1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: weird pop up blocker by address bar and popups

Discussion in 'Virus & Other Malware Removal' started by chdairkld, Aug 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    Logfile of HijackThis v1.99.1
    Scan saved at 1:52:48 PM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\kybrdff_8.exe
    C:\dfndrff_8.exe
    C:\WINDOWS\system32\zqskw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RACLE~1\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\fscagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7570B90A-63D5-42A2-8313-27B8D16D2B54} - C:\Program Files\Messenger\hoxepi.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
    O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
    O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\RACLE~1\rundll32.exe" -vt yazr
    O4 - HKCU\..\Run: [Mmtsj] C:\PROGRA~1\COMMON~1\PPPATC~1\msconfig.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: palstart.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://bellemode.rok-star.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {29AD8C7D-9EA0-4CA1-A93D-F207E88EEDEE} (DrPcX Control) - http://www.drpcgo.com/pc/DrPcAct.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:mad:MSITStore:C:\DOCUME~1\Home\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\msiexec.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\elts.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



    I hope I'm posting this correctly, but this morning my computer started to be really weird and it shut down. And now there are random pop ups as well as supposed pop up blocker. Please help.
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Get the newest version of Exido


    Download AlcanShorty

    http://www.geekstogo.com/forum/index.php?act=dscript&CODE=showdetails&f_id=13

    to your desktop.

    Double click the alcanShorty.exe file and follow prompts.
    It will make a folder on desktop called Alcan Shorty
    Open the folder & double click the run.bat

    This will download a file called BFU.exe and a BFU script. If your firewall asks for permission to connect then allow it.

    A message box will pop up saying complete. Press OK
    Then BFU.exe will open.

    Select the option to show log at completion.

    Execute the script by clicking the Execute button.
    Note that you should see a progress bar while the script is being executed.

    When the script has finished press copy & that will make a copy of the report in your clipboard.
    Paste that log back here with a new HJT log.
     
  3. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    BFU v1.00.9
    Windows XP SP2 (WinNT 5.01.2600 SP2)
    Script started at 8:06:21 AM, on 8/11/2006

    Option Unload Explorer: Yes
    Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
    Failed: ServiceStop Network Monitor (service not found)
    Failed: ServiceStop cmdService (service not found)
    Failed: ServiceDisable Network Monitor (service not found)
    Failed: ServiceDisable cmdService (service not found)
    Failed: ServiceDelete Network Monitor (service not found)
    Failed: ServiceDelete cmdService (service not found)
    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|truetype (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|0mcamcap (key not found)
    Option pause between commands: 300 ms
    Option pause between commands: 50 ms
    Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
    Failed: FolderDelete C:\Program Files\winupdates (folder not found)
    Failed: FolderDelete C:\Program Files\winupdate (folder not found)
    Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
    Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
    Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
    Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
    Failed: FolderDelete C:\Program Files\outlook (folder not found)
    Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\WINDOWS\system32\cvn0.exe (operation failed)
    Failed: FileDelete C:\WINDOWS\system32\ghynf.exe (operation failed)
    Failed: FileDelete C:\WINDOWS\system32\n9nyb.exe (operation failed)
    Failed: FileDelete C:\WINDOWS\system32\pixk5gp2.phy (operation failed)
    Failed: FileDelete C:\WINDOWS\system32\xeymi.dll (operation failed)
    Failed: FileDelete C:\DOCUME~1\Home\LOCALS~1\Temp\~DF6F8E.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Home\LOCALS~1\Temp\~DFB9D.tmp (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\Cookies (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\History (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\mcu6.tmp (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\Temporary Internet Files (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\_ISTMP0.DIR (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\1MVLTM46 (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\4D27KXYJ (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\CXUBK12Z (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\D1SY4BPZ (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\K5G1UZ0X (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QDEH6VKH (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QEJ9D7XB (operation failed)
    Failed: FolderDelete C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\X4KS79VX (operation failed)
    Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
    Failed: FolderDelete C:\Program Files\DNS (folder not found)
    Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
    Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
    Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
    Failed: FolderDelete C:\Program Files\Update06 (folder not found)
    Failed: FolderDelete C:\Program Files\Update03 (folder not found)
    Failed: FolderDelete C:\Program Files\Update04 (folder not found)
    Failed: FolderDelete C:\Program Files\Update08 (folder not found)
    Failed: FolderDelete C:\Program Files\W-Update (folder not found)
    Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
    Failed: FolderDelete C:\Program Files\Cas (folder not found)
    Failed: FolderDelete C:\Program Files\CasStub (folder not found)
    Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
    Failed: FolderDelete C:\Program Files\ipwins (folder not found)
    Failed: FolderDelete C:\temp (folder not found)
    Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
    Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
    Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
    Failed: FolderDelete C:\Program Files\SDVita (folder not found)
    Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
    Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
    Failed: FolderCreate C:\bintheredunthat (folder already exists)
    Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
    Script completed.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:14:17 AM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\kybrdff_8.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\RACLE~1\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\n9nyb.exe
    C:\WINDOWS\system32\ghynf.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\fscagent.exe
    C:\WINDOWS\system32\cvn0.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R3 - Default URLSearchHook is missing
    O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7570B90A-63D5-42A2-8313-27B8D16D2B54} - C:\Program Files\Messenger\hoxepi.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\RACLE~1\rundll32.exe" -vt yazr
    O4 - HKCU\..\Run: [Mmtsj] C:\PROGRA~1\COMMON~1\PPPATC~1\msconfig.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: palstart.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://bellemode.rok-star.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {29AD8C7D-9EA0-4CA1-A93D-F207E88EEDEE} (DrPcX Control) - http://www.drpcgo.com/pc/DrPcAct.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:mad:MSITStore:C:\DOCUME~1\Home\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\msiexec.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\elts.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


    I hope I did this right. Thanks so much for replying.
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    12:13 AM: Removal process completed. Elapsed time 00:01:48
    12:13 AM: A reboot was required but declined.
    12:13 AM: Quarantining All Traces: statcounter cookie
    12:13 AM: Quarantining All Traces: realmedia cookie
    12:13 AM: Quarantining All Traces: exitexchange cookie
    12:13 AM: Quarantining All Traces: directtrack cookie
    12:13 AM: Quarantining All Traces: cassava cookie
    12:13 AM: Quarantining All Traces: 888 cookie
    12:13 AM: Quarantining All Traces: yadro cookie
    12:13 AM: Quarantining All Traces: burstbeacon cookie
    12:13 AM: Quarantining All Traces: videodome cookie
    12:13 AM: Quarantining All Traces: tribalfusion cookie
    12:13 AM: Quarantining All Traces: statstracking cookie
    12:13 AM: Quarantining All Traces: servlet cookie
    12:13 AM: Quarantining All Traces: serving-sys cookie
    12:13 AM: Quarantining All Traces: coolsavings cookie
    12:13 AM: Quarantining All Traces: revenue.net cookie
    12:13 AM: Quarantining All Traces: valuead cookie
    12:13 AM: Quarantining All Traces: questionmarket cookie
    12:13 AM: Quarantining All Traces: pricegrabber cookie
    12:13 AM: Quarantining All Traces: partypoker cookie
    12:13 AM: Quarantining All Traces: military cookie
    12:13 AM: Quarantining All Traces: mediaplex cookie
    12:13 AM: Quarantining All Traces: webtrends cookie
    12:13 AM: Quarantining All Traces: domainsponsor cookie
    12:13 AM: Quarantining All Traces: ic-live cookie
    12:13 AM: Quarantining All Traces: screensavers.com cookie
    12:13 AM: Quarantining All Traces: gostats cookie
    12:13 AM: Quarantining All Traces: dealtime cookie
    12:13 AM: Quarantining All Traces: overture cookie
    12:13 AM: Quarantining All Traces: 360i cookie
    12:13 AM: Quarantining All Traces: classmates cookie
    12:13 AM: Quarantining All Traces: burstnet cookie
    12:13 AM: Quarantining All Traces: bs.serving-sys cookie
    12:13 AM: Quarantining All Traces: belnk cookie
    12:13 AM: Quarantining All Traces: a cookie
    12:13 AM: Quarantining All Traces: azjmp cookie
    12:13 AM: Quarantining All Traces: atwola cookie
    12:13 AM: Quarantining All Traces: atlas dmt cookie
    12:13 AM: Quarantining All Traces: ask cookie
    12:13 AM: Quarantining All Traces: tacoda cookie
    12:13 AM: Quarantining All Traces: pointroll cookie
    12:13 AM: Quarantining All Traces: nextag cookie
    12:13 AM: Quarantining All Traces: adlegend cookie
    12:13 AM: Quarantining All Traces: adknowledge cookie
    12:13 AM: Quarantining All Traces: adecn cookie
    12:13 AM: Quarantining All Traces: yieldmanager cookie
    12:13 AM: Quarantining All Traces: about cookie
    12:13 AM: Quarantining All Traces: go.com cookie
    12:13 AM: Quarantining All Traces: 2o7.net cookie
    12:13 AM: Quarantining All Traces: mirar webband
    12:13 AM: Quarantining All Traces: mrfindalot hijack
    12:13 AM: Quarantining All Traces: findthewebsiteyouneed hijack
    12:13 AM: Quarantining All Traces: linkmaker
    12:13 AM: Quarantining All Traces: internetoptimizer
    12:12 AM: Quarantining All Traces: cws_analyzeie
    12:12 AM: Quarantining All Traces: purityscan
    12:12 AM: C:\WINDOWS\system32\elts.dll is in use. It will be removed on reboot.
    12:12 AM: C:\WINDOWS\system32\elts.dll is in use. It will be removed on reboot.
    12:12 AM: C:\WINDOWS\system32\elts.dll is in use. It will be removed on reboot.
    12:12 AM: look2me is in use. It will be removed on reboot.
    12:12 AM: Quarantining All Traces: look2me
    12:11 AM: Removal process initiated
    12:11 AM: Traces Found: 118
    12:11 AM: Full Sweep has completed. Elapsed time 01:03:24
    12:11 AM: File Sweep Complete, Elapsed Time: 01:01:07
    12:08 AM: Warning: Stream read error
    12:08 AM: Warning: Stream read error
    12:07 AM: Warning: Stream read error
    12:07 AM: Warning: Stream read error
    Not enough storage is available to process this command
    12:01 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
    11:48 PM: Warning: Failed to access drive E:
    11:48 PM: Warning: Failed to access drive D:
    11:48 PM: c:\windows\downloaded program files\winats.inf (ID = 208224)
    11:48 PM: Found Adware: mirar webband
    11:47 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][1].txt". The operation completed successfully
    11:47 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][1].txt". The operation completed successfully
    11:47 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][1].txt". The operation completed successfully
    11:45 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][2].txt". The operation completed successfully
    11:45 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][1].txt". The operation completed successfully
    11:45 PM: Warning: Failed to open file "c:\documents and settings\home\cookies\[email protected][2].txt". The operation completed successfully
    11:43 PM: C:\WINDOWS\system32\elts.dll (ID = 163672)
    11:43 PM: C:\Documents and Settings\Home\Local Settings\Temp\!update.exe (ID = 230)
    11:41 PM: C:\WINDOWS\?racle\rundll32.exe (ID = 230)
    11:38 PM: C:\WINDOWS\system32\pixk5gp2.phy (ID = 276229)
    11:38 PM: Found Adware: linkmaker
    11:29 PM: The Spy Communication shield has blocked access to: PAYPOPUP.COM
    11:29 PM: The Spy Communication shield has blocked access to: PAYPOPUP.COM
    11:28 PM: C:\WINDOWS\optimize.exe (ID = 288489)
    11:28 PM: Found Adware: internetoptimizer
    11:18 PM: C:\!KillBox\rundll32.exe (ID = 230)
    11:16 PM: The Spy Communication shield has blocked access to: COUNT.EXITEXCHANGE.COM
    11:16 PM: The Spy Communication shield has blocked access to: COUNT.EXITEXCHANGE.COM
    11:10 PM: Starting File Sweep
    11:10 PM: Warning: Failed to access drive A:
    11:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 3749)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 2335)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 6444)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][2].txt (ID = 3447)
    11:10 PM: Found Spy Cookie: statcounter cookie
    11:10 PM: c:\documents and settings\home\cookies\[email protected][2].txt (ID = 3235)
    11:10 PM: Found Spy Cookie: realmedia cookie
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 2633)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][2].txt (ID = 2527)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 2634)
    11:10 PM: Found Spy Cookie: exitexchange cookie
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 2255)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][2].txt (ID = 2528)
    11:10 PM: Found Spy Cookie: directtrack cookie
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 6445)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 6445)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][2].txt (ID = 2072)
    11:10 PM: c:\documents and settings\home\cookies\[email protected][1].txt (ID = 3751)
    11:10 PM: c:\documents and settings\admin\cookies\[email protected][1].txt (ID = 2020)
    11:10 PM: c:\documents and settings\admin\cookies\[email protected][1].txt (ID = 2362)
    11:10 PM: Found Spy Cookie: cassava cookie
    11:10 PM: c:\documents and settings\admin\cookies\[email protected][1].txt (ID = 2255)
    11:10 PM: c:\documents and settings\admin\cookies\[email protected][1].txt (ID = 2019)
    11:10 PM: Found Spy Cookie: 888 cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3743)
    11:10 PM: Found Spy Cookie: yadro cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3298)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2337)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2335)
    11:10 PM: Found Spy Cookie: burstbeacon cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3638)
    11:10 PM: Found Spy Cookie: videodome cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3589)
    11:10 PM: Found Spy Cookie: tribalfusion cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 6444)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3453)
    11:10 PM: Found Spy Cookie: statstracking cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2506)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3345)
    11:10 PM: Found Spy Cookie: servlet cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3343)
    11:10 PM: Found Spy Cookie: serving-sys cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2466)
    11:10 PM: Found Spy Cookie: coolsavings cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3257)
    11:10 PM: Found Spy Cookie: revenue.net cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3627)
    11:10 PM: Found Spy Cookie: valuead cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3217)
    11:10 PM: Found Spy Cookie: questionmarket cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3185)
    11:10 PM: Found Spy Cookie: pricegrabber cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3106)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3111)
    11:10 PM: Found Spy Cookie: partypoker cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 5014)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2996)
    11:10 PM: Found Spy Cookie: military cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 6442)
    11:10 PM: Found Spy Cookie: mediaplex cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3669)
    11:10 PM: Found Spy Cookie: webtrends cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2535)
    11:10 PM: Found Spy Cookie: domainsponsor cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2821)
    11:10 PM: Found Spy Cookie: ic-live cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
    11:10 PM: Found Spy Cookie: screensavers.com cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2728)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2747)
    11:10 PM: Found Spy Cookie: gostats cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2293)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2505)
    11:10 PM: Found Spy Cookie: dealtime cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3106)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3106)
    11:10 PM: Found Spy Cookie: overture cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1962)
    11:10 PM: Found Spy Cookie: 360i cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2384)
    11:10 PM: Found Spy Cookie: classmates cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2336)
    11:10 PM: Found Spy Cookie: burstnet cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2330)
    11:10 PM: Found Spy Cookie: bs.serving-sys cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2292)
    11:10 PM: Found Spy Cookie: belnk cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2027)
    11:10 PM: Found Spy Cookie: a cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2270)
    11:10 PM: Found Spy Cookie: azjmp cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
    11:10 PM: Found Spy Cookie: atwola cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2253)
    11:10 PM: Found Spy Cookie: atlas dmt cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2245)
    11:10 PM: Found Spy Cookie: ask cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 6445)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 6445)
    11:10 PM: Found Spy Cookie: tacoda cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3148)
    11:10 PM: Found Spy Cookie: pointroll cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 5015)
    11:10 PM: Found Spy Cookie: nextag cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2074)
    11:10 PM: Found Spy Cookie: adlegend cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2072)
    11:10 PM: Found Spy Cookie: adknowledge cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2063)
    11:10 PM: Found Spy Cookie: adecn cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3751)
    11:10 PM: Found Spy Cookie: yieldmanager cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2037)
    11:10 PM: Found Spy Cookie: about cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    11:10 PM: Found Spy Cookie: go.com cookie
    11:10 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1957)
    11:10 PM: Found Spy Cookie: 2o7.net cookie
    11:10 PM: Starting Cookie Sweep
    11:10 PM: Registry Sweep Complete, Elapsed Time:00:00:23
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\windows\currentversion\run\ || ncao (ID = 138536)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\main\ || search page (ID = 125238)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
    11:10 PM: HKU\S-1-5-21-484763869-823518204-682003330-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
    11:10 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 1354274)
    11:10 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1354273)
    11:10 PM: Found Adware: mrfindalot hijack
    11:09 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
    11:09 PM: Found Adware: findthewebsiteyouneed hijack
    11:09 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
    11:09 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
    11:09 PM: Found Adware: cws_analyzeie
    11:09 PM: Starting Registry Sweep
    11:09 PM: Memory Sweep Complete, Elapsed Time: 00:01:29
    11:09 PM: Detected running threat: C:\WINDOWS\?racle\rundll32.exe (ID = 230)
    11:09 PM: Found Adware: purityscan
    11:08 PM: Detected running threat: C:\WINDOWS\system32\elts.dll (ID = 163672)
    11:08 PM: Starting Memory Sweep
    11:08 PM: C:\WINDOWS\system32\elts.dll (ID = 1139665)
    11:08 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\setup\ || dllname (ID = 1139665)
    11:08 PM: Found Adware: look2me
    11:08 PM: Sweep initiated using definitions version 691
    11:08 PM: Spy Sweeper 5.0.5.1286 started
    11:08 PM: | Start of Session, Friday, August 11, 2006 |
    ********
    11:08 PM: | End of Session, Friday, August 11, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:06 PM: Shield States
    11:06 PM: Spyware Definitions: 691
    11:05 PM: Spy Sweeper 5.0.5.1286 started
    11:05 PM: Spy Sweeper 5.0.5.1286 started
    11:05 PM: | Start of Session, Friday, August 11, 2006 |
    ********
     
  6. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    Logfile of HijackThis v1.99.1
    Scan saved at 12:16:02 AM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
    C:\WINDOWS\system32\fscagent.exe
    C:\Program Files\Common Files\?ppPatch\msconfig.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7570B90A-63D5-42A2-8313-27B8D16D2B54} - C:\Program Files\Messenger\hoxepi.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Mmtsj] C:\PROGRA~1\COMMON~1\PPPATC~1\msconfig.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: palstart.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://bellemode.rok-star.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {29AD8C7D-9EA0-4CA1-A93D-F207E88EEDEE} (DrPcX Control) - http://www.drpcgo.com/pc/DrPcAct.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:mad:MSITStore:C:\DOCUME~1\Home\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\msiexec.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Setup - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



    sorry two posts because it was too long for just one. Thanks again for your time and help.
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll

    O2 - BHO: (no name) - {7570B90A-63D5-42A2-8313-27B8D16D2B54} - C:\Program Files\Messenger\hoxepi.dll (file missing)

    O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll

    O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"

    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe

    O4 - HKCU\..\Run: [Mmtsj] C:\PROGRA~1\COMMON~1\PPPATC~1\msconfig.exe

    O15 - Trusted Zone: http://bellemode.rok-star.net

    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:mad:MSITStore:C:\DOCUME~1\Home\LOCALS~1\Temp\mma.chm::/joysavsht.cab

    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)

    O20 - AppInit_DLLs: C:\WINDOWS\system32\msiexec.dll

    O20 - Winlogon Notify: Setup - C:\WINDOWS\

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
    C:\WINDOWS\system32\nodeipproc.dll
    C:\WINDOWS\system32\comcap16.dll
    C:\WINDOWS\system32\cvn0.exe
    C:\PROGRA~1\COMMON~1\PPPATC~1
    C:\WINDOWS\system32\msiexec.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    Logfile of HijackThis v1.99.1
    Scan saved at 8:56:22 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\fscagent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\nero\Nero BackItUp\NBJ.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {29AD8C7D-9EA0-4CA1-A93D-F207E88EEDEE} (DrPcX Control) - http://www.drpcgo.com/pc/DrPcAct.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



    Thanks so much for helping out on this! I haven't seen popups, so I'm guessing its cleared...Thanks again!
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this

    O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l

    And use killbox to delete the file

    You can remove SpySweeper

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  10. chdairkld

    chdairkld Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    44
    Thanks so much, everything is fixed now. I really appreciate your time and help. Thanks again.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved weird blocker
  1. spoonthumb
    Replies:
    9
    Views:
    513
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491155

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice