| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83389 | 2007-09-30 05:16:00 | can't remove ddayy.dll | iguana (89) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 596393 | 2007-09-30 05:16:00 | Every time I reboot the computer my Spyware Guard program tells me that it wants to install a new BHO, namely ddayy.dll. If I tell it to remove the BHO it just tries again until I finally keep the BHO. ddayy.dll is in the c/windows/system32 folder. I can't delete the file. It tells me it is in use. I can't even delete it in safe mode, same message. I haven't been able to find anything on the net to tell me how to get rid of this file. Spybot finds it and says it is removing it but when I reboot, it pops up again. I thought I read somewhere how you can delete files that are in use. Any help would be appreciated. | iguana (89) | ||
| 596394 | 2007-09-30 05:30:00 | Try rogueremover in my sig. Or this (www.symantec.com) Or this (www.symantec.com) It maybe part of Vundo or Winfixer. Post a hijackthis log if u like I'll see whats in it. |
Speedy Gonzales (78) | ||
| 596395 | 2007-10-01 05:24:00 | I've tried 4 different programs that are supposed to delete un-deletable files. None of them work. I also tried doing it from a cmd prompt. That didn't work either. This .dll file seems to be part of several different running processes according to what one of the programs told me. Here's my HJT log for you to check out. Thanks Speedy. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:51 PM, on 9/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Netscape\Netscape\Netscp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enebraska.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "www.my.yahoo.com"); (C:\Documents and Settings\DENNIS\Application Data\Mozilla\Profiles\default\qsutuejo.slt\prefs.j s) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DENNIS\Application Data\Mozilla\Profiles\default\qsutuejo.slt\prefs.j s) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D184A3-9FA6-4B2C-99BA-DFAC21C96AC9}: NameServer = 12.36.202.7 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 6865 bytes |
iguana (89) | ||
| 596396 | 2007-10-01 05:47:00 | And did u download and run the files I posted? Run hijackthis again tick these entries and tick fix checked. Close browser/s. O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Hmm I cant see the hijackthis file in this log. Or this file you're talking about. If you're only using Adobe reader for opening PDF files, Foxit reader (http://www.foxitsoftware.com) is a good program, and smaller. Are you in NZ or the US? |
Speedy Gonzales (78) | ||
| 596397 | 2007-10-01 08:51:00 | Do you have both Norton and AVG AV's running? If you are or even if your only using one of them, I would suggest you get Avast AV and Comodo firewall as they would provide far superior protection with a smaller resource footprint. And they're free as well:) | beeswax34 (63) | ||
| 1 | |||||