-
S&D cannot be deleted. S&D and IE exe cannot be launched
Hello,
My Net Nanny software started acting funny by not letting any browser window I opened to be able to connect to the internet. I tried to run my Avast AV software but it would hang on a scan. I tied to run S&D but it would not launch. I worked with Net Nanny to uninstall and reinstall and I was able to connect to the internet. (BTW, I do not think Net Nanny is doing what it should be doing though because it is not asking me to log into it to get to an internet page.) Perhaps I should just unstall NN for now...?
Anyway, once I was able to get back to the internet, I downloaded a new version of Avast AV but it still hangs up on a scan. I have uninstalled it.
Now my recollection gets fuzzy. I think I tried to uninstall S&D (& Tea Timer). I think S&D was in Add/Remove programs but TT was not. I downloaded a new S&D file and tried to install. It had a lot of warnings about write protection and I selected the option to remove the write protection each time. That worked for most files but not for the S&D nor TT .exe files.
I found the post that talked about manual deletion from the "all users" folder and the programs folder and tried that and was able to delete all except the S&D & TT .exe files.
I then tried another install. I did not get the warning about the write protect for the other files (since there were deleted) but I still got it for the S&D & TT files. I told it to ignore so that it would fininsh the install.
I launched S&D after the install but frankly, I cannot recall for sure just what it did. I think it hung and I cannot recall how I closed out from it (whether it let me cancel or I had to do something more forceful).
Now when I try to launch S&D, It tells me
QUOTE
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
END QUOTE
Note: I am running XP (SP3) and I am logged in as the admin so I know it is not a true auth/permissions problem.
Note: As I said before, I was able to launch IE and get to the web but now when I launch IE (IE7) it is giving me the same error message as when I launch S&D.
I had found the posts that talks about sending in attach.txt and DDS.txt. I will include the dds text down below and attach the "attach" file.
I also found a post talking about running Root Analyzer. I ran the quick scan and it came up ok. I ran the deep scan and it flagged some stuff. I scanned what it flagged and nothing jumped out at me but I have not yet compared the entries like it advises.
I followed the steps in this post
http://forums.spybot.info/showthread.php?t=50194
which is why I am now making my own post.
I also read
http://forums.spybot.info/showthread.php?t=288
and have created the ERUNT registry dump.
Here below are the DDS.txt contents.
Note: I am probably being too cautious but I changed some text since this is a public forum. Namely:
maskedname is a corporate website that I saw no need to post.
myxpid~ is masking my xp admin account ID
[my admin id] is also macking my xp admin ID
Thanks for your help.
DDS (Ver_10-12-12.02) - NTFSx86
Run by [my admin id] at 18:46:11.03 on 12/28/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -6:00]
============== Running Processes ===============
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\[my admin id]\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\imapi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\[my admin id]\Local Settings\Temporary Internet Files\Content.IE5\KX5LHTQ3\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\clearp~1.lnk - c:\program files\clearplay\clearplay easy updates\ClearPlayEasyUpdates.exe
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\forget~1.lnk - c:\program files\mindscape\agspirit\PMREMIND.EXE
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\myxpid~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\[my admin id]\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{6dc47739-3bb0-4494-a43d-193bf54070ae}\Icon3E5562ED7.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: ameren.com
Trusted Zone: maskedname.com
Trusted Zone: clearplay.com
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: VPNJava - hxxps://remote.maskedname.com/CACHE/stc/1/binaries/VPNJava.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://myportfolio.maskedname.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,626,1841
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\myxpid~1\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://remote.maskedname.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202682592866
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://myportfolio.maskedname.com/vdesk/terminal/vdeskctrl.cab#version=6030,2009,0622,1849
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://myportfolio.maskedname.com/vdesk/terminal/urxshost.cab#version=6030,2009,622,1847
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://myportfolio.maskedname.com/vdesk/terminal/urxhost.cab#version=6030,2009,622,1843
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-25 88176]
S1 ceaf;ceaf; [x]
S2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-12-28 2109440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-20 136176]
S3 pohci13F;pohci13F;\??\c:\docume~1\myxpid~1\locals~1\temp\pohci13f.sys --> c:\docume~1\myxpid~1\locals~1\temp\pohci13F.sys [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-2-13 11520]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
=============== Created Last 30 ================
2010-12-28 23:43:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-28 22:31:40 -------- d-----w- c:\program files\ContentWatch
2010-12-28 22:31:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\ContentWatch
2010-12-28 00:31:06 75264 ----a-w- c:\windows\system32\dcaf.sys
2010-12-28 00:28:43 75264 ----a-w- c:\windows\system32\ceaf.sys
2010-12-25 20:17:57 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 20:17:57 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 20:16:42 -------- d-----w- c:\program files\iPod
2010-12-25 20:16:22 -------- d-----w- c:\program files\iTunes
2010-12-25 20:16:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-25 20:14:06 -------- d-----w- c:\docume~1\myxpid~1\locals~1\applic~1\Apple
2010-12-25 20:13:07 -------- d-----w- c:\program files\Bonjour
2010-12-25 20:10:09 -------- d-----w- c:\docume~1\myxpid~1\locals~1\applic~1\Apple Computer
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2010-12-15 20:37:04 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2010-12-15 20:36:56 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2010-12-15 20:34:40 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2010-12-15 20:30:44 151552 ----a-w- c:\windows\system32\libexpat.dll
2010-12-15 04:09:50 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-12-15 04:09:50 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-11-28 01:52:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
============= FINISH: 18:47:20.00 ===============
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Sorry you had to wait, we get very busy most times.
If you read this you can see we just fix home computers, we do not work on corporate ones.
http://forums.spybot.info/showthread.php?t=27710
The intention of this forum is not to replace a company's IT department, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.
The majority of the tools used in this forum are only free for Home Users and only tested on Home machines, they may well change settings that are required for a Company network. Another consideration is that company information may show in the logs.
More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.
To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected, immediately.
It's not that we don't want to help, but there are too many issues that could arise from a networked company machine that malware forum volunteers are not experienced in dealing with.
Thank you for your understanding.
-
But this IS a home computer so please look into the problem
Hi,
Sorry if I confused you on my original post. This IS a home computer that is having the problem.
From time to time, when something blows up at work, I VPN into my work computer to fix the problem but this virus issue is on my home computer, not my work computer.
Since I do not know what all is included in the DSS and Attrach files, I thought it best to mask my work name so that someone could not take info form the Attach or DDS files and cause some mischief.
Please take a look into this virus problem that I am having.
Thanks
-
I need to see the entire log , nothing masked so I can determine whats going on with your system
OTLby OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
OLT got hit by the virus too
Hi,
I followed your instructions for downloading and running OLT. When I clicked the Run Scan button, the screen just closed. I assumed it was just running "behind the scenes" and waited 5 minutes. When nothing happened, I looked for c:\otl and it did not exist. I looked in task manager and did not see an otl entry. I tried launching the application again but nothing happened. I rebooted and tried launching and now I get the same error message for otl that I get for SpyBotSD. That is,
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
I therefore regenerated the DDS and Attach files (with no masking this time) hoping that they can be of help. The DDS text follows and the Attached file is Attached.
Thanks & Regards
DDS (Ver_10-12-12.02) - NTFSx86
Run by Paul Brown at 6:03:03.81 on 01/03/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.505 [GMT -6:00]
============== Running Processes ===============
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Paul Brown\My Documents\RCA Detective\RCADetective.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Z-SOFT~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\Paul Brown\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\clearp~1.lnk - c:\program files\clearplay\clearplay easy updates\ClearPlayEasyUpdates.exe
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\forget~1.lnk - c:\program files\mindscape\agspirit\PMREMIND.EXE
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\paulbr~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\paul brown\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{6dc47739-3bb0-4494-a43d-193bf54070ae}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\z-software-for-installs\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: ameren.com
Trusted Zone: brownshoe.com
Trusted Zone: clearplay.com
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: VPNJava - hxxps://remote.brownshoe.com/CACHE/stc/1/binaries/VPNJava.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,626,1841
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\paulbr~1\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://remote.brownshoe.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202682592866
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/vdeskctrl.cab#version=6030,2009,0622,1849
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/urxshost.cab#version=6030,2009,622,1847
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/urxhost.cab#version=6030,2009,622,1843
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-25 88176]
S1 ceaf;ceaf; [x]
S2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-12-28 2109440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-20 136176]
S3 pohci13F;pohci13F;\??\c:\docume~1\paulbr~1\locals~1\temp\pohci13f.sys --> c:\docume~1\paulbr~1\locals~1\temp\pohci13F.sys [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-2-13 11520]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
=============== Created Last 30 ================
2010-12-28 23:43:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-28 22:31:40 -------- d-----w- c:\program files\ContentWatch
2010-12-28 22:31:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\ContentWatch
2010-12-28 00:31:06 75264 ----a-w- c:\windows\system32\dcaf.sys
2010-12-28 00:28:43 75264 ----a-w- c:\windows\system32\ceaf.sys
2010-12-25 20:17:57 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 20:17:57 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 20:16:42 -------- d-----w- c:\program files\iPod
2010-12-25 20:16:22 -------- d-----w- c:\program files\iTunes
2010-12-25 20:16:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-25 20:15:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-25 20:14:06 -------- d-----w- c:\docume~1\paulbr~1\locals~1\applic~1\Apple
2010-12-25 20:13:07 -------- d-----w- c:\program files\Bonjour
2010-12-25 20:10:09 -------- d-----w- c:\docume~1\paulbr~1\locals~1\applic~1\Apple Computer
==================== Find3M ====================
2010-12-15 20:37:04 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2010-12-15 20:36:56 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2010-12-15 20:34:40 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2010-12-15 20:30:44 151552 ----a-w- c:\windows\system32\libexpat.dll
2010-12-15 04:09:50 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-12-15 04:09:50 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 01:52:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
============= FINISH: 6:04:11.96 ===============
-
First go to Add Remove Programs in the control panel and uninstall Spybot and thenSee if you can run this program
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Last edited by ken545; 2011-01-04 at 13:17.
-
Still having trouble
The Virus whacked this scanner program also. That is, I uninstalled SB S&D per your instructions, then downloaded, installed and ran the new scanner that you pointed me to. It started to run and then the screen closed. I tried to launch the program again and got this
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
-
Run this quick program , do not reboot when its done and then give Malwarebytes another run
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
-
Still a problem after exehelper
Hi,
I tried exehelper. Here is the log
exeHelper by Raktor
Build 20100414
Run at 20:59:11 on 01/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
I did not reboot.
I tried to run the Malwarebytes program but got
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
I relaunched the install (mbam-setup-1.50.1.1100.exe) to do an over-the-top install, executed the program but got the same results. That is, It started to run and then the screen closed.
-
Lets try this one instead
Please download SuperAntiSpyware Free
Install the program
- Run SuperAntiSpyware and click: Check for updates
- Once the update is finished, on the main screen, click: Scan your computer
- Check: Perform Complete Scan
- Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:- Click: Preferences
- Click the Statistics/Logs tab
- Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your next reply
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules