Sign in to follow this  
onay32

Please Help with Malware

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:18:47 PM, on 3/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dss.ca.gov/cdss/"]http://www.dss.ca.gov/cdss/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Masters\Video\Intel\Graphics\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Masters\Video\Intel\Graphics\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Masters\Video\Intel\Graphics\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: SecureZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.dss.ca.gov/cdss/
O15 - Trusted Zone: [url="http://www.calaters.ca.gov"]http://www.calaters.ca.gov[/url]
O15 - Trusted Zone: *[email protected]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192479869385"]http://update.microsoft.com/microsoftupdat...b?1192479869385[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192479775362"]http://update.microsoft.com/microsoftupdat...b?1192479775362[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://www.popcap.com/webgames/popcaploader_v10.cab"]http://www.popcap.com/webgames/popcaploader_v10.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV
O17 - HKLM\Software\..\Telephony: DomainName = CDSS.DSS.CA.GOV
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CDSS.DSS.CA.GOV
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E0C43A9-5A48-4D31-BB80-727597F8D573}: NameServer = 162.2.32.2,162.2.111.49
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13173 bytes


Adaware Log

MSG [0228] 2010/03/02 13:45:14: Configure new scan with profile: smart
MSG [0228] 2010/03/02 13:45:14: -> scanning critical objects
MSG [0228] 2010/03/02 13:45:14: -> scanning running processes
MSG [0228] 2010/03/02 13:45:14: -> scanning registry
MSG [0228] 2010/03/02 13:45:14: -> scanning lsp
MSG [0228] 2010/03/02 13:45:14: -> scanning browser hijacks
MSG [0228] 2010/03/02 13:45:14: -> scanning cookies
MSG [0228] 2010/03/02 13:45:14: -> neutralizing rootkits
MSG [0228] 2010/03/02 13:45:14: -> use mild rootkit detection
MSG [0228] 2010/03/02 13:45:14: -> use spyware heuristics
MSG [0228] 2010/03/02 13:45:14: -> use medium heuristics
MSG [0228] 2010/03/02 13:45:14: -> scan only executables
MSG [0228] 2010/03/02 13:45:14: -> file size limit = 20480 kB (0 = unlimited)
ERR [0228] 2010/03/02 13:45:14: SDKController::GetInfectionList -> Not in found infections state
MSG [1316] 2010/03/02 13:48:34: Scan was completed in 198 seconds
MSG [1316] 2010/03/02 13:48:34: Objects processed: 24658, infections detected: 25
MSG [3512] 2010/03/02 13:48:35: Remediating 25 infections
MSG [3512] 2010/03/02 13:48:35: Infections quarantined: 0, removed: 25, repaired: 0
MSG [3512] 2010/03/02 13:48:35: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [0228] 2010/03/02 13:48:36: Dumping scan report:
>>> Logfile created: 3/2/2010 13:45:15
>>> Ad-Aware version: 8.2.0
>>> User performing scan: rusac
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.165
>>> Genotype definition file version: 2010/02/23 08:38:22
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 24658
>>> Objects detected: 25
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 25
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
>>> Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
>>> Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
>>> Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
>>> Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
>>> Description: *klo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408848 Family ID: 0
>>> Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
>>> Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
>>> Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
>>> Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
>>> Description: *klo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408848 Family ID: 0
>>> Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
>>> Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
>>> Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
>>> Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
>>> Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
>>> Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
>>> Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
>>> Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
>>> Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 198 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Smart Scan
>>> ID: folderstoscan, enabled:1, value:
>>> ID: useantivirus, enabled:1, value: true
>>> ID: sections, enabled:1
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: filescanningoptions, enabled:1
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
>>> ID: usespywareheuristics, enabled:1, value: true
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
>>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily1, enabled:1, value: Daily 1
>>> ID: time, enabled:1, value: Tue Feb 23 11:14:00 2010
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updatedaily2, enabled:1, value: Daily 2
>>> ID: time, enabled:1, value: Tue Feb 23 17:14:00 2010
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updatedaily3, enabled:1, value: Daily 3
>>> ID: time, enabled:1, value: Tue Feb 23 23:14:00 2010
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updatedaily4, enabled:1, value: Daily 4
>>> ID: time, enabled:1, value: Tue Feb 23 05:14:00 2010
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly1, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Tue Feb 23 11:14:00 2010
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: true
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: true
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: autoentertainmentmode, enabled:1, value: true
>>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: modules, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: onaccessprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:1, value: true
>>> ID: networkprotection, enabled:1, value: true
>>> ID: layers, enabled:1
>>> ID: useantivirus, enabled:1, value: true
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: AB5RUSAC01
>>> Processor name: Intel® Pentium® D CPU 3.00GHz
>>> Processor identifier: x86 Family 15 Model 6 Stepping 5
>>> Processor speed: ~2992MHZ
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1541, number of processors 2, processor features: [MMX,SSE,SSE2]
>>> Physical memory available: 135577600 bytes
>>> Physical memory total: 1047773184 bytes
>>> Virtual memory available: 1986736128 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 87%
>>> Microsoft Windows XP Professional Service Pack 2 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 592 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 648 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 672 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 724 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 736 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 936 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1008 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1104 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1156 name: C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1376 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1428 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1480 name: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1644 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1904 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2028 name: C:\WINDOWS\System32\SCardSvr.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 372 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 396 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1112 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1296 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1584 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1700 name: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1336 name: C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 528 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 624 name: C:\WINDOWS\system32\CCM\CcmExec.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1516 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2128 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2188 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2668 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3936 name: C:\WINDOWS\Explorer.EXE owner: rusac domain: CDSS
>>> PID: 3948 name: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe owner: rusac domain: CDSS
>>> PID: 1416 name: C:\WINDOWS\System32\DLA\DLACTRLW.EXE owner: rusac domain: CDSS
>>> PID: 1384 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: rusac domain: CDSS
>>> PID: 1948 name: C:\Program Files\Logitech\MouseWare\system\em_exec.exe owner: rusac domain: CDSS
>>> PID: 1260 name: C:\WINDOWS\RTHDCPL.EXE owner: rusac domain: CDSS
>>> PID: 3060 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: rusac domain: CDSS
>>> PID: 716 name: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe owner: rusac domain: CDSS
>>> PID: 3212 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: rusac domain: CDSS
>>> PID: 1952 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe owner: rusac domain: CDSS
>>> PID: 3464 name: C:\Program Files\iTunes\iTunesHelper.exe owner: rusac domain: CDSS
>>> PID: 3476 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: rusac domain: CDSS
>>> PID: 3660 name: C:\WINDOWS\system32\ctfmon.exe owner: rusac domain: CDSS
>>> PID: 2284 name: C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe owner: rusac domain: CDSS
>>> PID: 2296 name: C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe owner: rusac domain: CDSS
>>> PID: 3292 name: C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3792 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3976 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: rusac domain: CDSS
>>> PID: 3452 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: rusac domain: CDSS
>>> PID: 3120 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: rusac domain: CDSS
>>> PID: 540 name: C:\Program Files\Java\jre6\bin\jucheck.exe owner: rusac domain: CDSS
>>> PID: 1920 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: rusac domain: CDSS
>>>
>>> Startup items:
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: LayoutM
>>> imagepath: KLayMgr.exe
>>> Name: Tweak UI
>>> imagepath: RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
>>> Name: Logitech Utility
>>> imagepath: Logi_MwX.Exe
>>> Name: DLA
>>> imagepath: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
>>> Name: ISUSPM Startup
>>> imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>>> Name: ISUSScheduler
>>> imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
>>> Name: RTHDCPL
>>> imagepath: RTHDCPL.EXE
>>> Name: IgfxTray
>>> imagepath: C:\Masters\Video\Intel\Graphics\igfxtray.exe
>>> Name: HotKeysCmds
>>> imagepath: C:\Masters\Video\Intel\Graphics\hkcmd.exe
>>> Name: Persistence
>>> imagepath: C:\Masters\Video\Intel\Graphics\igfxpers.exe
>>> Name: SunJavaUpdateSched
>>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
>>> Name: Acrobat Assistant 8.0
>>> imagepath: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
>>> Name:
>>> Name: YSearchProtection
>>> imagepath: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
>>> Name: Google Desktop Search
>>> imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
>>> Name: AppleSyncNotifier
>>> imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
>>> Name: QuickTime Task
>>> imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
>>> Name: iTunesHelper
>>> imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
>>> Name: ccApp
>>> imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
>>> imagepath: C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
>>> imagepath: C:\Program Files\PKWARE\PKZIPM\12.20.0021\PKTray.exe
>>> Name:
>>> imagepath: C:\Documents and Settings\rusac\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: Apple Mobile Device
>>> displayname: Apple Mobile Device
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Bonjour Service
>>> displayname: Bonjour Service
>>> Name: ccEvtMgr
>>> displayname: Symantec Event Manager
>>> Name: CcmExec
>>> displayname: SMS Agent Host
>>> Name: ccSetMgr
>>> displayname: Symantec Settings Manager
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: dmserver
>>> displayname: Logical Disk Manager
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: ERSvc
>>> displayname: Error Reporting Service
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FLEXnet Licensing Service
>>> displayname: FLEXnet Licensing Service
>>> Name: helpsvc
>>> displayname: Help and Support
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: iPod Service
>>> displayname: iPod Service
>>> Name: JavaQuickStarterService
>>> displayname: Java Quick Starter
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LightScribeService
>>> displayname: LightScribeService Direct Disc Labeling Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netlogon
>>> displayname: Net Logon
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RemoteRegistry
>>> displayname: Remote Registry
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: SCardSvr
>>> displayname: Smart Card
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: SmcService
>>> displayname: Symantec Management Client
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: Symantec AntiVirus
>>> displayname: Symantec Endpoint Protection
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: Wuser32
>>> displayname: SMS Remote Control Agent
>>> Name: YahooAUService
>>> displayname: Yahoo! Updater
>>>
>>>

Share this post


Link to post
Share on other sites
Hey [b]onay32[/b],

Welcome to [color="#0000FF"][b]Lavasoft Support Forum[/b][/color]! I'm [b]Ltangelic[/b] and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :angry:

Meanwhile, please do the following:

Please download [url="http://download.bleepingcomputer.com/sUBs/dds.scr"][b]DDS[/b][/url] and save it to your desktop.[list]
[*]Disable any script blocking protection
[*] Double click dds.scr to run the tool.
[*]When done, DDS.txt will open.
[*]Click [b]Yes[/b] at the next prompt for [b]Optional Scan[/b].
[*]Save both reports to your desktop.
[/list]

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this