1.

Solve : Spyware & Viruses, Trying to clean out, Can you help please. :-)?

Answer»

My apology for not providing all of the scan results that I should have included with my first post as requested by your forum. This is what has been going on with this computer....
I have some folders in the startup menu that I can not rid of. One is ad rundll32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and the other is NvCpl RUNDLL32.exe"C\Win Hklm\Software\Microsoft\Windows\Current Ver and keep getting the small Dll pop up windows here and there with the top of the window saying RUNDLL with an option to click ok. I never click on the ok but will end it with the task mananger. I have already run Malwarebytes and downloaded a 30 day trial of Kaspersky. Ran a new scan with Malwarebytes yesterday with no findings as well as Kaspersky. Allot has been cleaned out so far with both programs but these files still remain causing the rundll pop ups. Here are the results from my Hijack log, super anti spyware as well as a new Hijack log. Your help would be greatly appreciated. I already do see these two items in the Hijack Report (04 section) but am not sure if there is anything else within this log that needs to be fixed. Your help would be soooo appreciated. I need to get this computer back to the owner. (Helping a friend is all)

 SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2008 at 05:28 PM

Application Version : 4.21.1004

Core Rules Database Version : 3609
Trace Rules Database Version: 1595

Scan type       : Complete Scan
Total Scan Time : 01:21:40

Memory items scanned      : 402
Memory threats detected   : 0
Registry items scanned    : 5539
Registry threats detected : 4
File items scanned        : 114235
File threats detected     : 111

Adware.Tracking Cookie
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][3].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt

Unclassified.Unknown Origin
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\ntos.exe ]

Rootkit.Unclassified/SysDamp-Traces
   HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
   HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved

Adware.ClickSpring/Yazzle
   C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-01D813FF.PF

Trojan.Fake-Drop/Gen
   C:\WINDOWS\TEMP\SALM.EXE


Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

10/26/2008 3:17:53 PM
mbam-log-2008-10-26 (15-17-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 156431
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijack log to follow in next post.... If included in this post it exceeds 20000 charaters.

Thank you in ADVANCE.   

Hijack Log....

Logfile of Trend Micro HijackThis v2.0.2
Scan SAVED at 10:07:05 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [cdcb6378] rundll32.exe "C:\WINDOWS\ad.dll",e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [[system]]  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]]  (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: ADD to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7401 bytesOnce we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {33B78DC8-D66F-D1D4-BA4E-C7D46429A466} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [[system]] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] (User 'Default user')

O20 - Winlogon Notify: dddaebdedeeaa - C:\WINDOWS\system32\dddaebdedeeaa.dll (file missing)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis.

Go to Start > Settings > Control Panel > Add/REMOVE Programs and remove the following (if present)...

AskBar or Ask.com Toolbar

Please note any other programs that you dont recognize in that list in your next response.

Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here along with a new HijackThis logNote: Don't click on the window while it's running; this may cause stalls.


Discussion

No Comment Found

Related InterviewSolutions