|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
03-03-2007, 03:57 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
virus? (noob)
Hi.
I'm a 14-year-old and I am new at this. I've never posted or gone to forums in my entire life. And I think I might of placed this thread in the wrong category. Please tolerate my newbie-ness. I'm pretty much computer-challenged, though I have to say I'm the one who know most about computers in my family and household. I've had a virus on my old computer before and unfortunately it crashed. Pop-ups are saying I have viruses or spyware or adware. I never got pop-ups before on this computer until now. I friend introduced me to this and I was filled with a ray of hope. Because I was absolutely clueless and lost at trying to fix my computer. I am currently using Mozilla Firefox. I have a WinXP. I have Adware SE Personal, Mcafee Security Center, a-squared free, CCleaner, Spybot- Search and Destroy, SpywareBlaster, SuperAntiSpyware Free Edition, Spyware Guard, and Spyware Doctor. They are all free programs except for Mcafee. But I heard Mcafee isn't a very good antivirus system. I went to a site on accident from Google. I have manually deleted a few things from the SpySweeper scan which I no longer have on my computer. There was a virus that said I had, called ddayx.dll I couldn't find it on my computer. It was in the file C:\WINDOWS\system32. I had all hidden files and folders shown. And yet it was still not to be found. So I scanned with Spyware Doctor and the it shown the same file name. Then Spybot had a notification said ddayx was deleted and would i allow the change. I allowed it. Then a second later, Spybot popped up again saying ddayx was added and would I allow the change. I pressed deny and check the 'remember this decision' box. A second later a whole bunch of boxes on the right-hand side of the computer screen kept coming up saying that I was denying ddayx to add itself. It made my computer lag. Then while Spybot was constantly denying ddayx to be added to my computer. Spybot send another notification. I forgot the file name. I think it was wwayy or something like that. I denied it. And it did the same thing as ddayx. It kept trying to add itself. And the boxes where coming up faster than ddayx. I was installing something. I think it was SUPERAntiSpyware Free Edition. It requested that I restart my computer. And I did. After I did. The boxes saying I was denying the programs stopped popping up. But then my computer kept making this sound indicating that something was taking action on my computer. Usually it has this calm humming sound when I do my things. And it makes that sound when something is being installed or something was scanning. It kept making that sound for a long time. I forgot when it stopped. There were also several notifications from Spybot about allowing BHOs. I didn't know what was spyware and what was not. So I denied all of them except the one from SpyGuard for download protection. I'm pretty sure that I have other errors that I have not taken noticed of, have not seen, or simply can't remember right now. I couldn't install IE-Spyad. I did as I was told to. I saved, unzipped and opened it. But all I found was a folder named 'adult' and several .txt files. I've already killed two computers, and don't want to kill another and waste my parents' money which they took so much effort to find. I am scared out of my mind just thinking about this computer crashing which we bought about a year and a half ago. I'm looking forward to your guidance, and will be forever grateful for any advice that can help my computer. I really hope my problems can be solved with the help of experienced users. I don't know which log to put on here. So I will put a Activescan.txt from Panda ActiveScan, ComboScan.txt and Supplementary.txt from ComboScan. Activescan.txt from Panda ActiveScan: Incident Status Location Virus:Bck/Sdbot.JXD Disinfected Operating system Adware:adware/wupd Not disinfected Windows Registry Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\53wed9kg.default\cookies.txt[.tribalfusion.com/] Virus:Trj/Banker.FTI Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Raptisoft\HamsterBall\super_gerball.exe Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats1.reliablestats[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantivirus[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.winantivirus[1].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL Virus:Trj/ConHook.AZ Disinfected C:\WINDOWS\mssvb.exe Virus:Bck/Sdbot.JXD Disinfected C:\WINDOWS\system32\vpnsvc.exe ComboScan.txt from ComboScan: ComboScan v20070226.18 run by HP_Administrator on 2007-03-03 at 15:59:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as HP_Administrator.exe) ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 4:01:56 PM, on 3/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\digivue\Digivue.exe C:\Program Files\digivue\shttps\http.exe C:\WINDOWS\system32\vpnsvc.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\HP_Administrator\Desktop\comboscan.exe C:\PROGRA~1\HIJACK~1\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\wvuvvvv.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {4F390BA6-8D71-4312-978E-80C84B7BA88C} - C:\WINDOWS\system32\ddayx.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuvvvv - wvuvvvv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Smart Card (VPNSVC) - Unknown owner - C:\WINDOWS\system32\vpnsvc.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys 1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys 3R aracpi - C:\WINDOWS\system32\drivers\aracpi.sys 3S arhidfltr (MS Ar HID Filter Driver) - C:\WINDOWS\system32\drivers\arhidfltr.sys 3R arkbcfltr (Microsoft PS2 Keyboard Filter) - C:\WINDOWS\system32\drivers\arkbcfltr.sys 3R armoucfltr (Microsoft PS2 Mouse Filter) - C:\WINDOWS\system32\drivers\armoucfltr.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 3R ARPolicy - C:\WINDOWS\system32\drivers\arpolicy.sys 0R bb-run (Promise driver accelerator) - C:\WINDOWS\system32\drivers\bb-run.sys 1R cdrbsvsd - C:\WINDOWS\system32\drivers\cdrbsvsd.sys 0R ftsata2 - C:\WINDOWS\system32\drivers\ftsata2.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys 3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys 3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys 0R iaStor (Intel RAID Controller) - C:\WINDOWS\system32\drivers\iaStor.sys 1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys 1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys 1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\DRIVERS\intelppm.sys (not found) 3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys 3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 2R npkcrypt - C:\Program Files\Wizet\MapleStory\npkcrypt.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys 3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys 1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys 3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys 3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 3R WinDriver6 - C:\WINDOWS\system32\drivers\windrvr6.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R ARSVC - C:\WINDOWS\arservice.exe 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe 3S Fax - C:\WINDOWS\system32\fxssvc.exe 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 2R McDetect.exe (McAfee WSC Integration) - c:\program files\mcafee.com\agent\mcdetect.exe 2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 2R McShield (McAfee.com McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe 2R McTskshd.exe (McAfee Task Scheduler) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe 3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe 3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 0S Pml Driver HPZ12 - \SystemRoot\C:\WINDOWS\system32\HPZipm12.exe 2R SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe 3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R VPNSVC (Virtual Smart Card) - "C:\WINDOWS\system32\vpnsvc.exe" 2S spupdsvc (Windows Service Pack Installer update service) - C:\WINDOWS\system32\spupdsvc.exe -- Files created between 2007-02-03 and 2007-03-03 ------------------------------ 2007-03-03 16:01:48 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-03-03 15:43:21 44177 --a------ C:\WINDOWS\system32\pymptdex.dll 2007-03-03 15:43:04 48660 --a------ C:\WINDOWS\system32\mlsaixxf.dll 2007-03-03 15:43:03 1195265 ---hs---- C:\WINDOWS\system32\xyadd.bak2<XYADD~2.BAK> 2007-03-03 15:30:26 0 d-------- C:\ie-spyad_zo<IE-SPY~1> 2007-03-03 03:24:56 69 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys<PFDNNT~1.SYS> 2007-03-03 03:24:55 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe 2007-03-03 03:18:38 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-03 03:18:36 0 d-------- C:\WINDOWS\LastGood 2007-03-03 02:27:07 1194486 ---hs---- C:\WINDOWS\system32\xyadd.ini2<XYADD~1.INI> 2007-03-03 01:58:33 0 --a------ C:\WINDOWS\ORUN32.EXE 2007-03-03 01:58:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-03-03 01:52:06 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3> 2007-03-03 01:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:51:41 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1> 2007-03-03 01:51:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-03 01:50:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-03-03 01:01:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-03-03 01:01:00 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-03-03 01:01:00 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-03-03 01:00:44 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~2> 2007-03-03 01:00:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools<PCTOOL~1> 2007-03-02 23:14:06 164 --a------ C:\install.dat 2007-03-02 23:07:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo! 2007-03-02 15:42:54 1186762 ---hs---- C:\WINDOWS\system32\xyadd.bak1<XYADD~1.BAK> 2007-03-02 15:42:28 282164 -----n--- C:\WINDOWS\system32\ddayx.dll 2007-02-28 22:26:46 66560 --a------ C:\WINDOWS\system32\rsbmsc.exe 2007-02-25 17:10:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore 2007-02-25 17:09:59 0 d-------- C:\Program Files\Common Files\Nullsoft 2007-02-25 17:09:37 0 d-------- C:\Program Files\AIM6 2007-02-24 23:05:57 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1> 2007-02-24 22  33 54272 -----n--- C:\WINDOWS\system32\vpnsvc.exe2007-02-15 18:49:23 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-15 18:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-02-15 00 26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint<VIEWPO~1>2007-02-06 15:21:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat -- Find3M Report ---------------------------------------------------------------- 2007-03-03 15:59:10 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-03 15:17:00 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-03-03 03:45:33 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-03-03 03:36:50 0 d-------- C:\Program Files\digivue 2007-03-03 03:35:47 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1> 2007-02-26 16:44:56 0 d-------- C:\Program Files\Common Files\AOL 2007-02-25 17:10:11 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1> 2007-02-25 17:03:17 0 d-------- C:\Program Files\AIM 2007-02-18 17:37:59 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-15 18:48:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM 2007-02-13 18:42:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2007-02-02 16:15:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-16 22:34:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-01-16 22:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\"" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AlwaysReady Power Message APP"="ARPWRMSG.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "RTHDCPL"="RTHDCPL.EXE" "HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "PCDrProfiler"="" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\"" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\"" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "KBD"="C:\\HP\\KBD\\KBD.EXE" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1FFB1A32-1D58-46CF-BE8B-237586AF7F2F}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvvv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-03-03 at 16:02:43 ------------------------- Supplementary.txt from ComboScan: ComboScan v20070226.18 run by HP_Administrator on 2007-03-03 at 15:59:02 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 71% Physical Memory (total/avail): 958.48 MiB / 271.79 MiB Pagefile Memory (total/avail): 2312.46 MiB / 1511.94 MiB Virtual Memory (total/avail): 2047.88 MiB / 1983.89 MiB C: is Fixed (NTFS) - 224.38 GiB total, 201.9 GiB free. D: is Fixed (FAT32) - 8.49 GiB total, 0.42 GiB free. E: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. AV: McAfee VirusScan v (McAfee) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SKULD ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Administrator LOGONSERVER=\\SKULD NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2b01 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp USERDOMAIN=SKULD USERNAME=HP_Administrator USERPROFILE=C:\Documents and Settings\HP_Administrator windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- HP_Administrator (admin) account (new local, admin) Administrator (admin) -- Add/Remove Programs ---------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Agere Systems PCI-SV92PP Soft Modem --> agrsmdel AIM 6.0 --> C:\Program Files\AIM6\uninst.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Client --> C:\PROGRA~1\Client\UNWISE.EXE C:\PROGRA~1\Client\INSTALL.LOG Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033 Digivue --> C:\PROGRA~1\digivue\UNWISE.EXE C:\PROGRA~1\digivue\INSTALL.LOG DigiVue Client --> C:\PROGRA~1\DIGIVU~1\UNWISE.EXE C:\PROGRA~1\DIGIVU~1\INSTALL.LOG Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP DVD Play 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP Extended Capabilities 5.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll" J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966} Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612} McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm Microsoft Away Mode --> Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PS2 --> C:\WINDOWS\system32\ps2.exe uninstall QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe" Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Update Rollup 2 for Windows XP Media Center Edition 2005 --> Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of ComboScan: finished at 2007-03-03 at 16:02:43 ------------------------- Last edited by h0pefulchilD : 03-03-2007 at 04:00 PM. |
|
     |
|
03-03-2007, 04:05 PM
|
#2 (permalink) |
|
Moderator, Microsoft Support, Happy to support TSF!
Join Date: Feb 2005
Location: United Kingdom
Posts: 6,580
OS: XP Pro SP3, Vista Ultimate SP1, Ubuntu v8.04
|
Hi h0pefulchilD, welcome to TSF...
for a 'noob', i'm impressed with how well you documented everything and all the log files  Anyway, there are issues in the log which need addressing so I am going to move this across to the Hijack This forum. I advise you to subcribe to the thread so as soon as one of our analysts is able to review it and give you some instruction, you will receive an email. Try not to worry about things too much as i'm confident they will help you fix things. If you have any questions or problems, don't hesitate to ask.
__________________
  ASUS P5K-E WiFi | Intel Core 2 Duo E6600 Conroe 2.4GHz (OC 3.60GHz) | 2GB Corsair DDR2 XMS2-6400C4 RAM (4-4-4-12) | PowerColor ATI Radeon HD 3850 Pro Xtreme 512MB GDDR3 GPU | 1xMaxtor DiamondMax 22 500GB & 4xMaxtor DiamondMax 21 250GB SATA HDDs | Zalman CNPS9500 Heatsink + 6 LED Case Fans | Corsair HX620W Modular PSU | Enermax Black Knight (CS-527) Case | Pioneer DVR-216 SATA 20x20 DVD±RW In a world without walls or fences - who needs Windows and Gates? |
|
|
|
|
03-04-2007, 08:34 PM
|
#3 (permalink) |
|
Analyst, Security Team; Assistant Rangemaster, TSF Academy
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
Welcome to Tech Support Forum!  I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. Your system has a Vundo infection. So, let’s do this first. First of all, we will need to disable a few security applications as they may interfere with the fixes that we need to make. To disable Spybot’s TeaTimer function:
To deactivate Spyware Doctor's OnGuard Tools:
To disable SpywareGuard:
NEXT: Please download VundoFix.exe by Atribune and save it to your desktop.
NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Run VundoFix and scan for Vundo as many times as necessary until VundoFix says "No infected files were found".
__________________
 Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-05-2007, 06:58 PM
|
#4 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
reply to above
Hi!
I don't think there's a need to apologize. I was expecting to bump my thread. I understand how busy life can get. And probably hundreds others are trying to get your help too. My computer's behavior seem to have changed a bit. I've uninstalled Mcafee since it was out of date. I've installed AVG 7.5, and ZoneAlarm. Both are free downloaded from download.com. My friend also suggest I unplug the ethernet cable when I'm not doing anything important. I did. My computer seems calmer now. And not lagging. The ddayx notifications have stopped. I don't know if it'll help but here's a little more information I got: The BHO's that have popped up: 5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB B56A7D7D-6927-48C8-A975-17DF180C71AC 106CF321-99A3-4E3A-9103-1BD027606A99 The BHO that have stopped popping up: 4604025E-43D8-4BDC-B868-E07538508A66 I don't know if it was a needed BHO or not so I denied them all access. There was a file on CCleaner that won't delete: C:\WINDOWS\Internet Logs\ZALog.txt I won't let me deleted it manually either. I don't know if its a bad file or not. The title seems to tell me its a ZoneAlarm text. My friend also told me two Antiviruses might cause problems and told me to uninstall SUPERAntiVirus and I did. I am really glad that you have found out the problem to my computer. You don't how how much ease that sentence has given me. Words cannot express. Well, now I am off to do what you told me. I'll reply the .txt file in my next reply. Oh, I also notice I was suppose to attach the Supplementary.txt Sorry about that! |
|
|
|
|
03-05-2007, 07:18 PM
|
#5 (permalink) |
|
Analyst, Security Team; Assistant Rangemaster, TSF Academy
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
No worries about ZAlog.txt. That is the log of ZoneAlarm. I don't think you could delete it easily even if you wanted to because it would be a locked file. That would require special tools. But, you can leave it alone. Yes, two or more AVs are not recommended. You can have them on your system, but just ensure that only ONE is on auto-protect mode, while the others are used for ad-hoc scans only. By the way, SUPERAntiSpyware is not an AV, and if you have the free home version, there is no auto-protect mode installed. You may reinstall it because it is an excellent scanner for spyware and trojans. It is best used in Safe Mode, though. No worries about the Supplementary.txt from ComboScan, either. As long you can get it here, in whatever form, is fine. Let me know how things go. Cheers! ~ Semps
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna : 03-05-2007 at 07:19 PM. |
|
|
|
|
03-05-2007, 07:24 PM
|
#6 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 26
OS: WinXP
|
reply
I've done all that you've told me to.
Except for downloading ResetTeaTimer.bat I got a whole page full of text. Maybe it's because I don't have a program to open a .bat file What should I do? Additional Info: A tracking cookie from Internet Explorer Hp Administrator won't deleted from Spybot. -Waiting for your further guidance Last edited by h0pefulchilD : 03-05-2007 at 07:40 PM. |
|
|
|
|
03-05-2007, 10:15 PM
|
#7 (permalink) | |
|
Analyst, Security Team; Assistant Rangemaster, TSF Academy
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Hi h0pefulchilD,
No worries about that tracking cookie. These are low-level malware and pose no danger to your system. We'll get a crack at it later on (please remind me if I forget ).OK, let's make the batch file to replace the ResetTeaTimer.bat file that you couldn't download. Please do this next. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK), and copy and paste the text present inside the quote box below: Quote:
It should look like this:  Double-click ResetTeaTimer.bat on your desktop. In case you still are unsure on how to create a BAT file, please take a look HERE with screenshots. NEXT: Proceed with the rest of the directions, and let me know if you encounter any problems. Cheers! ~ Semps
__________________ < |
