• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
darksword005

infected computer

11 posts in this topic

Yea its been running really slow lately, as well as having big warning signs like ad-aware not being able to update, and some virus redirecting my google searches which is becoming increasingly annoying. Here is the log, and thank you ahead of time for whoever comes to my rescue.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:31:45 PM, on 7/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\avicodecpl.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Jay\My Documents\RCA EasyRip\EZDock.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154144421312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154144401906

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{01857F4E-DBB7-4D33-9A5A-3022C6728790}: NameServer = 85.255.112.63,85.255.112.87

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.63,85.255.112.87

O17 - HKLM\System\CS1\Services\Tcpip\..\{01857F4E-DBB7-4D33-9A5A-3022C6728790}: NameServer = 85.255.112.63,85.255.112.87

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.63,85.255.112.87

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8473 bytes

Share this post


Link to post
Share on other sites

Hi crono,

 

You seem to have P2P file sharing program(s) running there. It's recommended to uninstall such software. If you don't want to follow suggestion then you still have to keep all P2P software disabled during whole cleaning operation.

 

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Share this post


Link to post
Share on other sites

thank you very much for responding, here are the logs

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Jay at 15:03:43.64 on Tue 07/14/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.416 [GMT -5:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Jay\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File

BHO: CDNSCacheObj Object: {376892ae-1825-4e5f-9f85-23f9640051cc} - c:\windows\avicodecpl.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Easy Dock] c:\documents and settings\jay\my documents\rca easyrip\EZDock.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154144421312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154144401906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 85.255.112.63,85.255.112.87

TCP: {01857F4E-DBB7-4D33-9A5A-3022C6728790} = 85.255.112.63,85.255.112.87

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

 

=============== Created Last 30 ================

 

2009-07-13 22:30 <DIR> --d----- c:\program files\Trend Micro

2009-07-13 22:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

 

==================== Find3M ====================

 

2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-07-03 09:49 15,688 a------- c:\windows\system32\lsdelete.exe

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2008-05-04 23:16 22,544 a------- c:\docume~1\jay\applic~1\GDIPFONTCACHEV1.DAT

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

 

============= FINISH: 15:04:21.82 ===============

Attach.rar

Share this post


Link to post
Share on other sites

Hi,

 

DNA Bittorrent is still running there. If you don't know how to disable it then please uninstall it temporarily (BitTorrent & DNA entries in add/remove programs list).

 

Also, please use zip format if you attach archive files to your posts. Rar format is not openable in Windows without use of 3rd party programs.

 

Please post a fresh dds log after you have disabled/uninstalled P2P file sharing programs. Attach also attach.txt file.

Share this post


Link to post
Share on other sites

ok i uninstalled bittorrent

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Jay at 13:09:56.48 on Thu 07/16/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.446 [GMT -5:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Jay\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File

BHO: CDNSCacheObj Object: {376892ae-1825-4e5f-9f85-23f9640051cc} - c:\windows\avicodecpl.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Easy Dock] c:\documents and settings\jay\my documents\rca easyrip\EZDock.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154144421312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154144401906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 85.255.112.63,85.255.112.87

TCP: {01857F4E-DBB7-4D33-9A5A-3022C6728790} = 85.255.112.63,85.255.112.87

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

 

=============== Created Last 30 ================

 

2009-07-13 22:30 <DIR> --d----- c:\program files\Trend Micro

2009-07-13 22:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

 

==================== Find3M ====================

 

2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-07-03 09:49 15,688 a------- c:\windows\system32\lsdelete.exe

2009-06-10 23:03 142,934 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2008-05-04 23:16 22,544 a------- c:\docume~1\jay\applic~1\GDIPFONTCACHEV1.DAT

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

 

============= FINISH: 13:10:56.14 ===============

 

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-06-26.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/28/2006 2:23:46 PM

System Uptime: 7/16/2009 9:10:05 AM (4 hours ago)

 

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series

Processor: Intel® Celeron® CPU 2.93GHz | Socket 478 | 2933/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 37 GiB total, 10.428 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP700: 3/14/2009 3:08:56 AM - System Checkpoint

RP701: 3/15/2009 4:15:04 AM - System Checkpoint

RP702: 3/16/2009 4:15:10 AM - System Checkpoint

RP703: 3/17/2009 5:00:20 AM - Software Distribution Service 3.0

RP704: 3/18/2009 5:15:11 AM - System Checkpoint

RP705: 3/19/2009 6:15:14 AM - System Checkpoint

RP706: 3/20/2009 7:35:21 AM - System Checkpoint

RP707: 3/21/2009 8:15:10 AM - System Checkpoint

RP708: 3/22/2009 8:16:18 AM - System Checkpoint

RP709: 3/23/2009 8:28:16 AM - System Checkpoint

RP710: 3/25/2009 3:03:31 PM - System Checkpoint

RP711: 3/26/2009 3:15:13 PM - System Checkpoint

RP712: 3/27/2009 4:27:14 PM - System Checkpoint

RP713: 3/28/2009 5:15:13 PM - System Checkpoint

RP714: 3/29/2009 5:55:35 PM - System Checkpoint

RP715: 3/30/2009 6:15:43 PM - System Checkpoint

RP716: 3/31/2009 7:15:43 PM - System Checkpoint

RP717: 4/1/2009 8:15:41 PM - System Checkpoint

RP718: 4/3/2009 12:05:59 AM - System Checkpoint

RP719: 4/3/2009 1:01:06 AM - Installed iTunes

RP720: 4/4/2009 1:08:45 AM - System Checkpoint

RP721: 4/5/2009 1:21:16 AM - System Checkpoint

RP722: 4/6/2009 2:08:43 AM - System Checkpoint

RP723: 4/7/2009 3:08:46 AM - System Checkpoint

RP724: 4/8/2009 4:08:44 AM - System Checkpoint

RP725: 4/9/2009 5:08:45 AM - System Checkpoint

RP726: 4/10/2009 7:06:07 AM - System Checkpoint

RP727: 4/11/2009 7:09:50 AM - System Checkpoint

RP728: 4/12/2009 3:43:36 PM - System Checkpoint

RP729: 4/14/2009 1:27:40 AM - System Checkpoint

RP730: 4/15/2009 1:56:52 AM - System Checkpoint

RP731: 4/16/2009 2:20:22 AM - System Checkpoint

RP732: 4/17/2009 3:20:19 AM - System Checkpoint

RP733: 4/18/2009 4:20:21 AM - System Checkpoint

RP734: 4/19/2009 5:20:21 AM - System Checkpoint

RP735: 4/20/2009 7:32:09 AM - System Checkpoint

RP736: 4/21/2009 5:00:26 AM - Software Distribution Service 3.0

RP737: 4/22/2009 12:30:54 AM - Installed Java 6 Update 13

RP738: 4/23/2009 1:18:00 AM - System Checkpoint

RP739: 4/24/2009 2:16:55 AM - System Checkpoint

RP740: 4/25/2009 9:24:22 AM - System Checkpoint

RP741: 4/26/2009 11:16:51 AM - System Checkpoint

RP742: 5/10/2009 2:59:31 PM - System Checkpoint

RP743: 5/11/2009 3:57:52 PM - System Checkpoint

RP744: 5/12/2009 4:32:21 PM - System Checkpoint

RP745: 5/13/2009 5:32:22 PM - System Checkpoint

RP746: 5/18/2009 2:37:09 AM - Removed iTunes

RP747: 5/18/2009 2:56:49 AM - Software Distribution Service 3.0

RP748: 5/18/2009 3:00:42 AM - Removed Microsoft Silverlight

RP749: 5/18/2009 3:06:34 AM - Removed Apple Mobile Device Support

RP750: 5/18/2009 3:08:35 AM - Removed Apple Software Update

RP751: 5/18/2009 3:09:27 AM - Removed Ventrilo Client

RP752: 5/18/2009 3:27:52 AM - Removed Ad-Aware

RP753: 5/18/2009 3:30:46 AM - Removed AVG 7.5

RP754: 5/18/2009 3:31:51 AM - Installed AVG 7.5

RP755: 5/19/2009 3:58:36 AM - System Checkpoint

 

==== Installed Programs ======================

 

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player

Adobe® Photoshop® Album Starter Edition 3.2

Agere Systems PCI Soft Modem

AIM 6

Alarm 2.0.4

Ares 2.1.1

Audacity 1.2.6

AutoUpdate

AVI Movie Player

Bonjour

Critical Update for Windows Media Player 11 (KB959772)

DivX Codec

DivX Converter

DivX Player

DivX Web Player

ERUNT 1.1j

FlashGet(JetCar)

Futuremark Measurement Services Client

Google Earth

Google Toolbar for Firefox

Google Updater

Haali Media Splitter

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Intel® Extreme Graphics Driver

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 3

J2SE Runtime Environment 5.0 Update 8

Java DB 10.3.1.4

Java 6 Update 14

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Development Kit 6 Update 5

Java SE Runtime Environment 6 Update 1

LCP 5.04

Lexmark Z600 Series

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft LifeChat

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Mozilla Firefox (3.0.11)

MSN Music Assistant

MSXML 6 Service Pack 2 (KB954459)

PSP Toolkit 1.1

QuickTime

Realtek AC'97 Audio

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

SUPERAntiSpyware Free Edition

TI Connect 1.6

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VC80CRTRedist - 8.0.50727.762

VideoLAN VLC media player 0.8.6a

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

 

==== Event Viewer Messages From Past Week ========

 

7/13/2009 10:22:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

7/13/2009 10:12:47 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Well, it's still there. Delete c:\program files\dna folder and re-run DDS. Post back its report. If the torrent thing is still running then you'll have to either a) accept the thing that it gets deleted during the cleaning process or b ) give up on this since I won't help with P2P running background and possible downloading more crap while we attempt to get the old one off.

Share this post


Link to post
Share on other sites

ok sorry i didnt realized dna and bittorrent were seperate things to be deleted

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Jay at 10:27:58.39 on Fri 07/17/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.423 [GMT -5:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Jay\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File

BHO: {376892AE-1825-4E5F-9F85-23F9640051CC} - No File

BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154144421312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154144401906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 85.255.112.63,85.255.112.87

TCP: {01857F4E-DBB7-4D33-9A5A-3022C6728790} = 85.255.112.63,85.255.112.87

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

 

=============== Created Last 30 ================

 

2009-07-16 13:18 <DIR> --d----- c:\program files\CCleaner

2009-07-13 22:30 <DIR> --d----- c:\program files\Trend Micro

2009-07-13 22:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

 

==================== Find3M ====================

 

2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-07-03 09:49 15,688 a------- c:\windows\system32\lsdelete.exe

2009-06-10 23:03 142,934 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2008-05-04 23:16 22,544 a------- c:\docume~1\jay\applic~1\GDIPFONTCACHEV1.DAT

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

 

============= FINISH: 10:28:58.93 ===============

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-06-26.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/28/2006 2:23:46 PM

System Uptime: 7/16/2009 9:10:05 AM (25 hours ago)

 

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series

Processor: Intel® Celeron® CPU 2.93GHz | Socket 478 | 2933/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 37 GiB total, 12.381 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP700: 3/14/2009 3:08:56 AM - System Checkpoint

RP701: 3/15/2009 4:15:04 AM - System Checkpoint

RP702: 3/16/2009 4:15:10 AM - System Checkpoint

RP703: 3/17/2009 5:00:20 AM - Software Distribution Service 3.0

RP704: 3/18/2009 5:15:11 AM - System Checkpoint

RP705: 3/19/2009 6:15:14 AM - System Checkpoint

RP706: 3/20/2009 7:35:21 AM - System Checkpoint

RP707: 3/21/2009 8:15:10 AM - System Checkpoint

RP708: 3/22/2009 8:16:18 AM - System Checkpoint

RP709: 3/23/2009 8:28:16 AM - System Checkpoint

RP710: 3/25/2009 3:03:31 PM - System Checkpoint

RP711: 3/26/2009 3:15:13 PM - System Checkpoint

RP712: 3/27/2009 4:27:14 PM - System Checkpoint

RP713: 3/28/2009 5:15:13 PM - System Checkpoint

RP714: 3/29/2009 5:55:35 PM - System Checkpoint

RP715: 3/30/2009 6:15:43 PM - System Checkpoint

RP716: 3/31/2009 7:15:43 PM - System Checkpoint

RP717: 4/1/2009 8:15:41 PM - System Checkpoint

RP718: 4/3/2009 12:05:59 AM - System Checkpoint

RP719: 4/3/2009 1:01:06 AM - Installed iTunes

RP720: 4/4/2009 1:08:45 AM - System Checkpoint

RP721: 4/5/2009 1:21:16 AM - System Checkpoint

RP722: 4/6/2009 2:08:43 AM - System Checkpoint

RP723: 4/7/2009 3:08:46 AM - System Checkpoint

RP724: 4/8/2009 4:08:44 AM - System Checkpoint

RP725: 4/9/2009 5:08:45 AM - System Checkpoint

RP726: 4/10/2009 7:06:07 AM - System Checkpoint

RP727: 4/11/2009 7:09:50 AM - System Checkpoint

RP728: 4/12/2009 3:43:36 PM - System Checkpoint

RP729: 4/14/2009 1:27:40 AM - System Checkpoint

RP730: 4/15/2009 1:56:52 AM - System Checkpoint

RP731: 4/16/2009 2:20:22 AM - System Checkpoint

RP732: 4/17/2009 3:20:19 AM - System Checkpoint

RP733: 4/18/2009 4:20:21 AM - System Checkpoint

RP734: 4/19/2009 5:20:21 AM - System Checkpoint

RP735: 4/20/2009 7:32:09 AM - System Checkpoint

RP736: 4/21/2009 5:00:26 AM - Software Distribution Service 3.0

RP737: 4/22/2009 12:30:54 AM - Installed Java 6 Update 13

RP738: 4/23/2009 1:18:00 AM - System Checkpoint

RP739: 4/24/2009 2:16:55 AM - System Checkpoint

RP740: 4/25/2009 9:24:22 AM - System Checkpoint

RP741: 4/26/2009 11:16:51 AM - System Checkpoint

RP742: 5/10/2009 2:59:31 PM - System Checkpoint

RP743: 5/11/2009 3:57:52 PM - System Checkpoint

RP744: 5/12/2009 4:32:21 PM - System Checkpoint

RP745: 5/13/2009 5:32:22 PM - System Checkpoint

RP746: 5/18/2009 2:37:09 AM - Removed iTunes

RP747: 5/18/2009 2:56:49 AM - Software Distribution Service 3.0

RP748: 5/18/2009 3:00:42 AM - Removed Microsoft Silverlight

RP749: 5/18/2009 3:06:34 AM - Removed Apple Mobile Device Support

RP750: 5/18/2009 3:08:35 AM - Removed Apple Software Update

RP751: 5/18/2009 3:09:27 AM - Removed Ventrilo Client

RP752: 5/18/2009 3:27:52 AM - Removed Ad-Aware

RP753: 5/18/2009 3:30:46 AM - Removed AVG 7.5

RP754: 5/18/2009 3:31:51 AM - Installed AVG 7.5

RP755: 5/19/2009 3:58:36 AM - System Checkpoint

 

==== Installed Programs ======================

 

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player

Adobe® Photoshop® Album Starter Edition 3.2

Agere Systems PCI Soft Modem

AIM 6

Alarm 2.0.4

Ares 2.1.1

Audacity 1.2.6

AutoUpdate

AVI Movie Player

Bonjour

CCleaner (remove only)

Critical Update for Windows Media Player 11 (KB959772)

DivX Codec

DivX Converter

DivX Player

DivX Web Player

ERUNT 1.1j

FlashGet(JetCar)

Futuremark Measurement Services Client

Google Earth

Google Toolbar for Firefox

Google Updater

Haali Media Splitter

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Intel® Extreme Graphics Driver

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 3

J2SE Runtime Environment 5.0 Update 8

Java DB 10.3.1.4

Java 6 Update 14

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Development Kit 6 Update 5

Java SE Runtime Environment 6 Update 1

LCP 5.04

Lexmark Z600 Series

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft LifeChat

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Mozilla Firefox (3.0.11)

MSN Music Assistant

MSXML 6 Service Pack 2 (KB954459)

PSP Toolkit 1.1

QuickTime

Realtek AC'97 Audio

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

SUPERAntiSpyware Free Edition

TI Connect 1.6

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VC80CRTRedist - 8.0.50727.762

VideoLAN VLC media player 0.8.6a

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

 

==== Event Viewer Messages From Past Week ========

 

7/13/2009 10:22:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

7/13/2009 10:12:47 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Ok. Let's try some cleaning next.

 

 

Please visit this webpage for download links, and instructions for running ComboFix tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Please ensure you read this guide carefully and install the Recovery Console first.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should see a blue screen prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
     
     
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

 

Please include the following reports for further review, and so we may continue cleansing the system:

 

C:\ComboFix.txt

New dds.txt log.

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Share this post


Link to post
Share on other sites

ComboFix 09-07-19.02 - Jay 07/19/2009 17:42.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.461 [GMT -5:00]

Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\drivers\gxvxcvhowbeexetyxvkyfwxmmxfmbaguxtgmq.sys

c:\windows\system32\gxvxccounter

c:\windows\system32\gxvxcrdlvrjesdglqbrsbfaswffymagxyyrjc.dll

c:\windows\system32\hipenvrm.ini

c:\windows\system32\vspvyftk.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_gxvxcserv.sys

 

 

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))

.

 

2009-07-16 18:18 . 2009-07-16 18:18 -------- d-----w- c:\program files\CCleaner

2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\program files\Trend Micro

2009-07-14 03:29 . 2009-07-14 03:29 -------- d-----w- c:\program files\ERUNT

2009-07-14 03:10 . 2009-07-14 03:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-14 03:10 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-19 07:22 . 2008-05-09 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-16 18:09 . 2006-10-01 15:15 -------- d-----w- c:\program files\BitTorrent

2009-07-03 14:49 . 2009-05-18 08:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-07-03 14:49 . 2009-05-18 09:00 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-07-01 03:21 . 2006-09-16 20:00 -------- d-----w- c:\documents and settings\Jay\Application Data\BitTorrent

2009-06-26 23:51 . 2008-07-11 15:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Apple Computer

2009-06-11 04:03 . 2009-07-16 02:29 142934 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2009-06-11 03:51 . 2006-08-18 16:33 -------- d-----w- c:\program files\Java

2009-06-11 03:50 . 2009-06-11 03:50 152576 ----a-w- c:\documents and settings\Jay\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-05-21 16:33 . 2008-12-10 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-18 08:40 . 2009-05-18 08:40 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe

2009-05-18 08:40 . 2009-05-18 08:40 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll

2009-05-18 08:40 . 2009-05-18 08:40 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll

2009-05-18 08:40 . 2009-05-18 08:40 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe

2009-05-18 08:40 . 2009-05-18 08:40 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll

2009-05-18 08:40 . 2009-05-18 08:40 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll

2009-05-18 08:40 . 2009-05-18 08:40 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll

2009-05-18 08:40 . 2009-05-18 08:40 1629024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll

2009-05-18 08:40 . 2009-05-18 08:40 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll

2009-05-18 08:40 . 2009-05-18 08:40 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll

2009-05-18 08:40 . 2009-05-18 08:40 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys

2009-05-18 08:40 . 2009-05-18 08:40 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll

2009-05-18 08:39 . 2009-05-18 08:39 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2009-05-18 08:39 . 2009-05-18 08:39 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2009-05-18 08:39 . 2009-05-18 08:39 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2009-05-18 08:39 . 2009-05-18 08:39 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe

2009-05-18 08:39 . 2009-05-18 08:39 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2009-05-18 08:39 . 2009-05-18 08:39 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2009-04-22 05:27 . 2009-04-22 05:27 152576 ----a-w- c:\documents and settings\Jay\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-07-01 21:05 . 2008-07-15 22:33 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-05 1506544]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 259440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

 

c:\documents and settings\Jay\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/18/2009 3:40 AM 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

 

2009-07-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-09 08:42]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Aim6 - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm

IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-19 17:49

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4f68e957-a78b-4e29-b9f8-3c1cd947606b}]

@Denied: (Full) (Everyone)

"Model"=dword:00000164

"Therad"=dword:0000002d

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ab,9e,50,1b,eb,77,d1,ab,b5,66,4a,d0,23,02,d0,61,75,31,85,e2,32,10,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):c5,f9,db,6c,65,25,16,b8,b1,2a,1a,70,cb,1c,f6,43,b7,3c,29,4e,1e,

dd,38,17,5b,83,49,95,5e,d2,7a,af,61,e9,40,db,c2,4a,9a,cb,00,00,00,00,00,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(520)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2009-07-19 17:52

ComboFix-quarantined-files.txt 2009-07-19 22:51

ComboFix2.txt 2007-11-09 22:15

 

Pre-Run: 13,183,754,240 bytes free

Post-Run: 13,165,420,544 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

170 --- E O F --- 2009-05-18 08:00

 

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Jay at 17:55:34.56 on Sun 07/19/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.465 [GMT -5:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Jay\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154144421312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154144401906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

 

=============== Created Last 30 ================

 

2009-07-19 17:50 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-07-19 17:37 <DIR> a-dshr-- C:\cmdcons

2009-07-19 17:32 219,648 a------- c:\windows\PEV.exe

2009-07-19 17:32 161,792 a------- c:\windows\SWREG.exe

2009-07-19 17:32 98,816 a------- c:\windows\sed.exe

2009-07-16 13:18 <DIR> --d----- c:\program files\CCleaner

2009-07-13 22:30 <DIR> --d----- c:\program files\Trend Micro

2009-07-13 22:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

 

==================== Find3M ====================

 

2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-07-03 09:49 15,688 a------- c:\windows\system32\lsdelete.exe

2009-06-10 23:03 142,934 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2008-05-04 23:16 22,544 a------- c:\docume~1\jay\applic~1\GDIPFONTCACHEV1.DAT

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

 

============= FINISH: 17:55:57.26 ===============

 

i didn't know if you need this log too but ill go ahead and throw it in

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Jay at 17:55:34.56 on Sun 07/19/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.465 [GMT -5:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Jay\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/ig?hl=en

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\jay\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154144421312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154144401906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\lkp8aczo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

 

=============== Created Last 30 ================

 

2009-07-19 17:50 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-07-19 17:37 <DIR> a-dshr-- C:\cmdcons

2009-07-19 17:32 219,648 a------- c:\windows\PEV.exe

2009-07-19 17:32 161,792 a------- c:\windows\SWREG.exe

2009-07-19 17:32 98,816 a------- c:\windows\sed.exe

2009-07-16 13:18 <DIR> --d----- c:\program files\CCleaner

2009-07-13 22:30 <DIR> --d----- c:\program files\Trend Micro

2009-07-13 22:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

 

==================== Find3M ====================

 

2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-07-03 09:49 15,688 a------- c:\windows\system32\lsdelete.exe

2009-06-10 23:03 142,934 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2008-05-04 23:16 22,544 a------- c:\docume~1\jay\applic~1\GDIPFONTCACHEV1.DAT

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

2008-12-06 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

 

============= FINISH: 17:55:57.26 ===============

Share this post


Link to post
Share on other sites

Hi again,

 

Open notepad and copy/paste the text in the quotebox below into it:

 

 

DDS::mStart Page = about:blankBHO: {53707962-6F74-2D53-2644-206D7942484F} - No FileBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileRegLock::[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4f68e957-a78b-4e29-b9f8-3c1cd947606b}][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

 

 

 

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

CFScriptB-4.gif

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

 

 

Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
     
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

 

 

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

 

 

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0