dunno what i got

**savgbst1** · 2010-04-28, 17:58

ok, im pretty sure i had ave.exe. i was getting a pop up that said windows XP protector, and ran a false scan saying that i was covered in bad. i also have something called just-in-time debugger popping up, which i understand is just a bad program - i tried to un-click something in internet options to get it to stop and it hasn't so i don't know what that is. i followed the steps you were giving someone else AFTER i installed/ran erunt, hijak this, all the stuff in the before you post section. nothings fixed. so i probably screwed up more stuff but i was trying not to waste your time.

i tried to post this from the infected computer last night, but even when i could get to the forums through the re-directs, it wouldn't let me post anything. i'm posting this on another computer. i tried to downlaod combo-fix, in case you wanted me to use it, but i cant seem to. best i can figure is to down load anything you need here onto a jump drive then upload it there and try it and ferry things back and forth. so this is as of last night.

ran spybot. no infections found
ran AVG slow scan - have that set to run every night. found something, said it deleted it, but it said no infections found, so think it only found tracking cookies. nothing went away.
so i came to here, found a guy that said he also had ave.exe, whihc i kept seeing in my processes box.
so, i ran erunt.
then i ran hijackthis
then i downloaded malwarebytes...it woundn't start. so i down loaded rkill, and ran it
malwarebytes then ran, found infections, asked for a restart. ive follwed this procedure several times. no worky.
so last night i re-ran hijack this - log as follows. ran dds, log as follows. i had to email the logs to myself because it wouldn't let me post them - kept saying cant display this page.

i get alot of re-directs, false scan anti virus pop-up crap, etc.

thank-you in advance!!

heres the hijackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:52 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\matt.FLUXCAPACITER\Local Settings\Temporary Internet Files\Content.IE5\FA6IVD0Q\dds[1].scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\matt.FLUXCAPACITER\Local Settings\Temp\3.tmp\edS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autofix /autoclose
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-602162358-117609710-839522115-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Amys Place')
O4 - HKUS\S-1-5-21-602162358-117609710-839522115-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Amys Place')
O4 - S-1-5-21-602162358-117609710-839522115-1007 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Amys Place')
O4 - S-1-5-21-602162358-117609710-839522115-1007 User Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Amys Place')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt.FLUXCAPACITER\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145086499562
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7746 bytes

heres the DDS log;

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2006 2:37:19 PM
System Uptime: 4/27/2010 7:52:41 PM (1 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 36.416 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1479: 1/26/2010 5:29:46 AM - System Checkpoint
RP1480: 1/27/2010 6:29:10 AM - System Checkpoint
RP1481: 1/27/2010 8:14:06 AM - Software Distribution Service 3.0
RP1482: 1/28/2010 9:04:43 AM - System Checkpoint
RP1483: 1/29/2010 12:25:09 AM - Software Distribution Service 3.0
RP1484: 1/30/2010 1:40:16 AM - System Checkpoint
RP1485: 1/30/2010 11:02:40 AM - Removed Apple Mobile Device Support
RP1486: 1/31/2010 11:13:26 AM - System Checkpoint
RP1487: 2/1/2010 10:06:15 AM - Software Distribution Service 3.0
RP1488: 2/2/2010 11:40:34 AM - System Checkpoint
RP1489: 2/3/2010 9:53:45 AM - Avg8 Update
RP1490: 2/4/2010 10:09:22 AM - System Checkpoint
RP1491: 2/4/2010 3:19:27 PM - Software Distribution Service 3.0
RP1492: 2/5/2010 4:09:25 PM - System Checkpoint
RP1493: 2/6/2010 6:04:54 PM - System Checkpoint
RP1494: 2/7/2010 6:46:21 PM - System Checkpoint
RP1495: 2/8/2010 4:34:03 PM - Software Distribution Service 3.0
RP1496: 2/9/2010 5:16:02 PM - System Checkpoint
RP1497: 2/10/2010 3:00:53 AM - Software Distribution Service 3.0
RP1498: 2/11/2010 3:18:53 AM - System Checkpoint
RP1499: 2/12/2010 12:08:41 AM - Software Distribution Service 3.0
RP1500: 2/13/2010 1:06:51 AM - System Checkpoint
RP1501: 2/14/2010 1:37:53 AM - System Checkpoint
RP1502: 2/15/2010 2:23:50 AM - System Checkpoint
RP1503: 2/15/2010 11:13:25 AM - Software Distribution Service 3.0
RP1504: 2/16/2010 11:31:16 AM - System Checkpoint
RP1505: 2/17/2010 12:15:52 PM - System Checkpoint
RP1506: 2/18/2010 12:20:29 PM - System Checkpoint
RP1507: 2/18/2010 3:40:49 PM - Software Distribution Service 3.0
RP1508: 2/19/2010 4:20:27 PM - System Checkpoint
RP1509: 2/20/2010 4:21:35 PM - System Checkpoint
RP1510: 2/21/2010 4:41:47 PM - System Checkpoint
RP1511: 2/22/2010 5:41:47 PM - System Checkpoint
RP1512: 2/23/2010 8:41:45 AM - Software Distribution Service 3.0
RP1513: 2/24/2010 9:16:50 AM - System Checkpoint
RP1514: 2/25/2010 1:47:37 AM - Software Distribution Service 3.0
RP1515: 2/25/2010 3:00:37 AM - Software Distribution Service 3.0
RP1516: 2/25/2010 11:31:48 PM - Software Distribution Service 3.0
RP1517: 2/27/2010 12:16:50 AM - System Checkpoint
RP1518: 2/28/2010 11:52:40 AM - System Checkpoint
RP1519: 3/1/2010 8:13:00 AM - Software Distribution Service 3.0
RP1520: 3/2/2010 10:31:18 AM - System Checkpoint
RP1521: 3/3/2010 11:08:28 AM - System Checkpoint
RP1522: 3/4/2010 2:57:50 PM - Software Distribution Service 3.0
RP1523: 3/5/2010 3:39:38 PM - System Checkpoint
RP1524: 3/6/2010 7:31:44 PM - System Checkpoint
RP1525: 3/7/2010 10:39:34 PM - System Checkpoint
RP1526: 3/8/2010 6:36:52 PM - Software Distribution Service 3.0
RP1527: 3/9/2010 8:11:19 AM - Avg8 Update
RP1528: 3/10/2010 8:57:49 AM - System Checkpoint
RP1529: 3/11/2010 3:00:55 AM - Software Distribution Service 3.0
RP1530: 3/11/2010 10:54:17 AM - Software Distribution Service 3.0
RP1531: 3/12/2010 12:15:00 PM - System Checkpoint
RP1532: 3/13/2010 2:14:49 PM - System Checkpoint
RP1533: 3/14/2010 10:35:36 PM - System Checkpoint
RP1534: 3/15/2010 6:11:13 PM - Software Distribution Service 3.0
RP1535: 3/18/2010 2:34:54 AM - System Checkpoint
RP1536: 3/18/2010 9:51:43 PM - Avg8 Update
RP1537: 3/18/2010 9:57:13 PM - Avg8 Update
RP1538: 3/18/2010 10:26:54 PM - Software Distribution Service 3.0
RP1539: 3/19/2010 9:42:16 AM - Avg8 Update
RP1540: 3/19/2010 9:42:37 AM - Avg8 Update
RP1541: 3/20/2010 4:39:43 PM - System Checkpoint
RP1542: 3/22/2010 2:05:03 PM - Software Distribution Service 3.0
RP1543: 3/23/2010 3:33:59 PM - System Checkpoint
RP1544: 3/24/2010 4:02:49 PM - System Checkpoint
RP1545: 3/25/2010 5:03:55 PM - System Checkpoint
RP1546: 3/25/2010 9:08:54 PM - Software Distribution Service 3.0
RP1547: 3/27/2010 5:56:22 PM - System Checkpoint
RP1548: 3/28/2010 6:04:01 PM - System Checkpoint
RP1549: 3/29/2010 6:12:20 PM - Software Distribution Service 3.0
RP1550: 3/30/2010 9:14:05 PM - System Checkpoint
RP1551: 3/31/2010 10:20:19 AM - Software Distribution Service 3.0
RP1552: 4/1/2010 9:52:27 AM - Software Distribution Service 3.0
RP1553: 4/2/2010 11:12:14 AM - System Checkpoint
RP1554: 4/4/2010 1:59:47 AM - System Checkpoint
RP1555: 4/7/2010 7:16:29 PM - Software Distribution Service 3.0
RP1556: 4/8/2010 6:32:03 PM - Software Distribution Service 3.0
RP1557: 4/9/2010 7:42:31 PM - System Checkpoint
RP1558: 4/10/2010 9:30:59 PM - System Checkpoint
RP1559: 4/12/2010 5:31:01 AM - System Checkpoint
RP1560: 4/12/2010 9:37:52 AM - Software Distribution Service 3.0
RP1561: 4/13/2010 11:19:29 AM - System Checkpoint
RP1562: 4/14/2010 3:01:22 AM - Software Distribution Service 3.0
RP1563: 4/15/2010 3:14:12 AM - System Checkpoint
RP1564: 4/15/2010 2:49:40 PM - Software Distribution Service 3.0
RP1565: 4/16/2010 4:27:59 PM - System Checkpoint
RP1566: 4/17/2010 5:03:10 PM - System Checkpoint
RP1567: 4/19/2010 12:09:56 AM - System Checkpoint
RP1568: 4/19/2010 5:17:51 PM - Software Distribution Service 3.0
RP1569: 4/20/2010 6:25:08 PM - System Checkpoint
RP1570: 4/21/2010 8:20:11 PM - System Checkpoint
RP1571: 4/22/2010 11:11:58 PM - Software Distribution Service 3.0
RP1572: 4/24/2010 8:53:28 PM - System Checkpoint
RP1573: 4/25/2010 8:58:39 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe® Photoshop® Album Starter Edition 3.0.1
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 8.5
Bonjour
CCleaner
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Photo AIO Printer 924
DivX Codec
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
jv16 PowerTools 2008
kSolo Recorder
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Netflix Movie Viewer
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Photo Viewer 2.3
Picture Package Music Transfer
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SigmaTel Audio
Sony Picture Utility
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/27/2010 6:47:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2010 6:43:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2010 6:26:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcc_device service to connect.
4/27/2010 6:26:18 PM, error: Service Control Manager [7000] - The dlcc_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/27/2010 6:25:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441069}
4/26/2010 10:19:31 PM, error: Dhcp [1002] - The IP address lease 99.143.212.167 for the Network Card with network address 001320B44EF9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/25/2010 7:16:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Lbd
4/24/2010 9:47:46 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/24/2010 9:47:46 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/24/2010 9:47:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/24/2010 5:40:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001320B44EF9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/24/2010 5:26:07 PM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
4/24/2010 10:11:52 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/23/2010 8:01:53 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

==== End Of File ===========================

oh and also- im not totally retarded, but please really really make your directions clear. i suck at this computer stuff- obviously. thanks!

========================
Edit

Originally Posted by savgbst1

i followed the steps you were giving someone else AFTER i installed/ran erunt, hijak this, all the stuff in the before you post section. nothings fixed. so i probably screwed up more stuff but i was trying not to waste your time.

Note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

**savgbst1** · 2010-04-29, 01:39

bout to take off for the day and go home to my broke computer - will be checking again in the morning. see ya!

Edit
savgbst1, please read the forum FAQ, link provided above.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count. For that reason we may merge such posts but please do not count on it.

Subscriptions

Members can keep track of their threads and choose how to be notified about updates.

**Blade81** · 2010-05-03, 21:50

Hi,

Please re-run DDS and post back dds.txt contents.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab, uncheck all other options but sections and then click scan.
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

**savgbst1** · 2010-05-04, 09:00

ok, heres a new DDS...sorry this took so long i still got lots of redirects going - they have a blue sort of number 2 looking scroll in front of them. dunno if tht helps at all. thanks in advance!!

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2006 2:37:19 PM
System Uptime: 5/3/2010 6:30:52 PM (5 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 36.046 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1488: 2/2/2010 11:40:34 AM - System Checkpoint
RP1489: 2/3/2010 9:53:45 AM - Avg8 Update
RP1490: 2/4/2010 10:09:22 AM - System Checkpoint
RP1491: 2/4/2010 3:19:27 PM - Software Distribution Service 3.0
RP1492: 2/5/2010 4:09:25 PM - System Checkpoint
RP1493: 2/6/2010 6:04:54 PM - System Checkpoint
RP1494: 2/7/2010 6:46:21 PM - System Checkpoint
RP1495: 2/8/2010 4:34:03 PM - Software Distribution Service 3.0
RP1496: 2/9/2010 5:16:02 PM - System Checkpoint
RP1497: 2/10/2010 3:00:53 AM - Software Distribution Service 3.0
RP1498: 2/11/2010 3:18:53 AM - System Checkpoint
RP1499: 2/12/2010 12:08:41 AM - Software Distribution Service 3.0
RP1500: 2/13/2010 1:06:51 AM - System Checkpoint
RP1501: 2/14/2010 1:37:53 AM - System Checkpoint
RP1502: 2/15/2010 2:23:50 AM - System Checkpoint
RP1503: 2/15/2010 11:13:25 AM - Software Distribution Service 3.0
RP1504: 2/16/2010 11:31:16 AM - System Checkpoint
RP1505: 2/17/2010 12:15:52 PM - System Checkpoint
RP1506: 2/18/2010 12:20:29 PM - System Checkpoint
RP1507: 2/18/2010 3:40:49 PM - Software Distribution Service 3.0
RP1508: 2/19/2010 4:20:27 PM - System Checkpoint
RP1509: 2/20/2010 4:21:35 PM - System Checkpoint
RP1510: 2/21/2010 4:41:47 PM - System Checkpoint
RP1511: 2/22/2010 5:41:47 PM - System Checkpoint
RP1512: 2/23/2010 8:41:45 AM - Software Distribution Service 3.0
RP1513: 2/24/2010 9:16:50 AM - System Checkpoint
RP1514: 2/25/2010 1:47:37 AM - Software Distribution Service 3.0
RP1515: 2/25/2010 3:00:37 AM - Software Distribution Service 3.0
RP1516: 2/25/2010 11:31:48 PM - Software Distribution Service 3.0
RP1517: 2/27/2010 12:16:50 AM - System Checkpoint
RP1518: 2/28/2010 11:52:40 AM - System Checkpoint
RP1519: 3/1/2010 8:13:00 AM - Software Distribution Service 3.0
RP1520: 3/2/2010 10:31:18 AM - System Checkpoint
RP1521: 3/3/2010 11:08:28 AM - System Checkpoint
RP1522: 3/4/2010 2:57:50 PM - Software Distribution Service 3.0
RP1523: 3/5/2010 3:39:38 PM - System Checkpoint
RP1524: 3/6/2010 7:31:44 PM - System Checkpoint
RP1525: 3/7/2010 10:39:34 PM - System Checkpoint
RP1526: 3/8/2010 6:36:52 PM - Software Distribution Service 3.0
RP1527: 3/9/2010 8:11:19 AM - Avg8 Update
RP1528: 3/10/2010 8:57:49 AM - System Checkpoint
RP1529: 3/11/2010 3:00:55 AM - Software Distribution Service 3.0
RP1530: 3/11/2010 10:54:17 AM - Software Distribution Service 3.0
RP1531: 3/12/2010 12:15:00 PM - System Checkpoint
RP1532: 3/13/2010 2:14:49 PM - System Checkpoint
RP1533: 3/14/2010 10:35:36 PM - System Checkpoint
RP1534: 3/15/2010 6:11:13 PM - Software Distribution Service 3.0
RP1535: 3/18/2010 2:34:54 AM - System Checkpoint
RP1536: 3/18/2010 9:51:43 PM - Avg8 Update
RP1537: 3/18/2010 9:57:13 PM - Avg8 Update
RP1538: 3/18/2010 10:26:54 PM - Software Distribution Service 3.0
RP1539: 3/19/2010 9:42:16 AM - Avg8 Update
RP1540: 3/19/2010 9:42:37 AM - Avg8 Update
RP1541: 3/20/2010 4:39:43 PM - System Checkpoint
RP1542: 3/22/2010 2:05:03 PM - Software Distribution Service 3.0
RP1543: 3/23/2010 3:33:59 PM - System Checkpoint
RP1544: 3/24/2010 4:02:49 PM - System Checkpoint
RP1545: 3/25/2010 5:03:55 PM - System Checkpoint
RP1546: 3/25/2010 9:08:54 PM - Software Distribution Service 3.0
RP1547: 3/27/2010 5:56:22 PM - System Checkpoint
RP1548: 3/28/2010 6:04:01 PM - System Checkpoint
RP1549: 3/29/2010 6:12:20 PM - Software Distribution Service 3.0
RP1550: 3/30/2010 9:14:05 PM - System Checkpoint
RP1551: 3/31/2010 10:20:19 AM - Software Distribution Service 3.0
RP1552: 4/1/2010 9:52:27 AM - Software Distribution Service 3.0
RP1553: 4/2/2010 11:12:14 AM - System Checkpoint
RP1554: 4/4/2010 1:59:47 AM - System Checkpoint
RP1555: 4/7/2010 7:16:29 PM - Software Distribution Service 3.0
RP1556: 4/8/2010 6:32:03 PM - Software Distribution Service 3.0
RP1557: 4/9/2010 7:42:31 PM - System Checkpoint
RP1558: 4/10/2010 9:30:59 PM - System Checkpoint
RP1559: 4/12/2010 5:31:01 AM - System Checkpoint
RP1560: 4/12/2010 9:37:52 AM - Software Distribution Service 3.0
RP1561: 4/13/2010 11:19:29 AM - System Checkpoint
RP1562: 4/14/2010 3:01:22 AM - Software Distribution Service 3.0
RP1563: 4/15/2010 3:14:12 AM - System Checkpoint
RP1564: 4/15/2010 2:49:40 PM - Software Distribution Service 3.0
RP1565: 4/16/2010 4:27:59 PM - System Checkpoint
RP1566: 4/17/2010 5:03:10 PM - System Checkpoint
RP1567: 4/19/2010 12:09:56 AM - System Checkpoint
RP1568: 4/19/2010 5:17:51 PM - Software Distribution Service 3.0
RP1569: 4/20/2010 6:25:08 PM - System Checkpoint
RP1570: 4/21/2010 8:20:11 PM - System Checkpoint
RP1571: 4/22/2010 11:11:58 PM - Software Distribution Service 3.0
RP1572: 4/24/2010 8:53:28 PM - System Checkpoint
RP1573: 4/25/2010 8:58:39 PM - System Checkpoint
RP1574: 4/28/2010 5:58:31 PM - System Checkpoint
RP1575: 4/29/2010 7:43:59 PM - Removed AVG Free 8.5
RP1576: 4/29/2010 7:46:27 PM - Installed AVG Free 8.5
RP1577: 4/29/2010 7:47:36 PM - avast! Free Antivirus Setup
RP1578: 4/30/2010 2:11:52 AM - Software Distribution Service 3.0
RP1579: 4/30/2010 10:14:35 PM - Removed Ad-Aware Email Scanner for Outlook
RP1580: 5/1/2010 6:21:27 PM - Configured SigmaTel Audio
RP1581: 5/3/2010 2:00:05 AM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe® Photoshop® Album Starter Edition 3.0.1
Apple Mobile Device Support
AutoUpdate
avast! Free Antivirus
Bonjour
CCleaner
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Photo AIO Printer 924
DivX Codec
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
jv16 PowerTools 2008
kSolo Recorder
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Mozilla Firefox (3.6.3)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Netflix Movie Viewer
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Photo Viewer 2.3
Picture Package Music Transfer
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SigmaTel Audio
Sony Picture Utility
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

5/2/2010 7:03:43 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:43 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:43 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:43 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:43 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:43 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/2/2010 7:03:43 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/2/2010 7:03:43 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
5/2/2010 7:03:42 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
5/1/2010 6:16:49 PM, error: DCOM [10000] - Unable to start a DCOM Server: {91814EC0-B5F0-11D2-80B9-00104B1F6CEA}. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding
5/1/2010 5:50:45 PM, error: DCOM [10000] - Unable to start a DCOM Server: {D70B99C5-C07F-46FD-8053-51EEF4CF578A}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\DllHost.exe /Processid:{6A9522D4-C18E-4889-BA94-AA1A782D8300}
5/1/2010 1:49:56 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.
4/30/2010 9:33:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuweb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
4/30/2010 7:51:40 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/29/2010 9:53:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/29/2010 9:53:11 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2010 9:52:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/29/2010 9:48:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001320B44EF9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/29/2010 9:48:44 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/29/2010 9:48:44 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/29/2010 11:19:11 PM, error: DCOM [10000] - Unable to start a DCOM Server: {D40DAF26-8F39-4430-97B9-D3E1A42426C8}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE" -Embedding
4/29/2010 10:23:17 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/28/2010 5:25:33 PM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
4/27/2010 6:47:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2010 6:43:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2010 6:41:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2010 6:26:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcc_device service to connect.
4/27/2010 6:26:18 PM, error: Service Control Manager [7000] - The dlcc_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/27/2010 6:25:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441069}
4/26/2010 10:19:31 PM, error: Dhcp [1002] - The IP address lease 99.143.212.167 for the Network Card with network address 001320B44EF9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

**savgbst1** · 2010-05-04, 09:04

here's the other.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-04 00:03:45
Windows 5.1.2600 Service Pack 3
Running: qhl9x6pt.exe; Driver: C:\DOCUME~1\MATT~1.FLU\LOCALS~1\Temp\kwdyipoc.sys

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AACA746C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AACA7332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AACA34AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AACA497E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AACA750E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xF89B7C14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03C1000A
.text C:\WINDOWS\System32\svchost.exe[1460] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 03AB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0124000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0125000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2092] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0123000C
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification

---- EOF - GMER 1.0.15 ----

**Blade81** · 2010-05-04, 13:22

Hi,

That's attach.txt part of DDS. Do you have dds.txt part handy?

**savgbst1** · 2010-05-04, 20:26

uh...ok youve encountered the end of my understanding of computer stuff. sorry youre stuck with the moron! if you can tell me in potato head language precisely how to get you what youre looking for when im home tonight ill do it - i mostly have to talk to you from work, its my home comp thats messed up and it re-directs so much its hard to get to you! thanks for your help, and sorry again youre stuck with the guy who knows nothin.

**Blade81** · 2010-05-04, 20:37

No need to apologize

Let's see DDS log creation steps again.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post dds.txt contents (the one that has running processes listed there among other entries) to your topic.

**savgbst1** · 2010-05-05, 03:21

ok i thinks i gots it. i want to thank you again for your patience and help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by matt at 18:16:33.06 on Tue 05/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.40 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\matt.FLUXCAPACITER\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {119DBEDA-9C41-4F97-94B4-B6BCD01133CF} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt~1.flu\applic~1\mozilla\firefox\profiles\x9celctm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\amys place\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-29 162768]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-6-2 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-29 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 tmcd;tmcd;c:\windows\system32\drivers\bbpcoc.sys --> c:\windows\system32\drivers\bbpcoc.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-8-1 17149]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2007-8-1 362944]

=============== Created Last 30 ================

2010-05-02 01:35:14 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-05-02 01:31:42 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4543.dll
2010-05-02 01:17:25 0 d-----w- c:\program files\CONEXANT
2010-05-02 01:17:18 128398 ----a-w- c:\windows\system32\drivers\del200f.cty
2010-05-02 01:17:17 90112 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-05-02 01:17:17 680704 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-05-02 01:17:17 212224 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2010-05-02 01:17:17 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-05-02 01:17:17 1042432 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-05-02 01:13:03 19456 ------w- c:\windows\system32\SETF.tmp
2010-04-30 02:47:36 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-04-25 22:44:34 0 d-----w- c:\docume~1\matt~1.flu\applic~1\Malwarebytes
2010-04-25 22:44:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 22:44:16 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-04-25 22:44:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 22:44:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-05-01 02:42:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-01-04 03:22:50 23 --sha-w- c:\windows\system32\cafccda_z.dll
2007-01-18 16:05:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-27 02:21:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 18:18:35.32 ===============

**Blade81** · 2010-05-05, 11:56

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Thread: dunno what i got

Thread Tools

Display

dunno what i got

Posting Permissions