Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo Virus Found, Can't Delete; HELP! [RESOLVED]


  • This topic is locked This topic is locked

#1
FilmGuy22

FilmGuy22

    Member

  • Member
  • PipPip
  • 15 posts
I'm new to this. Being it my first time, it took me quite a while to figure out how to even access this thing.

I reviewed some previous topics and the help you gave to others concerning the Vundo Virus and I need your help! Norton Anti-Virus's warning keeps popping up whenever I logon to my computer and it won't go away. I used 'FixVundo' but it didn't work. The file the virus is under is: C:\WINDOWS\system 32\ddcyy.dll

Please show me the way! Thanks!

Here's the HijackThis Log I did:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:53 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Documents and Settings\klke\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljge - C:\WINDOWS\SYSTEM32\mljge.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello FilmGuy22 and welcome to Geeks To Go :tazz:

Can you show me a new log and we will see what we can do for you. :)
  • 0

#3
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hey John L. Thanks for the reply. I hope I'm doing this right, but I clicked on the 'reply' icon and it brought me here. Anyway, I actually found someone else's post who had the same problem I did. I downloaded the 'killvundo' program and targeted the file using HijackThis just as it had described. The problem went away it seemed (the Norton warning doesn't pop up everytime I turn on my computer now and it isn't running incredibly slow anymore), but it did not get rid of whatever was going on with the winfixer pop-ups. So there's still something there. Sorry for being so impatient, but finals are coming up and I really needed the computer. Anyways, if you could still help get rid of this winfixer/pop-up problem, that'd be great.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:37 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again FilmGuy22 :tazz:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
When this is done, please show me the spysweeper log and a new hijack log please. :)
  • 0

#5
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, so I have a version of SpySweeper, but it doesn't have the option for compressed files and rootkits. I went to install the demo like you said, but it told me that the subscription I have would be terminated if I put on the demo. It just expired, so is that a problem, or should I go ahead and upgrade first and run the sweep? Because I ran it just now with the version I have and it didn't detect anything. I ran it a week ago, though, and it erased a bunch of junk. I also can't access a log sheet with the version I have.
  • 0

#6
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Alright, sorry, I found the log sheet and I'm sending you the last 3 sweeps I did. One was on Dec. 1st, the next on the 2nd and then the one I just did. It's a lot of info. Sorry. At the end is the new HijackThis log as well. C:\WINDOWS\system32\ddcyy.dll is now deleted from my computer when I used the 'killvundo' program. That was where the virus was originally, but it's obviously still on here since I'm still getting winfixer pop-ups. After Dec. 2nd's log on SpySweeper is when I was able to get rid of the ddcyy.dll file.


********
8:04 PM: |··· Start of Session, Monday, December 05, 2005 ···|
8:04 PM: Spy Sweeper started
8:04 PM: Sweep initiated using definitions version 500
8:04 PM: Starting Memory Sweep
8:06 PM: Memory Sweep Complete, Elapsed Time: 00:01:57
8:06 PM: Starting Registry Sweep
8:06 PM: Registry Sweep Complete, Elapsed Time:00:00:12
8:06 PM: Starting Cookie Sweep
8:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:06 PM: Starting File Sweep
8:11 PM: File Sweep Complete, Elapsed Time: 00:04:38
8:11 PM: Full Sweep has completed. Elapsed time 00:06:52
8:11 PM: Traces Found: 0
********
9:45 PM: |··· Start of Session, Friday, December 02, 2005 ···|
9:45 PM: Spy Sweeper started
9:45 PM: Sweep initiated using definitions version 500
9:45 PM: Starting Memory Sweep
9:48 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:56 PM: Memory Sweep Complete, Elapsed Time: 00:11:21
9:56 PM: Starting Registry Sweep
9:58 PM: Registry Sweep Complete, Elapsed Time:00:01:21
9:58 PM: Starting Cookie Sweep
9:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:58 PM: Starting File Sweep
10:16 PM: File Sweep Complete, Elapsed Time: 00:17:35
10:16 PM: Full Sweep has completed. Elapsed time 00:30:35
10:16 PM: Traces Found: 0
10:23 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
10:31 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
10:38 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
10:45 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
10:52 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
11:41 PM: IE Tracking Cookies Shield: Removed banner cookie
11:42 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:42 PM: IE Tracking Cookies Shield: Removed realmedia cookie
11:42 PM: IE Tracking Cookies Shield: Removed tradedoubler cookie
11:43 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
11:46 PM: IE Tracking Cookies Shield: Removed banner cookie
11:46 PM: IE Tracking Cookies Shield: Removed valuead cookie
11:47 PM: IE Tracking Cookies Shield: Removed falkag cookie
11:47 PM: IE Tracking Cookies Shield: Removed serving-sys cookie
12:02 AM: IE Tracking Cookies Shield: Removed falkag cookie
12:02 AM: IE Tracking Cookies Shield: Removed serving-sys cookie
12:07 AM: IE Tracking Cookies Shield: Removed falkag cookie
12:07 AM: IE Tracking Cookies Shield: Removed serving-sys cookie
1:10 AM: IE Tracking Cookies Shield: Removed banner cookie
1:10 AM: IE Tracking Cookies Shield: Removed ru4 cookie
1:11 AM: IE Tracking Cookies Shield: Removed banner cookie
1:11 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
1:12 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
1:12 AM: IE Tracking Cookies Shield: Removed realmedia cookie
1:22 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
1:22 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
1:23 AM: IE Tracking Cookies Shield: Removed belnk cookie
1:23 AM: IE Tracking Cookies Shield: Removed belnk cookie
1:23 AM: IE Tracking Cookies Shield: Removed belnk cookie
1:23 AM: IE Tracking Cookies Shield: Removed realmedia cookie
10:27 AM: IE Tracking Cookies Shield: Removed banner cookie
10:28 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
10:28 AM: IE Tracking Cookies Shield: Removed realmedia cookie
10:29 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:29 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:29 AM: IE Tracking Cookies Shield: Removed realmedia cookie
10:30 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:30 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:30 AM: IE Tracking Cookies Shield: Removed banner cookie
10:30 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
10:31 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:31 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:31 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
10:32 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:32 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:32 AM: IE Tracking Cookies Shield: Removed adrevolver cookie
10:32 AM: IE Tracking Cookies Shield: Removed realmedia cookie
10:38 AM: IE Tracking Cookies Shield: Removed reliablestats cookie
11:06 PM: IE Tracking Cookies Shield: Removed reliablestats cookie
11:09 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:10 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:12 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:13 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:14 PM: IE Tracking Cookies Shield: Removed banner cookie
11:14 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:15 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:15 PM: IE Tracking Cookies Shield: Removed realmedia cookie
11:16 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
11:16 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
11:16 PM: IE Tracking Cookies Shield: Removed realmedia cookie
11:17 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
11:17 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
11:17 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:17 PM: IE Tracking Cookies Shield: Removed realmedia cookie
11:19 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
11:20 PM: IE Tracking Cookies Shield: Removed realmedia cookie
11:20 PM: IE Tracking Cookies Shield: Removed reliablestats cookie
7:29 PM: IE Tracking Cookies Shield: Removed reliablestats cookie
7:45 PM: Processing Startup Alerts
7:45 PM: Allowed Startup entry: Window Washer
********
6:55 PM: |··· Start of Session, Thursday, December 01, 2005 ···|
6:55 PM: Spy Sweeper started
6:55 PM: Sweep initiated using definitions version 500
6:55 PM: Starting Memory Sweep
6:57 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:06 PM: Memory Sweep Complete, Elapsed Time: 00:11:01
7:06 PM: Starting Registry Sweep
7:07 PM: Registry Sweep Complete, Elapsed Time:00:01:32
7:07 PM: Starting Cookie Sweep
7:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:07 PM: Starting File Sweep
7:09 PM: File Sweep Complete, Elapsed Time: 00:01:40
7:09 PM: Full Sweep has completed. Elapsed time 00:14:31
7:09 PM: Traces Found: 0
8:47 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:47 PM: IE Tracking Cookies Shield: Removed adecn cookie
8:47 PM: IE Tracking Cookies Shield: Removed banner cookie
8:47 PM: IE Tracking Cookies Shield: Removed ru4 cookie
8:47 PM: IE Tracking Cookies Shield: Removed realmedia cookie
8:47 PM: IE Tracking Cookies Shield: Removed trafficmp cookie
8:50 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:50 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
8:50 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
8:52 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:55 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:55 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
8:55 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
8:55 PM: IE Tracking Cookies Shield: Removed realmedia cookie
2:48 PM: Definitions can not be updated because subscription has expired.
2:50 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
8:56 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:06 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:13 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:20 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:22 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
9:24 PM: IE Tracking Cookies Shield: Removed banner cookie
9:24 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
9:27 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
9:27 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
9:27 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
9:27 PM: IE Tracking Cookies Shield: Removed realmedia cookie
9:28 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:35 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:43 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
9:45 PM: |··· End of Session, Friday, December 02, 2005 ···|
********
12:11 PM: |··· Start of Session, Wednesday, November 30, 2005 ···|
12:11 PM: Spy Sweeper started
12:11 PM: Sweep initiated using definitions version 500
12:11 PM: Starting Memory Sweep
12:13 PM: Memory Sweep Complete, Elapsed Time: 00:01:34
12:13 PM: Starting Registry Sweep
12:13 PM: Found Adware: navexcel navhelper
12:13 PM: HKU\S-1-5-21-843490698-2675895226-3147047289-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {5aa06644-bc46-4220-a460-47a6eb47c96d} (ID = 4020076)
12:13 PM: HKU\S-1-5-21-843490698-2675895226-3147047289-1010\software\navexcel ltd\ (14 subtraces) (ID = 4020083)
12:13 PM: Found Adware: 180search assistant
12:13 PM: HKCR\clientax.clientinstaller.1\ (3 subtraces) (ID = 4020145)
12:13 PM: HKCR\clientax.clientinstaller\ (5 subtraces) (ID = 4020146)
12:13 PM: HKCR\clientax.requiredcomponent.1\ (3 subtraces) (ID = 4020147)
12:13 PM: HKCR\clientax.requiredcomponent\ (5 subtraces) (ID = 4020148)
12:13 PM: HKCR\clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}\ (20 subtraces) (ID = 4020149)
12:13 PM: HKCR\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}\ (20 subtraces) (ID = 4020152)
12:13 PM: HKLM\software\classes\clientax.clientinstaller.1\ (3 subtraces) (ID = 4020170)
12:13 PM: HKLM\software\classes\clientax.clientinstaller\ (5 subtraces) (ID = 4020171)
12:13 PM: HKLM\software\classes\clientax.requiredcomponent.1\ (3 subtraces) (ID = 4020172)
12:13 PM: HKLM\software\classes\clientax.requiredcomponent\ (5 subtraces) (ID = 4020173)
12:13 PM: HKLM\software\classes\clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}\ (20 subtraces) (ID = 4020174)
12:13 PM: HKLM\software\classes\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}\ (20 subtraces) (ID = 4020176)
12:13 PM: Found Adware: zango
12:13 PM: HKLM\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\ (9 subtraces) (ID = 4032773)
12:13 PM: HKCR\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\ (9 subtraces) (ID = 4032799)
12:13 PM: Registry Sweep Complete, Elapsed Time:00:00:10
12:13 PM: Starting Cookie Sweep
12:13 PM: Found Cookie: 2o7.net cookie
12:13 PM: klke@2o7[1].txt (ID = 165345)
12:13 PM: Found Cookie: pointroll cookie
12:13 PM: klke@ads.pointroll[1].txt (ID = 166541)
12:13 PM: Found Cookie: adserver.trb cookie
12:13 PM: klke@adserver.trb[1].txt (ID = 165535)
12:13 PM: Found Cookie: advertising cookie
12:13 PM: klke@advertising[1].txt (ID = 165563)
12:13 PM: Found Cookie: apmebf cookie
12:13 PM: klke@apmebf[2].txt (ID = 165617)
12:13 PM: Found Cookie: falkag cookie
12:13 PM: klke@as-us.falkag[2].txt (ID = 166041)
12:13 PM: Found Cookie: atlas dmt cookie
12:13 PM: klke@atdmt[2].txt (ID = 165643)
12:13 PM: Found Cookie: atwola cookie
12:13 PM: klke@atwola[1].txt (ID = 165645)
12:13 PM: Found Cookie: banner cookie
12:13 PM: klke@banner[1].txt (ID = 165666)
12:13 PM: Found Cookie: doubleclick cookie
12:13 PM: klke@doubleclick[1].txt (ID = 165927)
12:13 PM: Found Cookie: mediaplex cookie
12:13 PM: klke@mediaplex[1].txt (ID = 166366)
12:13 PM: Found Cookie: qksrv cookie
12:13 PM: klke@qksrv[2].txt (ID = 166607)
12:13 PM: Found Cookie: reliablestats cookie
12:13 PM: klke@stats1.reliablestats[1].txt (ID = 166649)
12:13 PM: Found Cookie: tradedoubler cookie
12:13 PM: klke@tradedoubler[1].txt (ID = 166973)
12:13 PM: Found Cookie: trb.com cookie
12:13 PM: klke@trb[1].txt (ID = 166985)
12:13 PM: Found Cookie: tribalfusion cookie
12:13 PM: klke@tribalfusion[2].txt (ID = 166987)
12:13 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:13 PM: Starting File Sweep
12:13 PM: clientax.inf (ID = 3731867)
12:13 PM: File Sweep Complete, Elapsed Time: 00:00:19
12:13 PM: Full Sweep has completed. Elapsed time 00:02:08
12:13 PM: Traces Found: 177
12:14 PM: Removal process initiated
12:14 PM: Quarantining All Traces: navexcel navhelper
12:14 PM: Quarantining All Traces: 180search assistant
12:14 PM: Quarantining All Traces: 2o7.net cookie
12:14 PM: Quarantining All Traces: pointroll cookie
12:14 PM: Quarantining All Traces: adserver.trb cookie
12:14 PM: Quarantining All Traces: advertising cookie
12:14 PM: Quarantining All Traces: apmebf cookie
12:14 PM: Quarantining All Traces: falkag cookie
12:14 PM: Quarantining All Traces: atlas dmt cookie
12:14 PM: Quarantining All Traces: atwola cookie
12:14 PM: Quarantining All Traces: banner cookie
12:14 PM: Quarantining All Traces: doubleclick cookie
12:14 PM: Quarantining All Traces: mediaplex cookie
12:14 PM: Quarantining All Traces: qksrv cookie
12:14 PM: Quarantining All Traces: reliablestats cookie
12:14 PM: Quarantining All Traces: tradedoubler cookie
12:14 PM: Quarantining All Traces: trb.com cookie
12:14 PM: Quarantining All Traces: tribalfusion cookie
12:14 PM: Quarantining All Traces: zango
12:14 PM: Removal process completed. Elapsed time 00:00:05
12:20 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:20 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:27 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:27 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:34 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:34 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:47 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:54 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:01 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:08 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:15 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:22 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:29 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:37 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:44 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:52 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:00 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:07 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:14 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:21 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:28 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:35 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:42 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:49 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:56 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:03 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:10 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:16 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:23 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:30 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:37 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:44 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:51 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
7:58 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
8:05 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
8:13 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:07 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:14 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:21 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:28 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:35 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:42 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:49 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:56 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:02 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:22 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:39 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:48 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:57 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:05 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:13 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:20 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:26 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:33 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:40 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:47 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:54 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:01 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:08 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:15 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:25 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:33 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:41 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:49 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:56 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:03 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:11 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:20 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:27 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:33 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:40 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:47 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:53 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:00 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:07 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:14 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:21 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:27 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:34 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:41 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:48 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:54 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:01 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:08 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:15 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:21 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:28 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:35 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:50 AM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
12:04 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:34 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:42 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:50 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
1:57 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:05 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:12 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:19 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:26 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:34 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:41 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:48 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
2:55 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:02 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:09 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:16 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:23 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:30 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:37 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:44 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:50 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
3:57 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:04 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:11 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:18 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:25 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:32 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:39 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:46 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
4:53 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:00 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:06 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:13 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:28 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:35 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:43 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:50 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
5:58 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:05 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:11 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:18 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:25 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:32 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:39 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:46 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:53 PM: Deletion from quarantine initiated
6:53 PM: Processing: mediaplex cookie
6:53 PM: Processing: advertising cookie
6:53 PM: Processing: apmebf cookie
6:53 PM: Processing: adserver.trb cookie
6:53 PM: Processing: atwola cookie
6:53 PM: Processing: banner cookie
6:53 PM: Processing: pointroll cookie
6:53 PM: Processing: navexcel navhelper
6:53 PM: Processing: qksrv cookie
6:53 PM: Processing: falkag cookie
6:53 PM: Processing: doubleclick cookie
6:53 PM: Processing: 180search assistant
6:53 PM: Processing: tribalfusion cookie
6:53 PM: Processing: 2o7.net cookie
6:53 PM: Processing: reliablestats cookie
6:53 PM: Processing: atlas dmt cookie
6:53 PM: Processing: trb.com cookie
6:53 PM: Processing: tradedoubler cookie
6:53 PM: Processing: zango
6:53 PM: Deletion from quarantine completed. Elapsed time 00:00:00
6:53 PM: Warning: Failed to check file "C:\WINDOWS\system32\ddcyy.dll". Cannot open file "C:\WINDOWS\system32\ddcyy.dll". Access is denied
6:54 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:54 PM: IE Tracking Cookies Shield: Removed adecn cookie
6:54 PM: IE Tracking Cookies Shield: Removed adknowledge cookie
6:54 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
6:54 PM: IE Tracking Cookies Shield: Removed adrevolver cookie
6:54 PM: IE Tracking Cookies Shield: Removed advertising cookie
6:54 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
6:54 PM: IE Tracking Cookies Shield: Removed banner cookie
6:54 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
6:54 PM: IE Tracking Cookies Shield: Removed centrport net cookie
6:54 PM: IE Tracking Cookies Shield: Removed doubleclick cookie
6:54 PM: IE Tracking Cookies Shield: Removed fastclick cookie
6:54 PM: IE Tracking Cookies Shield: Removed mediaplex cookie
6:54 PM: IE Tracking Cookies Shield: Removed realmedia cookie
6:54 PM: IE Tracking Cookies Shield: Removed tradedoubler cookie
6:54 PM: IE Tracking Cookies Shield: Removed trafficmp cookie
6:54 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
6:54 PM: IE Tracking Cookies Shield: Removed valueclick cookie
6:54 PM: IE Tracking Cookies Shield: Removed adserver cookie
6:55 PM: Only Sweep Folders Where Threats Are Known to Reside
6:55 PM: |··· End of Session, Thursday, December 01, 2005 ···|
********


Logfile of HijackThis v1.99.1
Scan saved at 8:26:11 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :tazz:

Please boot into Safe mode.

Fire up hijack this, press scan only and place checks next to these.

O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)


Close all browsers and click fix on hijack this.

While still in safe mode find these files and delete if found.

C:\WINDOWS\system32\ddcyw.dll <---This file
C:\WINDOWS\ALCMTR.EXE <---This file
C:\PROGRA~1\AWS <---This entire folder

Reboot and show me a new log please. :)
  • 0

#8
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did what you said. Here's the new log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:59 PM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#9
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hmmm nope that did'nt do what i wanted it to, so lets try something different.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\ddcyw.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\wycdd.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll
    O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#10
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, done. Here's the ActiveScan results, the HijackThis log, and the vundofix.txt file in that order:



Incident Status Location

Adware:adware/navhelper Not disinfected C:\PROGRAM FILES\NavExcel Search Toolbar
Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mljge.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pmkji.dll

Logfile of HijackThis v1.99.1
Scan saved at 12:26:18 AM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\ddcyw.dll

The second filepath entered was C:\WINDOWS\system32\wycdd.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 136 'smss.exe'

Killing PID 828 'explorer.exe'
Killing PID 828 'explorer.exe'


Killing PID 228 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\ddcyw.dll Deleted sucessfully.
C:\WINDOWS\system32\wycdd.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------
  • 0

#11
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :)

Now thats exactly what i wanted to see :tazz: Almost done.

Fire up hijack this, press scan only and place checks next to these.

O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)


Close all browsers and click fix on hijack this, reboot and show me a new log please. :)
  • 0

#12
FilmGuy22

FilmGuy22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here we go. Hope things are progressing.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:46 PM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#13
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :)

Well I can finally say this that log is clean congrats!!!!! :tazz:

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :)

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Sygate Kerio

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Rav Online Scan Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox, or opera.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :woot:
  • 0

#14
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP