Results 1 to 5 of 5

Thread: zzz Folders ?

  1. #1
    Junior Member
    Join Date
    Nov 2011
    Posts
    6

    Default zzz Folders ?

    Hello, several of these zzz folders (as shown in the PDF attached) have appeared in one of my external drives ~not sure wher they came from or if they have contributed to my pc booting issues. My PC has been hangin & rebootin at random; at times, no way to even start up my pc as it will just hang while starting up.

    Many thanks in advance for advice!

    DDS log as requested:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Ethylis Liew at 18:38:53 on 2011-11-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2144 [GMT 8:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Vtune\TBPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Ethylis Liew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ethylis Liew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ethylis Liew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ethylis Liew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ethylis Liew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\ethylis liew\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [GEST]
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307185602140
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} - hxxp://www.arirang.co.kr/AlwaysTop.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{9F4BCEBA-32BB-451E-A46A-1708AFE55613} : DhcpNameServer = 192.168.1.254
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-25 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-4 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-4 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-4 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-4 44768]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2011-6-4 80392]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2152152]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-27 41272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-6-18 98560]
    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-6-18 14848]
    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-6-18 123648]
    S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2011-6-18 100352]
    .
    =============== Created Last 30 ================
    .
    2011-11-27 09:39:35 -------- d-----w- C:\_OTL
    2011-11-27 09:21:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-27 09:20:57 -------- d-----w- c:\documents and settings\ethylis liew\application data\Malwarebytes
    2011-11-27 09:20:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-27 09:20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-27 09:20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-11-21 11:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-11-21 11:40:09 -------- d-----w- c:\program files\iPod
    2011-10-30 04:40:15 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2011-10-30 04:40:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
    2011-10-30 04:40:15 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    .
    ==================== Find3M ====================
    .
    2011-11-27 09:45:54 16608 ----a-w- c:\windows\gdrv.sys
    2011-11-21 11:02:03 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 06:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 06:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 21:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-02 18:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-16 03:55:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-09-16 03:54:48 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-09-16 03:54:48 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-09-16 03:54:48 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-09-10 10:35:52 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-09-10 10:31:51 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-09-10 10:31:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-09-10 10:31:39 252316 -c--a-w- c:\windows\system32\nvdrsdb1.bin
    2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-30 15:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-30 15:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    ============= FINISH: 18:39:33.51 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi darkduskie,

    Welcome to Safer-Networking's Malware Removal forum.

    My nickname is mambass and I'll be helping you with any malware problems.

    Before we begin...please read and follow these important guidelines so things will proceed smoothly.

    1. If you haven't done so already, please read the topic BEFORE You POST where the conditions for receiving help here are explained.
    2. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    3. Please read all instructions carefully before executing them and perform the steps in the order given.
      lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
    4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
    5. You must have Administrator rights permissions for this computer.
    6. DO NOT run any other fix or removal tools unless instructed to do so!
    7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
    9. Only reply to this thread. Do not start another thread.
    10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
    11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
    12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
    13. The logs I request can take a while to research so please be patient.
    14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.
    Because of this I advise you to backup any personal files and folders before you start.

    How to back up or transfer your data on a Windows-based computer

    -----------------------------------------------------------

    I am currently reviewing your log and will return as soon as possible with additional instructions.

    Thanks,

    mambass
    Graduate of Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi darkduskie,

    Avast and Ad-Aware are installed. Both are legitimate antivirus products however only one antivirus product should be installed at any time. I'm providing instructions below to remove Ad-Aware.

    The zzz folders may be related to CCleaner. CCleaner is a legitimate program however I would like to remove it for now to see if that helps with your situation.

    Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

    1. Download the OTL Scanner
      Please download OTL by OldTimer and save it to your desktop.
      Find the icon on your Desktop so you'll know where to look later.
      Do not run the program yet.


    2. Remove Programs Using Control Panel
      From Start, Control Panel, double-click on Add or Remove Programs.
      Click the entry for Ad-Aware, then click the entry's Remove button.
      Click the entry for CCleaner, then click the entry's Remove button.
      Take extra care in answering questions posed by any Uninstaller.


    3. REBOOT (RESTART) Your Machine


    4. Check Hard Disk For Errors
      Press Start->Run, then type or copy/paste the following command into the box and press OK:
      Code:
      cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
      A blank command window will open on your desktop, then close in a few minutes. This is normal.
      A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.


    5. Run a Scan with OTL
      • Double click on the OTL icon on your Desktop to run it.
      • Check the boxes labeled :
        • Scan All Users
        • LOP check
        • Purity check
        • Extra Registry > Use SafeList
      • Make sure all other windows are closed to let it run uninterrupted.
      • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.

      When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
      The Extras.txt file will only appear the very first time you run OTL.
      Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The contents of checkhd.txt on your Desktop.
    3. The contents of the OTL.txt and Extras.txt logs.
    4. A description of how your computer is running and any Malware symptoms that are still present.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  4. #4
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi darkduskie,

    It's been 72 hours since I posted my instructions. I just wanted to remind you that, per Forum policy here, this thread may now be closed.

    Could you please let me know if you still need help and, if so, if you require additional time to perform the requested tasks?

    Thank you,

    mambass
    Graduate of Malware Removal University - You too could train to help others

  5. #5
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    This topic has been archived due to inactivity.

    If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.

    Edit
    http://forums.spybot.info/showthread...608#post417608
    Last edited by tashi; 2011-12-12 at 19:12. Reason: Added link to new topic

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •