Options
Cant download HiJack
Hi all! First off, I did the S&D and Ad Aware cleanup first. Still have this darn Vundo hanging out and driving me nutty. Trying to finish up a website and its not easy with the popups, etc. Anyway, I went to download the HiJack and it doesn't ask me where to download it to. It flashes by very quickly and I did it a bunch of times and see Temporary and the filename on top. Problem is that I searched all my Temp folders and cannot find the HiJack zip. When winzip opens, I have it search for all files and its not there. I did a file and folder search for Temp, hj and .zip but nothing.
Any ideas on what is going on and why I cannot find/download this file? Or where it could be?
Any help would be greatly appreciated!!
Thanks!!
Any ideas on what is going on and why I cannot find/download this file? Or where it could be?
Any help would be greatly appreciated!!
Thanks!!
0
Comments
Logfile of HijackThis v1.99.1
Scan saved at 3:28:38 PM, on 11/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddcyx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15f436b85b19674ca802/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127891384046
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb05.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BC5354-4E87-4839-8244-238386C2BD7C}: NameServer = 69.57.146.14
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\SYSTEM32\gebcd.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks for the help!!!
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
- At this point press enter one time.
- Next you will see:
- At this point please type the following file path (make sure to enter it exactly as below!):
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.It should look like this
C:\WINDOWS\System32\ddcyx.dll
[*] Next you will see: [*]At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\xycdd.*
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
[*]The fix will run then HijackThis will open.
[*]In HijackThis, please place a check next to the following items and click FIX CHECKED:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddcyx.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\SYSTEM32\gebcd.dll
[*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
[*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
[*]Once your machine reboots please continue with the instructions below.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
There will be more to do.
Logfile of HijackThis v1.99.1
Scan saved at 10:52:52 PM, on 11/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddcyx.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_220568] C:\WINDOWS\System32\ActiveScan\pavdr.exe 220568
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15f436b85b19674ca802/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127891384046
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb05.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BC5354-4E87-4839-8244-238386C2BD7C}: NameServer = 69.57.146.14
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\SYSTEM32\gebcd.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Incident Status Location
Virus:Trj/Hooker.S Disinfected Operating system
Adware:adware/shoppingcommunityNo disinfected C:\WINDOWS\SYSTEM32\moconfig.exe
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/clickalchemy No disinfected C:\WINDOWS\INF\alchem.inf
Adware:adware/msview No disinfected C:\WINDOWS\INF\MSView.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/coupons No disinfected C:\WINDOWS\cpbrkpie.ocx
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Spyware:spyware/searchcentrix No disinfected Windows Registry
Possible Virus. No disinfected C:\My Download Files\spinstall106.exe
Adware:Adware/TopMoxie No disinfected C:\Program Files\MemoLink\MemoLink.exe
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\a.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\b.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ba.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\be.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\bf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bg.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\bh.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bi.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bj.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\bk.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\bo.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\bp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\br.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\by.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\bz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\c.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ca.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\ce.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ch.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ci.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cj.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ck.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cn.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\co.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\cq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\cr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cs.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\ct.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\cx.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\cz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\d.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\da.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\db.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\de.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\df.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\di.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dl.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\dn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\dp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ds.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\du.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\dw.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\dy.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\dz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\ed.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\f.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\h.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\i.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\j.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\l.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\m.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\n.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\p.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\q.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\r.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\s.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\t.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\u.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\w.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\UpromiseRemindU\System\Code\x.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\UpromiseRemindU\System\Code\y.class
Adware:Adware/Twain-Tech No disinfected C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP17\A0001539.inf
Spyware:Spyware/Virtumonde No disinfected C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP18\A0001668.dll
Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\Downloaded Installations\{AEE67366-B98E-4E5B-997B-2B0C5FF8A057}\My Daily Horoscope.msi[unk_0063][MyDailyHoroscope.exe]
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\iwonslot1,0,2,5.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/MSView No disinfected C:\WINDOWS\INF\MSView.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:Adware/MSView No disinfected C:\WINDOWS\MSVprep.exe
Adware:Adware/SideStep No disinfected C:\WINDOWS\SbCIe0261.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\SYSTEM\SearchHook1.dll
Virus:Trj/Hooker.S Disinfected C:\WINDOWS\SYSTEM32\gebcd.dll
Adware:Adware/ShoppingCommunityNo disinfected C:\WINDOWS\SYSTEM32\moconfig.exe
Adware:Adware/WurldMedia No disinfected C:\WINDOWS\SYSTEM32\tdelwvbv.dll
VundoFix V2.15 by Atri
Listing files contained in the vundofix folder.
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
Filepaths entered
The filepath entered was C:\WINDOWS\System32\xycdd.*
The second filepath entered was C:\WINDOWS\System32\ddcyx.dll
Log from Process
Killing PID 388 'smss.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 460 'winlogon.exe'
C:\WINDOWS\System32\xycdd.* Deleted sucessfully.
C:\WINDOWS\System32\ddcyx.dll Deleted sucessfully.
Fixing Registry
THANKS SO MUCH!!
Repeat the vundofix procedure but this time input the following files for removal;
C:\WINDOWS\System32\gebcd.dll
C:\WINDOWS\System32\dcbeg.*
Then fix these lines with hijackthis;
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddcyx.dll (file missing)
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\SYSTEM32\gebcd.dll