« previous next »
Pages: [1] 2

Author Topic: SPYWARE,HELP!  (Read 689 times)

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« on: November 09, 2008, 02:39:15 PM »
Well, i downloaded this BS program called convert surfer or something like that and i noticed as soon as i downloaded my pc way acting funny. so i tried to delete ,but i couldn't find it at first(it wasn't in "add or remove programs"),but I found it
after i found it in a hidden file!I also had downloaded another BS program,but i'm not sure if it caused any harm to my pc.

I noticed a big difference tho as soon as i restarted my pc and i got this error every time i start up my pc.Now my internet feels slow and some of my programs won't load(only bit torrent so far).PLz help someone.






Here is my hijacl log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:17 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe

--
End of file - 11508 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #1 on: November 09, 2008, 03:16:25 PM »
I see a lot of Spyware protection programs running in the background
Which did you recently install to help with your problems?
eg.. Spybot, Windows Defender, Spyware Doctor
All legit, but it may help to track down the problem

In addition, can you do the following please
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Can you post Both those logs please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #2 on: November 09, 2008, 04:38:29 PM »
----------INFO-----------
info.txt logfile of random's system information tool 1.04 2008-11-09 16:32:34

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Diskeeper Professional Premier Edition-->MsiExec.exe /X{7D8CC2F9-6787-4354-A709-8EE9FD3D8AFF}
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ffdshow [rev 1685] [2007-12-06]-->"C:\Program Files\ffdshow\unins000.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GGPO-->MsiExec.exe /X{68BD9036-0952-4849-AE7A-963BB53EDB71}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Hide My IP 2008-->"C:\Program Files\Hide My IP 2008\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstall
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E073D315-3C54-44BF-A1B2-B5583AEA618C}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}\setup.exe" -l0x9
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0-->C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
USB Dual Vibration Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39A68007-970B-4A78-9519-64D4B13824F9}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Diskeeper Corporation\Diskeeper\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
Logged

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #3 on: November 09, 2008, 04:40:10 PM »
LOG (part 1)



Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-11-09 16:32:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 168 GB (61%) free of 278 GB
Total RAM: 1982 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:29 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe

--
End of file - 11489 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-08-01 825528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2006-08-01 850104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-11-11 1064960]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-11-11 61440]
"DMAScheduler"=c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [2005-11-01 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-07 1797880]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-07 1797880]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-04-19 319488]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Spyware Doctor"=C:\Program Files\Spyware Doctor\swdoctor.exe [2006-12-11 2115728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Documents and Settings\HP_Administrator\My Documents\Video Games\GGPO(v2)\ggpo.exe"="C:\Documents and Settings\HP_Administrator\My Documents\Video Games\GGPO(v2)\ggpo.exe:*:Enabled:ggpo"
"C:\Documents and Settings\HP_Administrator\My Documents\Video Games\GGPO(v2)\ggpofba.exe"="C:\Documents and Settings\HP_Administrator\My Documents\Video Games\GGPO(v2)\ggpofba.exe:*:Enabled:Emulator for MC68000/Z80 based arcade games"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{316e5b24-acbe-11dd-b290-0013d3ffee22}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{402b14a9-acd3-11dd-b28d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Logged

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #4 on: November 09, 2008, 04:41:48 PM »
LOG(part 2)


======List of files/folders created in the last 1 months======

2008-11-09 16:32:21 ----D---- C:\rsit
2008-11-09 14:22:57 ----D---- C:\Program Files\Trend Micro
2008-11-09 12:29:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-09 07:55:51 ----D---- C:\Program Files\SpywareBlaster
2008-11-09 07:55:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-09 07:54:54 ----D---- C:\Program Files\Spyware Doctor
2008-11-09 07:54:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2008-11-09 07:05:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-09 07:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 06:46:31 ----A---- C:\WINDOWS\system32\securenet.dll
2008-11-09 06:45:34 ----D---- C:\Program Files\Hide My IP 2008
2008-11-09 06:30:49 ----A---- C:\WINDOWS\WORDPAD.INI
2008-11-09 02:37:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2008-11-09 00:12:29 ----D---- C:\WINDOWS\Sun
2008-11-09 00:12:28 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2008-11-08 23:55:45 ----A---- C:\WINDOWS\ARCHPR4.INI
2008-11-08 17:36:35 ----D---- C:\Program Files\ElcomSoft
2008-11-08 17:32:38 ----D---- C:\WINDOWS\Prefetch
2008-11-08 17:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-08 17:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-08 17:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-08 17:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-08 17:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-08 17:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-08 17:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-08 17:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-08 17:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-08 17:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-08 17:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-08 17:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-08 17:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-08 17:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 17:24:24 ----D---- C:\WINDOWS\system32\scripting
2008-11-08 17:24:23 ----D---- C:\WINDOWS\system32\en
2008-11-08 17:24:23 ----D---- C:\WINDOWS\system32\bits
2008-11-08 17:24:23 ----D---- C:\WINDOWS\l2schemas
2008-11-08 17:22:12 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-08 17:16:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-08 17:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-11-08 17:07:12 ----D---- C:\WINDOWS\ie7updates
2008-11-08 17:06:39 ----D---- C:\WINDOWS\WBEM
2008-11-08 17:06:34 ----D---- C:\WINDOWS\system32\en-US
2008-11-08 17:04:36 ----HDC---- C:\WINDOWS\ie7
2008-11-08 17:04:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-08 17:03:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-08 17:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-08 17:02:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-08 17:00:57 ----D---- C:\WINDOWS\network diagnostic
2008-11-08 17:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-11-08 17:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-11-08 16:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-08 16:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-08 16:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-08 16:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-08 16:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-11-08 16:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-08 16:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-08 16:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-08 16:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-08 16:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-08 16:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-08 16:45:08 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-08 16:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-11-08 16:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-08 16:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-08 16:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-08 16:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-08 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-08 16:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-08 16:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-08 16:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-08 16:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-08 16:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-08 16:21:07 ----D---- C:\Program Files\MSXML 4.0
2008-11-08 16:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-08 16:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-08 16:18:21 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-08 16:18:20 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-08 16:18:19 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-08 16:18:19 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-08 16:18:18 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-08 16:18:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-08 16:18:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-08 16:18:10 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-08 16:18:10 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-08 16:18:07 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-08 16:18:07 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-08 16:18:07 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-08 16:18:07 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-08 16:18:07 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-08 16:18:07 ----N---- C:\WINDOWS\slrundll.exe
2008-11-08 16:18:06 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-08 16:18:05 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-08 16:18:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-08 16:18:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-08 16:18:03 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-08 16:18:03 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-08 16:18:03 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-08 16:18:03 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-08 16:18:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-08 16:18:01 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-08 16:18:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-08 16:17:57 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-08 16:17:57 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-08 16:17:57 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-08 16:17:57 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-08 16:17:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-08 16:17:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-08 16:17:56 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-11-08 16:17:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-08 16:17:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-08 16:17:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-08 16:17:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-08 16:17:49 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-08 16:17:44 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-08 16:17:44 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-08 16:17:44 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-08 16:17:44 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-08 16:17:43 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-08 16:17:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-08 16:17:37 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-08 16:17:37 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-08 16:17:35 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-08 16:17:34 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-08 16:17:31 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-08 16:17:31 ----A---- C:\WINDOWS\003017_.tmp
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-08 16:17:30 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-08 16:17:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-08 16:17:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-08 16:17:27 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-08 16:17:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-08 16:17:22 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-08 16:17:21 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-08 16:17:21 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-08 16:17:21 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-08 16:17:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-08 16:14:45 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 16:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-08 16:08:47 ----D---- C:\Program Files\NOS
2008-11-08 16:07:10 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-11-08 06:45:51 ----A---- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-11-08 06:45:42 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-11-08 06:45:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-08 06:43:11 ----D---- C:\SystemRoot
2008-11-08 06:41:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-11-08 06:40:42 ----D---- C:\temp
2008-11-08 06:38:56 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-11-08 03:18:27 ----D---- C:\Program Files\OpenSource Flash Video Splitter
2008-11-08 03:18:05 ----D---- C:\Program Files\Haali
2008-11-08 03:17:55 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-11-08 03:17:50 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-11-08 03:17:43 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2008-11-08 03:17:32 ----D---- C:\Program Files\ffdshow
2008-11-08 03:17:21 ----D---- C:\Program Files\DirectVobSub
2008-11-08 03:16:53 ----D---- C:\Program Files\Zoom Player
2008-11-08 03:06:53 ----N---- C:\WINDOWS\kb913800.exe
2008-11-08 03:00:27 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-08 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-07 19:50:18 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-07 18:23:55 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2008-11-07 18:23:46 ----D---- C:\Program Files\Diskeeper Corporation
2008-11-07 18:23:03 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-07 18:20:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-11-07 17:48:52 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2008-11-07 17:40:59 ----D---- C:\Program Files\GGPO
2008-11-07 09:02:41 ----RASH---- C:\BOOT.BAK
2008-11-07 09:02:29 ----RSHD---- C:\cmdcons
2008-11-07 09:02:29 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-07 09:02:27 ----D---- C:\WINDOWS\setup.pss
2008-11-07 08:59:35 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2008-11-07 08:59:31 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-11-07 08:59:31 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-11-07 08:59:30 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-11-07 08:59:30 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-11-07 08:53:15 ----SHD---- C:\System Volume Information
2008-11-07 08:26:54 ----D---- C:\Program Files\PeerGuardian2
2008-11-07 08:17:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-11-07 08:17:38 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-11-07 08:17:38 ----A---- C:\WINDOWS\system32\guard32.dll
2008-11-07 08:17:37 ----D---- C:\Program Files\COMODO
2008-11-07 08:16:39 ----D---- C:\Program Files\MONOGRAM AMR SplitterDecoder
2008-11-07 08:16:38 ----D---- C:\Program Files\CD Audio Reader Filter
2008-11-07 08:16:37 ----D---- C:\Program Files\DScaler5
2008-11-07 08:16:31 ----D---- C:\Program Files\RealMedia
2008-11-07 08:16:20 ----D---- C:\Program Files\SHOUTcast Source
2008-11-07 08:16:18 ----D---- C:\Program Files\DSP-worx
2008-11-07 08:14:51 ----D---- C:\Program Files\7-Zip
2008-11-07 08:11:11 ----D---- C:\Program Files\Windows Defender
2008-11-07 08:10:23 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-07 08:09:18 ----D---- C:\Program Files\WinRAR
2008-11-07 08:09:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-11-07 08:08:49 ----D---- C:\Program Files\VideoLAN
2008-11-07 08:08:21 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-11-07 08:06:21 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-07 08:06:21 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-07 08:06:21 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-07 08:06:21 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-07 08:06:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-07 08:06:20 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-07 08:06:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-07 08:06:20 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-07 08:06:20 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-07 08:06:19 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-07 08:06:19 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-07 08:06:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-07 08:06:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-07 08:06:18 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-07 08:06:18 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-07 08:06:17 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-07 08:06:17 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-07 08:06:17 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-07 08:06:16 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-07 08:06:16 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-07 08:06:14 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-07 08:06:14 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-07 08:06:14 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-07 08:06:13 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-07 08:06:13 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-07 08:06:13 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-07 08:06:12 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-07 08:06:12 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-07 08:06:12 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-07 08:06:11 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-07 08:06:11 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-07 08:06:11 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-07 08:06:11 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-07 08:06:10 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-07 08:06:10 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-07 08:06:10 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-07 08:06:09 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-07 08:06:08 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-07 08:06:08 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-07 08:06:08 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-07 08:06:07 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-07 08:06:07 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-07 08:06:07 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-07 08:06:06 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-07 08:06:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-07 08:06:06 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-07 08:06:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-07 08:06:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-07 08:06:03 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-07 08:06:03 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-07 08:06:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-07 08:06:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-07 08:06:02 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-07 08:06:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-07 08:06:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-07 08:06:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-07 08:06:00 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-07 08:05:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-07 08:04:36 ----D---- C:\WINDOWS\Logs
2008-11-07 08:00:43 ----A---- C:\WINDOWS\system32\avsda.dll
2008-11-07 08:00:42 ----D---- C:\Program Files\Avira
2008-11-07 08:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-07 07:58:16 ----D---- C:\Program Files\Combined Community Codec Pack
2008-11-07 07:44:53 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-11-07 07:44:47 ----D---- C:\Program Files\Mozilla Firefox
2008-11-07 07:44:15 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-11-07 07:44:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-11-07 07:42:42 ----D---- C:\Program Files\Vuze
2008-11-07 07:33:48 ----RSD---- C:\WINDOWS\assembly
2008-11-07 07:33:41 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-07 07:30:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-07 07:08:11 ----SHD---- C:\RECYCLER
2008-11-07 07:01:22 ----D---- C:\98689976 574
2008-11-07 06:45:22 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-11-07 06:32:17 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-11-07 06:30:40 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-07 06:24:27 ----A---- C:\WINDOWS\system32\Icam3EXT.dll
2008-11-07 06:19:31 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-07 06:16:41 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2008-11-07 06:16:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-07 06:15:05 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-11-07 06:13:43 ----D---- C:\Program Files\MSXML 6.0
2008-11-07 06:09:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #5 on: November 09, 2008, 04:52:06 PM »
Quote
I see a lot of Spyware protection programs running in the background
Which did you recently install to help with your problems?
eg.. Spybot, Windows Defender, Spyware Doctor
All legit, but it may help to track down the problem

I also forgot to mention, I don't use Avira Premium, but I assume it also has anti-spyware protection
Is that correct on your version, and is it active?

Edit>>Can you also look in your Event Viewer for any application errors referencing to that error message you linked to
Post back the findings of any file in relation
Go to START>>Control Panel>>Administrative tools>>Event Viewer>>
Application

Look for any Red error message, you can double click on them and copy/paste back here the description
Might give a clue
« Last Edit: November 09, 2008, 05:09:14 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #6 on: November 09, 2008, 05:06:16 PM »
[quote name=\'guestolo\' post=\'446653\' date=\'Nov 9 2008, 04:52 PM\']I also forgot to mention, I don't use Avira Premium, but I assume it also has anti-spyware protection
Is that correct on your version, and is it active?[/quote]


Yeah i got that along with:

spybot
windows defender
spyware doctor
spyware blaster
Logged

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #7 on: November 09, 2008, 05:09:12 PM »
I'm gettin this error when i try to post the rest of the "log".


Here's a picture of the error.

http://i3.photobucket.com/albums/y55/alucardxxx/error2.jpg


Heres the rest of the log(i had to take pictures of the rest).


Part 3: http://i3.photobucket.com/albums/y55/alucardxxx/logpart4.jpg

Part4: http://i3.photobucket.com/albums/y55/alucardxxx/logpart4.jpg

Part5: http://i3.photobucket.com/albums/y55/alucardxxx/Logpart5.jpg
« Last Edit: November 09, 2008, 05:48:59 PM by alucard19 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #8 on: November 09, 2008, 05:12:15 PM »
Sorry, I was editing my last post when you replied

You might of not seen this
Quote
Edit>>Can you also look in your Event Viewer for any application errors referencing to that error message you linked to
Post back the findings of any file in relation
Go to START>>Control Panel>>Administrative tools>>Event Viewer>>
Application

Look for any Red error message, you can double click on them and copy/paste back here the description
Might give a clue
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #9 on: November 09, 2008, 05:21:44 PM »
Ok. i'm not sure how can i copy and paste the the errors i have in that "Application" file thing so i'm going to take some pictures and load them up.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #10 on: November 09, 2008, 05:25:00 PM »
All you have to do
Is look under description:
Left click and Highlight everything

Then use the

Ctrl + C

2 key combination to Copy the contents
« Last Edit: November 09, 2008, 05:25:24 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #11 on: November 09, 2008, 05:34:36 PM »
« Last Edit: November 09, 2008, 05:40:14 PM by alucard19 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #12 on: November 09, 2008, 05:43:07 PM »
I don't think you saw this
Quote
All you have to do
Is look under description:
Left click and Highlight everything

Then use the

Ctrl + C

2 key combination to Copy the contents

What I want you to do actually
The first link you posted showed a RED ERROR
with the dates 11/9/2008

Double click on that error message, a new box will open
Under description, you can copy/paste the whole info back here
Post a few of them
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #13 on: November 09, 2008, 05:55:17 PM »
oh i see. ok

heres the post from the first 5 errors

0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 69 65 78   ure  iex
0018: 70 6c 6f 72 65 2e 65 78   plore.ex
0020: 65 20 37 2e 30 2e 36 30   e 7.0.60
0028: 30 30 2e 31 36 37 33 35   00.16735
0030: 20 69 6e 20 75 6e 6b 6e    in unkn
0038: 6f 77 6e 20 30 2e 30 2e   own 0.0.
0040: 30 2e 30 20 61 74 20 6f   0.0 at o
0048: 66 66 73 65 74 20 30 30   ffset 00
0050: 30 30 30 30 30 30 0d 0a   000000..



0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 73 76 63   ure  svc
0018: 68 6f 73 74 2e 65 78 65   host.exe
0020: 20 35 2e 31 2e 32 36 30    5.1.260
0028: 30 2e 35 35 31 32 20 69   0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77   n unknow
0038: 6e 20 30 2e 30 2e 30 2e   n 0.0.0.
0040: 30 20 61 74 20 6f 66 66   0 at off
0048: 73 65 74 20 30 30 30 30   set 0000
0050: 30 30 30 30               0000    



0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 66 69 72   ure  fir
0018: 65 66 6f 78 2e 65 78 65   efox.exe
0020: 20 31 2e 39 2e 30 2e 33    1.9.0.3
0028: 31 38 38 20 69 6e 20 75   188 in u
0030: 6e 6b 6e 6f 77 6e 20 30   nknown 0
0038: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0040: 74 20 6f 66 66 73 65 74   t offset
0048: 20 30 30 30 30 30 30 30    0000000
0050: 30 0d 0a                  0..    



0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 61 7a 75   ure  azu
0018: 72 65 75 73 2e 65 78 65   reus.exe
0020: 20 33 2e 30 2e 30 2e 30    3.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e    in unkn
0030: 6f 77 6e 20 30 2e 30 2e   own 0.0.
0038: 30 2e 30 20 61 74 20 6f   0.0 at o
0040: 66 66 73 65 74 20 30 30   ffset 00
0048: 30 30 30 30 30 30 0d 0a   000000..


0000: 6d 00 70 00 74 00 65 00   m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00   l.e.m.e.
0010: 74 00 72 00 79 00 2c 00   t.r.y.,.
0018: 20 00 38 00 30 00 30 00    .8.0.0.
0020: 38 00 30 00 30 00 30 00   8.0.0.0.
0028: 35 00 2c 00 20 00 75 00   5.,. .u.
0030: 70 00 64 00 61 00 74 00   p.d.a.t.
0038: 65 00 73 00 65 00 72 00   e.s.e.r.
0040: 76 00 69 00 63 00 65 00   v.i.c.e.
0048: 6d 00 61 00 6e 00 61 00   m.a.n.a.
0050: 67 00 65 00 72 00 2d 00   g.e.r.-.
0058: 5f 00 67 00 65 00 74 00   _.g.e.t.
0060: 5f 00 73 00 65 00 72 00   _.s.e.r.
0068: 76 00 69 00 63 00 65 00   v.i.c.e.
0070: 73 00 2c 00 20 00 66 00   s.,. .f.
0078: 61 00 6c 00 6c 00 62 00   a.l.l.b.
0080: 61 00 63 00 6b 00 63 00   a.c.k.c.
0088: 68 00 65 00 63 00 6b 00   h.e.c.k.
0090: 2c 00 20 00 31 00 2e 00   ,. .1...
0098: 31 00 2e 00 31 00 35 00   1...1.5.
00a0: 39 00 33 00 2e 00 30 00   9.3...0.
00a8: 2c 00 20 00 6d 00 70 00   ,. .m.p.
00b0: 73 00 69 00 67 00 64 00   s.i.g.d.
00b8: 77 00 6e 00 2e 00 64 00   w.n...d.
00c0: 6c 00 6c 00 2c 00 20 00   l.l.,. .
00c8: 31 00 2e 00 31 00 2e 00   1...1...
00d0: 31 00 35 00 39 00 33 00   1.5.9.3.
00d8: 2e 00 30 00 2c 00 20 00   ..0.,. .
00e0: 77 00 69 00 6e 00 64 00   w.i.n.d.
00e8: 6f 00 77 00 73 00 20 00   o.w.s. .
00f0: 64 00 65 00 66 00 65 00   d.e.f.e.
00f8: 6e 00 64 00 65 00 72 00   n.d.e.r.
0100: 2c 00 20 00 4e 00 49 00   ,. .N.I.
0108: 4c 00 2c 00 20 00 4e 00   L.,. .N.
0110: 49 00 4c 00 20 00 4e 00   I.L. .N.
0118: 49 00 4c 00 0d 00 0a 00   I.L.....
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #14 on: November 09, 2008, 06:02:12 PM »
Silly me, I forgot there was a Copy button right above the description
Oh well

Anyways, It was showing mulitple application errors
One being Windows defender

I asked earlier, can you let me know the following

Does your copy of Avira Premium include AnitSpyware protection?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #15 on: November 09, 2008, 06:10:14 PM »
I think so.not sure. i use it as a virus scanner
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #16 on: November 09, 2008, 06:22:20 PM »
Well, Let's see if we can track down the problem
I assume you didn't pay for any of the next software

For sure not Windows Defender or Spybot

So can you do the following
Leave SpywareBlaster installed, it shouldn't be the cause of any problems as it doesn't run in the background

I need you to disable the spyware protections running on your computer right now

SPYWARE DOCTOR

    * Click the Spyware Doctor icon in the System Tray.
    * Click Settings.
    * Click Startup Settings under Pick a Category.
    * Uncheck "Run at Windows startup".
    * Click Apply
    * From within Spyware Doctor, click the "OnGuard" button on the left side.
    * Uncheck "Activate OnGuard".
Exit Spyware Doctor

Windows Defender
Open Windows Defender from Start>>All Programs
Click on Tools,>>>> General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Spybot
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Access your Add and Remove Programs and first uninstall Windows Defender
After you uninstall it, restart your computer

Then go uninstall Spybot
Reboot your computer again

Then uninstall Spyware Doctor, again reboot, let me know if you still get the error message on startup

Also. Can you post a fresh Hijackthis log after doing the above
« Last Edit: November 09, 2008, 06:26:35 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #17 on: November 09, 2008, 06:58:54 PM »
i did everything you said but when i  i tried to the delete the first program,i didn't see anything there.

http://i3.photobucket.com/albums/y55/aluca.../noprograms.jpg
« Last Edit: November 09, 2008, 07:01:03 PM by alucard19 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SPYWARE,HELP!
« Reply #18 on: November 09, 2008, 07:10:19 PM »
Exit Add and REmove Programs and close the Windows Control panel

Go to START>>RUN
Copy and Paste the next command:

REGSVR32 APPWIZ.CPL

Click OK
Ensure there is a single space after REGSVR32 >>before APPWIZ.CPL

Try Add and Remove Programs again
You may have to reboot to take effect
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline alucard19

  • Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
    • View Profile
SPYWARE,HELP!
« Reply #19 on: November 09, 2008, 07:34:43 PM »
diidn't work. I guess i'll just reformat my hard drive.

Thanks for taking your time and trying to help.
Logged
Pages: [1] 2
« previous next »