Couple week ago I got spy ware on my computer and its been slowing everything down. I had my desktop background frozen with a sign saying warning spy ware but I got that off using ad ware se but it come back sometimes but anyways I keep getting pop ups of spy ware program and all this crap and I have warning signs on the taskbar icons I cant get ride of. I used some program I found off other threads but I still can’t get ride of it. Here is my log it would be greatly appreciated if anyone can help me with this problem thanks.
StartupList report, 10/15/2005, 11:23:14 AM
StartupList version: 1.52
Started from : C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX17.329\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msole32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mpifs\Lvlf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netqn32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\??rvices.exe
C:\Program Files\apsi\wtta.exe
C:\WINDOWS\system32\fxssvc.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\sdksl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Steam-Down\steam.exe
c:\program files\steam-down\SteamEngine.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX17.329\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Image Transfer.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv = c:\windows\system\hpsysdrv.exe
PreloadApp = c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
KBD = C:\HP\KBD\KBD.EXE
DDCM = "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
DDCActiveMenu = "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz = nwiz.exe /install
S3apphk = S3apphk.exe
PS2 = C:\WINDOWS\system32\ps2.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
DeviceDiscovery = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
InfoPenMSN = C:\Program Files\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Parallel Tasking = C:\Program Files\Parallel Tasking\ptask.exe
version = C:\WINDOWS\System32\Rziskd.exe
secure = C:\WINDOWS\System32\Dwqmoz.exe
Zevbg = C:\Program Files\Mpifs\Lvlf.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
A70F6A1D-0195-42a2-934C-D8AC0F7C08EB = rundll32.exe E6F1873B.DLL,D9EBC318C
98D0CE0C16B1 = rundll32.exe D0CE0C16B1,D0CE0C16B1
msn6.exe = C:\Program Files\MSN\MSNCoreFiles\msn6.exe
d3vb.exe = C:\WINDOWS\d3vb.exe
aDgSBbxB6 = C:\WINDOWS\xudyolfd.exe
applf.exe = C:\WINDOWS\applf.exe
apigd32.exe = C:\WINDOWS\apigd32.exe
RegSvr32 = C:\WINDOWS\System32\msmsgs.exe
crew32.exe = C:\WINDOWS\system32\crew32.exe
ipnw.exe = C:\WINDOWS\system32\ipnw.exe
ipwk.exe = C:\WINDOWS\ipwk.exe
netqn32.exe = C:\WINDOWS\system32\netqn32.exe
mstt.exe = C:\WINDOWS\system32\mstt.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
Microsoft Works Update Detection = c:\Program Files\Microsoft Works\WkDetect.exe
Zero Knowledge Freedom = C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Steam = "c:\program files\valve\steam\steam.exe" -silent
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Instant Access = rundll32.exe EGDACCESS_1060.dll,InstantAccess
Dyoa = C:\WINDOWS\System32\??rvices.exe
Notn = "C:\Program Files\apsi\wtta.exe" -vt mt
POPUPWATCH = C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe /STARTUP
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\WINDOWS\System32\hp61EA.tmp - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}
--------------------------------------------------
Enumerating Task Scheduler jobs:
A5B8ED6F918B6067.job
AB3290079185061B.job
AFCAABA791855CAF.job
Norton AntiVirus - Scan my computer - Owner.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE =
http://office.microsoft.com/templates/ieawsdc.cab[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
http://www.apple.com/qtactivex/qtplugin.cab[{10000000-1000-0000-1000-000000000000}]
CODEBASE = file://C:\Program Files\Internet Explorer\yjjtomvm.exe
[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
CODEBASE =
http://static.windupdates.com/cab/MediaAcc...e/bridge-c1.cab[{1604DF98-D1A5-44FE-844A-98D6FD0518D0}]
InProcServer32 = C:\WINDOWS\System32\EGDACCESS_1060.dll
CODEBASE =
http://akamai.downloadv3.com/binaries/EGDA...ESS_1060_XP.cab[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwa...director/sw.cab[ChainCast VMR Client Proxy]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ccpm_0237.dll
CODEBASE =
http://www.streamaudio.com/download/ccpm_0237.cab[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE =
http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[FilePlanet Download Control Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FilePlanetDownloadCtrl.dll
CODEBASE =
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE =
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE =
http://software-dl.real.com/07a577fbec0a01...ip/RdxIE601.cab[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE =
http://v5.windowsupdate.microsoft.com/v5co...b?1103393260421[Ofoto Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE =
http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab[Yahoo! Webcam Upload Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll
CODEBASE =
http://chat.yahoo.com/cab/yuplapp.cab[YMSC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ymsc.dll
CODEBASE =
http://download.yahoo.com/dl/toolbar/modules/ymsc.cab[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/...8190.7385069444[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn.com/download/MsnMesse...pDownloader.cab[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE =
http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab[{BD3653E4-884B-43C4-970B-670802501B7F}]
InProcServer32 = C:\WINDOWS\eg_auth_1043.dll
CODEBASE =
http://akamai.downloadv3.com/binaries/P2EC..._1043_EN_XP.cab[{C6760A07-A574-4705-B113-7856315922C3}]
InProcServer32 = C:\WINDOWS\System32\sysnetsvc32.dll
CODEBASE =
http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://fpdownload.macromedia.com/get/shock...ash/swflash.cab[AxisMediaControlEmb Class]
InProcServer32 = C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll
CODEBASE =
http://mercerunion.axiscam.net/activex/AMC.cab--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 12,528 bytes
Report generated in 3.172 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
