:29 PM: Found Spy Cookie: atwola cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2245)
    3:29 PM: Found Spy Cookie: ask cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2229)
    3:29 PM: Found Spy Cookie: apmebf cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 6445)
    3:29 PM: Found Spy Cookie: tacoda cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 2141)
    3:29 PM: Found Spy Cookie: adserver cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3148)
    3:29 PM: Found Spy Cookie: pointroll cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2062)
    3:29 PM: Found Spy Cookie: addynamix cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][1].txt (ID = 3751)
    3:29 PM: Found Spy Cookie: yieldmanager cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 2037)
    3:29 PM: Found Spy Cookie: about cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 1957)
    3:29 PM: Found Spy Cookie: 2o7.net cookie
    3:29 PM: c:\documents and settings\stephanie chaney\cookies\stephanie [email protected][2].txt (ID = 8885)
    3:29 PM: Found Spy Cookie: humanclick cookie
    3:29 PM: Starting Cookie Sweep
    3:29 PM: Registry Sweep Complete, Elapsed Time:00:02:02
     
  7. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Spysweeper log cont...

    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\windows\currentversion\run\ || winfixer2006 (ID = 1138074)
    3:28 PM: Found Adware: winantispyware 2005
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ (ID = 955003)
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\windows\currentversion\run\ || cas2 (ID = 871018)
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\cas2\ (ID = 862278)
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\system\sysuid\ (ID = 731748)
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\screenscenes\ (ID = 723706)
    3:28 PM: Found Adware: screenscenes
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
    3:28 PM: Found Adware: hotbar
    3:28 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
    3:28 PM: Found Adware: cws-aboutblank
    3:28 PM: HKCR\protocols\filter\text/html\ || clsid (ID = 1561703)
    3:28 PM: HKLM\software\classes\xsdu.ozbyq.1\ (ID = 1560783)
    3:28 PM: HKLM\software\classes\xsdu.ozbyq\ (ID = 1560779)
    3:28 PM: HKLM\software\classes\xsdu.bqok.1\ (ID = 1560775)
    3:28 PM: HKLM\software\classes\xsdu.bqok\ (ID = 1560771)
    3:28 PM: HKLM\software\classes\typelib\{80c0e6bc-1228-47d7-9876-b67ad181477e}\ (ID = 1560761)
    3:28 PM: HKLM\software\classes\clsid\{d623bc2f-a58d-4a75-a10d-cc244a702a35}\ (ID = 1560752)
    3:28 PM: HKLM\software\classes\clsid\{b5f86455-bf18-4e12-965a-6642a0ac0549}\ (ID = 1560743)
    3:28 PM: HKCR\xsdu.ozbyq.1\ (ID = 1560737)
    3:28 PM: HKCR\xsdu.ozbyq\ (ID = 1560733)
    3:28 PM: HKCR\xsdu.bqok.1\ (ID = 1560729)
    3:28 PM: HKCR\xsdu.bqok\ (ID = 1560725)
    3:28 PM: HKCR\typelib\{80c0e6bc-1228-47d7-9876-b67ad181477e}\ (ID = 1560715)
    3:28 PM: HKCR\clsid\{d623bc2f-a58d-4a75-a10d-cc244a702a35}\ (ID = 1560706)
    3:28 PM: HKCR\clsid\{b5f86455-bf18-4e12-965a-6642a0ac0549}\ (ID = 1560697)
    3:28 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 1554130)
    3:28 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1554129)
    3:28 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\logons\ || dllname (ID = 1359866)
    3:28 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 1354274)
    3:28 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1354273)
    3:28 PM: Found Adware: mrfindalot hijack
    3:28 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (ID = 1124749)
    3:28 PM: HKLM\software\classes\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (ID = 1124736)
    3:28 PM: HKCR\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (ID = 1124723)
    3:28 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (ID = 1110756)
    3:28 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (ID = 1030674)
    3:28 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (ID = 1030672)
    3:28 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (ID = 1030670)
    3:28 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (ID = 1030668)
    3:28 PM: HKLM\software\classes\atldistrib.atldistrib\ (ID = 1030666)
    3:28 PM: HKCR\atldistrib.atldistrib.1\clsid\ (ID = 1030541)
    3:28 PM: HKCR\atldistrib.atldistrib.1\ (ID = 1030539)
    3:28 PM: HKCR\atldistrib.atldistrib\curver\ (ID = 1030537)
    3:28 PM: HKCR\atldistrib.atldistrib\clsid\ (ID = 1030535)
    3:28 PM: HKCR\atldistrib.atldistrib\ (ID = 1030533)
    3:28 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
    3:28 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (ID = 1016072)
    3:28 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (ID = 1016064)
    3:28 PM: Found Adware: command
    3:28 PM: HKLM\software\classes\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\ (ID = 955503)
    3:28 PM: HKLM\software\classes\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (ID = 955055)
    3:28 PM: HKCR\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (ID = 954998)
    3:28 PM: HKLM\software\system\sysold\ (ID = 926808)
    3:28 PM: Found Adware: enbrowser
    3:28 PM: HKLM\software\microsoft\internet explorer\ || ik (ID = 543287)
    3:28 PM: Found System Monitor: invisible keylogger
    3:28 PM: HKCR\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\ (ID = 520538)
    3:28 PM: Found Adware: accoona toolbar
    3:28 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (ID = 147188)
    3:28 PM: Found Adware: winad
    3:28 PM: HKLM\software\sdf7sdfgs324\ (ID = 146129)
    3:28 PM: Found Adware: directrevenue-abetterinternet
    3:27 PM: HKLM\software\krypton\ (ID = 139241)
    3:27 PM: Found Trojan Horse: rbot
    3:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (ID = 104526)
    3:27 PM: Found Adware: blazefind
    3:27 PM: Starting Registry Sweep
    3:27 PM: Memory Sweep Complete, Elapsed Time: 00:09:31
    3:24 PM: Detected running threat: C:\WINDOWS\SYSTEM32\xeymi.dll (ID = 327345)
    3:19 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ddcya.dll (ID = 394)
    3:17 PM: Starting Memory Sweep
    3:17 PM: C:\Program Files\System Files\System.exe (ID = 1126535)
    3:17 PM: HKU\S-1-5-21-2856520603-4282951562-813958858-1006\software\microsoft\windows\currentversion\run\ || cas2 (ID = 1126535)
    3:17 PM: Found Adware: cas
    3:17 PM: HKCR\clsid\{d623bc2f-a58d-4a75-a10d-cc244a702a35}\inprocserver32\ (ID = 1561601)
    3:17 PM: C:\WINDOWS\SYSTEM32\xeymi.dll (ID = 1561600)
    3:17 PM: HKCR\clsid\{b5f86455-bf18-4e12-965a-6642a0ac0549}\inprocserver32\ (ID = 1561600)
    3:17 PM: Found Adware: forethought
    3:17 PM: C:\WINDOWS\SYSTEM32\ddcya.dll (ID = 1142174)
    3:17 PM: HKCR\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\inprocserver32\ (ID = 1142174)
    3:17 PM: Found Adware: virtumonde
    3:17 PM: Sweep initiated using definitions version 729
    3:17 PM: Spy Sweeper 5.0.5.1286 started
    3:17 PM: | Start of Session, Monday, July 31, 2006 |
    ********
    3:10 PM: | End of Session, Monday, July 31, 2006 |
    2:56 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:56 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:52 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:52 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:49 PM: Detected running threat: forethought
    2:49 PM: Memory Shield: Found: Memory-resident threat forethought, version 1.0.0.0
    2:48 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:48 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:44 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:44 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:40 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    2:40 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    2:18 PM: Shield States
    2:18 PM: Spyware Definitions: 729
    2:16 PM: Spy Sweeper 5.0.5.1286 started
    1:05 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    1:05 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    1:04 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    1:04 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    1:00 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    1:00 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:59 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:59 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:13 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:13 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:12 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:12 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:11 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:11 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:10 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:10 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:10 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:10 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:09 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:09 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:08 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:08 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:07 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:07 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:07 PM: Detected running threat: forethought
    12:07 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:07 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:07 PM: Memory Shield: Found: Memory-resident threat forethought, version 1.0.0.0
    12:04 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    12:04 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    11:00 AM: Your spyware definitions have been updated.
    10:58 AM: Automated check for program update in progress.
    8:01 AM: Access to Hosts file allowed for C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE
    8:00 AM: Tamper Detection
    5:46 PM: Spy Installation Shield: found: Adware: cas, version 1.0.0.0
    5:43 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    5:41 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    5:41 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    5:38 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    4:34 PM: Shield States
    4:33 PM: Spyware Definitions: 691
    4:32 PM: Spy Sweeper 5.0.5.1286 started
    4:17 PM: Warning: Unable to query service start type: The system cannot find the path specified
    3:52 PM: Detected running threat: command
    3:52 PM: Memory Shield: Found: Memory-resident threat command, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    3:46 PM: Shield States
    3:45 PM: Spyware Definitions: 691
    3:45 PM: Spy Sweeper 5.0.5.1286 started
    3:45 PM: Spy Sweeper 5.0.5.1286 started
    3:45 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
     
  8. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Hijackthis log after running spysweeper:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:26:52 PM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4
    O4 - HKLM\..\Run: [w083667d.dll] "RUNDLL32.EXE" w083667d.dll,I2 0023282b0083667d
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - <default> - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4

    O4 - HKLM\..\Run: [w083667d.dll] "RUNDLL32.EXE" w083667d.dll,I2 0023282b0083667d

    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe

    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/r...e/websetup.cab

    O18 - Filter: text/html - (no CLSID) - (no file)

    O20 - Winlogon Notify: logons - C:\WINDOWS\

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\w0806cd4.dll
    C:\WINDOWS\System32\w083667d.dll
    C:\WINDOWS\system32\redistributor.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  10. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Ok.. Task complete .
    I got a "files do no exist" message for all the files I typed in.
    Upon restart to normal I am still getting w0806cd4.ddl The specified module could not be found"
    Just for that one. Computer seems to run more quickly and smoothly. I can't comment on the disappearing system tray problem yet because I haven't had it up and running for long yet.

    Here is my current log:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:36:33 PM, on 8/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [qgo32808] "RUNDLL32.EXE" w0806cd4.dll,n 00232806000000030806cd4

    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\w0806cd4.dll

    C:\WINDOWS\system32\redistributor.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  12. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    No error pop ups! Thank you so much!
    Here is my current which is much shorter than the first I had posted :D

    Now to keep my computer running smoothly and spyware free, which programs do you recommended having and running and how often should run it?


    Current Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:57:02 AM, on 8/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Stephanie Chaney\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [HostsToggle] "C:\Documents and Settings\Stephanie Chaney\Desktop\hoststoggle[1]\HostsToggle.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/includes/ScriptX.cab,DanaInfo=ess.srv.gapac.com,SSL,CT=java+
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.clarkcolor.com/ClarkUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3028.cab
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax3028.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how
    ===================

    Get all of these and/or verify you have the current versions

    SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
    SpyBot V1.4 http://www.majorgeeks.com/download2471.html
    AdAware SE 1.06 http://www.majorgeeks.com/download506.html
    MS Windows Defender - http://www.microsoft.com/downloads/...E7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en (XP and W2K only)

    DownLoad them (they are free), install them, check each for their
    definition updates
    and then run AdAware, MS Defender (W2k/XP) and Spybot, fixing anything they say.

    In SpywareBlaster - Always enable all protection after updates
    In SpyBot - After an update run immunize

    Check for updates and run weekly
     
  14. Stephdon

    Stephdon Thread Starter

    Joined:
    May 19, 2003
    Messages:
    64
    Thank you so much for your help!
    This board is awesome!
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Missing Files
  1. Robertico22
    Replies:
    8
    Views:
    521
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487771

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice