PDA

View Full Version : logon.exe problem?



TheSound
2010-07-13, 21:21
hey,i need some help from you guys. every time i turn on my computer i get a screen asking me to run a file called logon.exe or to cancel it.not sure what to o about it. if i go run and type msconfig and go to start up there is a logon item and i can uncheck it, not sure if its the same item tho.this computer is only a few months old so i dont wanna do anything that will bugger it up anymore.so hopefully you can help me.... and yes i know utorrent is installed ill remove it :)
heres a screen shot of what i get
http://i28.tinypic.com/2m2e3yd.jpg



DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by valued Client at 13:57:25.50 on Tue 07/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1308 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\valued Client\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [winlogon] c:\docume~1\valued~1\locals~1\temp\logon.exe
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261049201656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276130126171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\oure6ez9.default\
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-11 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-9 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-9 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-6-9 98984]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-6-13 18560]

=============== Created Last 30 ================

2010-07-11 23:48:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 23:48:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 23:43:00 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 23:42:48 0 d-----w- c:\program files\Lavasoft
2010-07-11 23:28:15 0 d-----w- c:\windows\pss
2010-07-04 03:12:06 129536 ------w- c:\windows\system32\SET62.tmp
2010-07-04 03:09:20 94208 ----a-w- c:\windows\amcap.exe
2010-07-04 03:09:20 20480 ----a-w- c:\windows\FixCamera.exe
2010-06-29 06:23:53 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 03:47:33 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-28 03:47:33 77824 ----a-w- c:\windows\system32\xvid.ax
2010-06-28 03:47:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-28 03:47:33 0 d-----w- c:\program files\Xvid
2010-06-25 19:37:37 0 d-----w- c:\program files\DVDVideoSoft
2010-06-25 19:37:37 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-06-24 04:37:44 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 04:37:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-23 04:42:06 0 d-----w- c:\documents and settings\valued client\dwhelper
2010-06-22 19:24:11 0 d-----w- c:\program files\Kreatives.org
2010-06-22 19:23:23 0 d-----w- c:\docume~1\valued~1\applic~1\GetRightToGo
2010-06-21 05:44:46 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1104db41b910.mof
2010-06-21 05:40:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-21 05:32:50 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-21 05:32:14 0 d-----w- c:\windows\SHELLNEW
2010-06-15 19:27:53 0 d-----w- c:\docume~1\valued~1\applic~1\PriceGong
2010-06-15 16:09:02 0 d-----w- c:\documents and settings\all users\CyberLink
2010-06-15 04:19:45 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-06-14 18:25:07 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-14 18:25:07 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-14 18:24:58 0 d-----w- c:\docume~1\valued~1\applic~1\Line 6
2010-06-14 18:22:38 0 d-----w- c:\program files\Psicraft
2010-06-14 18:22:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Psicraft
2010-06-14 18:21:40 0 d-----w- c:\program files\Line6
2010-06-14 17:49:49 0 d-----w- c:\program files\BestPractice
2010-06-13 22:38:31 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2010-06-13 22:08:40 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-06-13 22:08:33 0 d-----w- c:\program files\LeapFrog
2010-06-13 22:08:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Leapfrog

==================== Find3M ====================

2010-06-09 23:33:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2006-06-25 06:48:54 32768 -c--a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 13:57:57.15 ===============


ATTACH log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2010 4:48:01 PM
System Uptime: 7/13/2010 1:45:17 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5G41-M LE
Processor: Intel Pentium II processor | LGA775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 425.771 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 75.859 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/9/2010 4:48:04 PM - System Checkpoint
RP2: 6/9/2010 4:49:58 PM - Software Distribution Service 3.0
RP3: 6/9/2010 4:59:38 PM - Software Distribution Service 3.0
RP4: 6/9/2010 5:32:53 PM - Installed Windows XP WgaNotify.
RP5: 6/9/2010 7:15:06 PM - avast! Free Antivirus Setup
RP6: 6/9/2010 7:33:23 PM - Installed Java(TM) 6 Update 20
RP7: 6/9/2010 7:43:19 PM - Installed Windows KB954550-v5.
RP8: 6/9/2010 7:43:24 PM - Printer Driver Microsoft XPS Document Writer Installed
RP9: 6/9/2010 7:43:30 PM - Printer Driver Microsoft XPS Document Writer Installed
RP10: 6/9/2010 7:49:23 PM - Software Distribution Service 3.0
RP11: 6/9/2010 7:53:33 PM - Installed Engine Installer
RP12: 6/9/2010 7:53:43 PM - Installed NOMAD Explorer
RP13: 6/9/2010 7:54:03 PM - Installed Creative System Information
RP14: 6/9/2010 7:54:09 PM - Installed Creative Zen Touch
RP15: 6/9/2010 7:56:03 PM - Installed Engine Installer
RP16: 6/9/2010 7:56:23 PM - Installed Common Audio Driver Interface
RP17: 6/9/2010 7:56:32 PM - Installed Creative MediaSource
RP18: 6/9/2010 7:56:54 PM - Installed Creative MediaSource Detector
RP19: 6/9/2010 7:57:03 PM - Installed Creative MediaSource CD-ROM Burner Plugin
RP20: 6/9/2010 7:57:13 PM - Installed Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
RP21: 6/9/2010 7:57:23 PM - Installed Creative MediaSource AudioSync Plugin
RP22: 6/9/2010 7:57:31 PM - Installed Creative MediaSource NOMAD MuVo Plugin
RP23: 6/9/2010 7:57:40 PM - Installed Creative MediaSource Player Skin Pack
RP24: 6/9/2010 7:57:49 PM - Installed Creative MediaSource
RP25: 6/9/2010 8:12:45 PM - Installed Adobe Reader 9.3.
RP26: 6/9/2010 8:47:06 PM - Software Distribution Service 3.0
RP27: 6/9/2010 9:00:12 PM - Software Distribution Service 3.0
RP28: 6/9/2010 9:01:54 PM - Software Distribution Service 3.0
RP29: 6/10/2010 9:49:06 PM - System Checkpoint
RP30: 6/11/2010 1:36:30 PM - Installed Video Power
RP31: 6/12/2010 2:09:40 PM - System Checkpoint
RP32: 6/13/2010 3:33:51 PM - System Checkpoint
RP33: 6/14/2010 4:04:46 PM - System Checkpoint
RP34: 6/15/2010 12:16:59 AM - Installed QuickTime
RP35: 6/16/2010 7:47:16 AM - System Checkpoint
RP36: 6/17/2010 7:49:16 AM - System Checkpoint
RP37: 6/18/2010 8:32:50 AM - System Checkpoint
RP38: 6/18/2010 12:25:42 PM - Installed CCS64 V3.8
RP39: 6/19/2010 1:16:30 PM - System Checkpoint
RP40: 6/20/2010 4:00:23 PM - System Checkpoint
RP41: 6/21/2010 1:31:17 AM - Installed Microsoft Office Enterprise 2007
RP42: 6/21/2010 1:40:39 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP43: 6/21/2010 1:57:28 AM - Software Distribution Service 3.0
RP44: 6/21/2010 2:13:37 AM - Software Distribution Service 3.0
RP45: 6/21/2010 11:00:28 AM - Software Distribution Service 3.0
RP46: 6/22/2010 11:39:24 AM - System Checkpoint
RP47: 6/22/2010 7:14:16 PM - Software Distribution Service 3.0
RP48: 6/23/2010 8:24:06 PM - System Checkpoint
RP49: 6/24/2010 9:22:48 PM - System Checkpoint
RP50: 6/25/2010 9:37:48 PM - System Checkpoint
RP51: 6/26/2010 10:18:03 PM - System Checkpoint
RP52: 6/27/2010 10:44:19 PM - System Checkpoint
RP53: 6/28/2010 11:07:29 PM - System Checkpoint
RP54: 6/30/2010 8:04:36 AM - System Checkpoint
RP55: 7/1/2010 8:20:07 AM - System Checkpoint
RP56: 7/2/2010 8:26:40 AM - System Checkpoint
RP57: 7/3/2010 9:05:53 PM - System Checkpoint
RP58: 7/3/2010 11:08:03 PM - Removed Video Power
RP59: 7/3/2010 11:09:11 PM - Installed USB PC Camera-168
RP60: 7/3/2010 11:09:42 PM - Installed Video Power
RP61: 7/4/2010 11:19:59 PM - System Checkpoint
RP62: 7/6/2010 12:41:11 AM - System Checkpoint
RP63: 7/7/2010 1:44:00 AM - System Checkpoint
RP64: 7/8/2010 1:53:53 AM - System Checkpoint
RP65: 7/9/2010 7:36:35 AM - System Checkpoint
RP66: 7/9/2010 6:31:31 PM - Removed USB PC Camera-168
RP67: 7/9/2010 6:31:58 PM - Removed Video Power
RP68: 7/10/2010 6:38:06 PM - System Checkpoint
RP69: 7/11/2010 7:01:16 PM - System Checkpoint
RP70: 7/12/2010 9:45:30 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
avast! Free Antivirus
BestPractice (remove only)
Creative Jukebox Driver
Creative MediaSource
Creative System Information
Creative Zen Touch
DVDVideoSoftTB Toolbar
ERUNT 1.1j
Free 3D Photo Maker version 2.0
Free Studio version 4.8
Free Video to Sony PSP Converter version 2.0
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 20
KRISTAL Audio Engine
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Lexmark 5600-6600 Series
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG Power Tools
Line 6 Uninstaller
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
MSN
MSVCRT
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Spybot - Search & Destroy
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vyzex Pocket POD 1.17
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

7/9/2010 5:42:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.
7/9/2010 5:42:51 AM, error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

JonTom
2010-07-17, 19:14
Hello TheSound and :welcome:

My name is JonTom.

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 5 days your thread will be closed.



DDS


As it has been a few days since you posted, please perform a new DDS scan of your system and post the log created.



Please scan your system with GMER


http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post the DDS logs and the GMER log in your next reply.

TheSound
2010-07-18, 05:28
hey JonTom, thanks for helping me out, hopfully you can fix this for me:). I ran the GMER scan and every time i run it, it stops and my computer shuts off and starts up again. i ran it 3 times and the same thing happened :S so im unable to get that log for you
(i did notice tho that it took up 90% cpu, maybe that has somthing to do with it not fully )

the pop up screen still pops up, I should be clicking cancel right? not run


here are the DDS logs


DDS (Ver_10-03-17.01) - NTFSx86
Run by valued Client at 19:22:44.25 on Sat 07/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1151 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\valued Client\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [winlogon] c:\docume~1\valued~1\locals~1\temp\logon.exe
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261049201656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276130126171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\oure6ez9.default\
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-11 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-9 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-9 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-6-9 98984]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-6-13 18560]

=============== Created Last 30 ================

2010-07-16 22:41:35 0 d-----w- c:\docume~1\valued~1\applic~1\.minecraft
2010-07-14 19:37:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-14 03:30:08 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 23:48:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 23:48:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 23:43:00 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 23:42:48 0 d-----w- c:\program files\Lavasoft
2010-07-11 23:28:15 0 d-----w- c:\windows\pss
2010-07-04 03:12:06 129536 ------w- c:\windows\system32\SET62.tmp
2010-07-04 03:09:20 94208 ----a-w- c:\windows\amcap.exe
2010-07-04 03:09:20 20480 ----a-w- c:\windows\FixCamera.exe
2010-06-29 06:23:53 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 03:47:33 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-28 03:47:33 77824 ----a-w- c:\windows\system32\xvid.ax
2010-06-28 03:47:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-28 03:47:33 0 d-----w- c:\program files\Xvid
2010-06-25 19:37:37 0 d-----w- c:\program files\DVDVideoSoft
2010-06-25 19:37:37 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-06-24 04:37:44 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 04:37:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-23 04:42:06 0 d-----w- c:\documents and settings\valued client\dwhelper
2010-06-22 19:24:11 0 d-----w- c:\program files\Kreatives.org
2010-06-22 19:23:23 0 d-----w- c:\docume~1\valued~1\applic~1\GetRightToGo
2010-06-21 05:44:46 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1104db41b910.mof
2010-06-21 05:40:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-21 05:32:50 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-21 05:32:14 0 d-----w- c:\windows\SHELLNEW

==================== Find3M ====================

2010-06-09 23:33:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-06-25 06:48:54 32768 -c--a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 19:23:16.85 ===============



Attach log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2010 4:48:01 PM
System Uptime: 7/15/2010 3:42:19 PM (52 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5G41-M LE
Processor: Intel Pentium II processor | LGA775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 425.073 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 75.859 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/9/2010 4:48:04 PM - System Checkpoint
RP2: 6/9/2010 4:49:58 PM - Software Distribution Service 3.0
RP3: 6/9/2010 4:59:38 PM - Software Distribution Service 3.0
RP4: 6/9/2010 5:32:53 PM - Installed Windows XP WgaNotify.
RP5: 6/9/2010 7:15:06 PM - avast! Free Antivirus Setup
RP6: 6/9/2010 7:33:23 PM - Installed Java(TM) 6 Update 20
RP7: 6/9/2010 7:43:19 PM - Installed Windows KB954550-v5.
RP8: 6/9/2010 7:43:24 PM - Printer Driver Microsoft XPS Document Writer Installed
RP9: 6/9/2010 7:43:30 PM - Printer Driver Microsoft XPS Document Writer Installed
RP10: 6/9/2010 7:49:23 PM - Software Distribution Service 3.0
RP11: 6/9/2010 7:53:33 PM - Installed Engine Installer
RP12: 6/9/2010 7:53:43 PM - Installed NOMAD Explorer
RP13: 6/9/2010 7:54:03 PM - Installed Creative System Information
RP14: 6/9/2010 7:54:09 PM - Installed Creative Zen Touch
RP15: 6/9/2010 7:56:03 PM - Installed Engine Installer
RP16: 6/9/2010 7:56:23 PM - Installed Common Audio Driver Interface
RP17: 6/9/2010 7:56:32 PM - Installed Creative MediaSource
RP18: 6/9/2010 7:56:54 PM - Installed Creative MediaSource Detector
RP19: 6/9/2010 7:57:03 PM - Installed Creative MediaSource CD-ROM Burner Plugin
RP20: 6/9/2010 7:57:13 PM - Installed Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
RP21: 6/9/2010 7:57:23 PM - Installed Creative MediaSource AudioSync Plugin
RP22: 6/9/2010 7:57:31 PM - Installed Creative MediaSource NOMAD MuVo Plugin
RP23: 6/9/2010 7:57:40 PM - Installed Creative MediaSource Player Skin Pack
RP24: 6/9/2010 7:57:49 PM - Installed Creative MediaSource
RP25: 6/9/2010 8:12:45 PM - Installed Adobe Reader 9.3.
RP26: 6/9/2010 8:47:06 PM - Software Distribution Service 3.0
RP27: 6/9/2010 9:00:12 PM - Software Distribution Service 3.0
RP28: 6/9/2010 9:01:54 PM - Software Distribution Service 3.0
RP29: 6/10/2010 9:49:06 PM - System Checkpoint
RP30: 6/11/2010 1:36:30 PM - Installed Video Power
RP31: 6/12/2010 2:09:40 PM - System Checkpoint
RP32: 6/13/2010 3:33:51 PM - System Checkpoint
RP33: 6/14/2010 4:04:46 PM - System Checkpoint
RP34: 6/15/2010 12:16:59 AM - Installed QuickTime
RP35: 6/16/2010 7:47:16 AM - System Checkpoint
RP36: 6/17/2010 7:49:16 AM - System Checkpoint
RP37: 6/18/2010 8:32:50 AM - System Checkpoint
RP38: 6/18/2010 12:25:42 PM - Installed CCS64 V3.8
RP39: 6/19/2010 1:16:30 PM - System Checkpoint
RP40: 6/20/2010 4:00:23 PM - System Checkpoint
RP41: 6/21/2010 1:31:17 AM - Installed Microsoft Office Enterprise 2007
RP42: 6/21/2010 1:40:39 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP43: 6/21/2010 1:57:28 AM - Software Distribution Service 3.0
RP44: 6/21/2010 2:13:37 AM - Software Distribution Service 3.0
RP45: 6/21/2010 11:00:28 AM - Software Distribution Service 3.0
RP46: 6/22/2010 11:39:24 AM - System Checkpoint
RP47: 6/22/2010 7:14:16 PM - Software Distribution Service 3.0
RP48: 6/23/2010 8:24:06 PM - System Checkpoint
RP49: 6/24/2010 9:22:48 PM - System Checkpoint
RP50: 6/25/2010 9:37:48 PM - System Checkpoint
RP51: 6/26/2010 10:18:03 PM - System Checkpoint
RP52: 6/27/2010 10:44:19 PM - System Checkpoint
RP53: 6/28/2010 11:07:29 PM - System Checkpoint
RP54: 6/30/2010 8:04:36 AM - System Checkpoint
RP55: 7/1/2010 8:20:07 AM - System Checkpoint
RP56: 7/2/2010 8:26:40 AM - System Checkpoint
RP57: 7/3/2010 9:05:53 PM - System Checkpoint
RP58: 7/3/2010 11:08:03 PM - Removed Video Power
RP59: 7/3/2010 11:09:11 PM - Installed USB PC Camera-168
RP60: 7/3/2010 11:09:42 PM - Installed Video Power
RP61: 7/4/2010 11:19:59 PM - System Checkpoint
RP62: 7/6/2010 12:41:11 AM - System Checkpoint
RP63: 7/7/2010 1:44:00 AM - System Checkpoint
RP64: 7/8/2010 1:53:53 AM - System Checkpoint
RP65: 7/9/2010 7:36:35 AM - System Checkpoint
RP66: 7/9/2010 6:31:31 PM - Removed USB PC Camera-168
RP67: 7/9/2010 6:31:58 PM - Removed Video Power
RP68: 7/10/2010 6:38:06 PM - System Checkpoint
RP69: 7/11/2010 7:01:16 PM - System Checkpoint
RP70: 7/12/2010 9:45:30 PM - System Checkpoint
RP71: 7/13/2010 10:41:37 PM - System Checkpoint
RP72: 7/14/2010 3:00:20 AM - Software Distribution Service 3.0
RP73: 7/15/2010 3:49:12 AM - System Checkpoint
RP74: 7/16/2010 4:47:15 AM - System Checkpoint
RP75: 7/17/2010 7:26:37 AM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
avast! Free Antivirus
BestPractice (remove only)
Creative Jukebox Driver
Creative MediaSource
Creative System Information
Creative Zen Touch
DVDVideoSoftTB Toolbar
ERUNT 1.1j
Free 3D Photo Maker version 2.0
Free Studio version 4.8
Free Video to Sony PSP Converter version 2.0
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 20
KRISTAL Audio Engine
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Lexmark 5600-6600 Series
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG Power Tools
Line 6 Uninstaller
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
MSN
MSVCRT
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Spybot - Search & Destroy
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vyzex Pocket POD 1.17
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

7/16/2010 1:00:35 PM, error: Print [6161] - The document Microsoft Word - John Kyrkos owned by valued Client failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 31696. Number of bytes printed: 31696. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\NONE-7CD5C6DF47. Win32 error code returned by the print processor: 0 (0x0).
7/14/2010 2:30:08 PM, error: Print [6161] - The document Microsoft Word - John Kyrkos owned by valued Client failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 29212. Number of bytes printed: 29212. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\NONE-7CD5C6DF47. Win32 error code returned by the print processor: 0 (0x0).
7/13/2010 1:34:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.
7/13/2010 1:34:10 PM, error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

JonTom
2010-07-18, 12:54
Hello TheSound

Thank you for the new log.


the pop up screen still pops up, I should be clicking cancel right? not run Do not run anything and do not agree to anything.

I am looking over you log now. In the meantime, please try the following:


GMER


If you are having trouble getting GMER to complete a scan, please run it again, but this time uncheck everything EXCEPT "Sections" and "C:\".
If GMER does not produce a log please try running it from Safe Mode.


How to use the F8 method to Start Your Computer in Safe Mode

Restart your computer.
As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
Use the arrow keys to select the Safe mode menu item.
Press Enter.

If GMER in safe mode does not work, please try RootRepeal:



RootRepeal


Please download RootRepeal (http://rootrepeal.googlepages.com/RootRepeal.zip) to your desktop.
Physically disconnect your machine from the internet as your system will be unprotected.
Unzip it to it's own folder, close all other programs especially your security programs (anti-spyware, anti-virus, and firewall) and run RootRepeal.exe
Click the Report tab at the bottom and then the Scan button.
A box will pop up, check the boxes beside Drivers, Files, Processes SSDT and click OK.
Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
The scan will take a little while to run, so let it go unhindered.
Once it is done, click the "Save Report" button, call it RepealScan and save the log to your desktop.
Reconnect to the internet.


Please provide the GMER/Rootrepeal log in your next reply. If you are still having trouble, come back and let me know.

TheSound
2010-07-18, 19:43
hello ,i did as you said and the Gmer scan completed on the first try so didn't need to go into safemode :)



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 12:34:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\awdyafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A8B7DAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A8B7D9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A8B795B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A8B7AF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A8B7DBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- EOF - GMER 1.0.15 ----

JonTom
2010-07-18, 22:10
Hello TheSound

Thank you for the log.

Please work your way through the following steps:


Please download OTM



Please download OTM by OldTimer by clicking here. (http://oldtimer.geekstogo.com/OTM.exe)
Save the file (called OTM.exe) to your desktop.
Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):




:Processes
explorer.exe

:Files
c:\docume~1\valued~1\locals~1\temp\logon.exe
c:\windows\system32\SET62.tmp

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogon"=-

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Start Explorer]
[Reboot]






Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please perform the following scan:


Please download MalwareBytes AntiMalware by clicking here (http://www.besttechie.net/tools/mbam-setup.exe) and save the file (called mbam-setup.exe) to your desktop.

Double click on the mbam-setup.exe icon to install the program.
Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.


Please post the OTM log and the MBAM log in your next reply.

TheSound
2010-07-19, 03:01
hey, we seem to be moving along pretty fast here haha.ran OTM and it worked fine.same with MBAM, it had no infections.The pop up screen didn't pop up when i rebooted so that's a good sign.

here are the logs you requested.

OTM log


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\docume~1\valued~1\locals~1\temp\logon.exe moved successfully.
c:\windows\system32\SET62.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 646307 bytes

User: valued Client
->Temp folder emptied: 3276583 bytes
->Temporary Internet Files folder emptied: 110784685 bytes
->Java cache emptied: 8172999 bytes
->FireFox cache emptied: 94201870 bytes
->Flash cache emptied: 105988 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2190207 bytes
%systemroot%\System32 .tmp files removed: 50264404 bytes
%systemroot%\System32\dllcache .tmp files removed: 320000 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164793 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 258.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 07182010_190556

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/18/2010 7:48:44 PM
mbam-log-2010-07-18 (19-48-44).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 178184
Time elapsed: 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

JonTom
2010-07-19, 09:34
Hello TheSound

Thank you for the logs.


The pop up screen didn't pop up when i rebooted so that's a good sign. Thats great news. Time to look for any leftovers with an online scan.

Please do the following:


Please update your Java


To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
In the window that opens, click on the "Update" tab, and then on "Update Now".
Your Java should begin to update. Please follow any prompts that you receive.



Please perform the following scan:


This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.


It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
DO NOT surf the net while your resident protection is disabled!
Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.


Please perform a Kaspersky Online Scan of your computer by clicking here (http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1240137288999) or here (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html).


Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run (at times it may appear to stall).
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

Once the scan is complete, click on View scan report. To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
If you need help performing the above steps, an animated tutorial can be found here. (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)


Please post the Kaspersky Online Scan log and a fresh DDS log in your next reply.

TheSound
2010-07-19, 22:13
hey buddy,I finished the kaspersky scan, only took about an hour and it came up with 1 threat.


logz▼

kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 19, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 19, 2010 08:34:33
Records in database: 4229589
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 49774
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 00:59:55


File name / Threat / Threats count
C:\_OTM\MovedFiles\07182010_190556\c_docume~1\valued~1\locals~1\temp\logon.exe Infected: Trojan.Win32.Jorik.Lolbot.at 1

Selected area has been scanned.




DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by valued Client at 14:57:57.67 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1265 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\valued Client\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\valued client\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261049201656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276130126171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\oure6ez9.default\
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\valued client\application data\mozilla\firefox\profiles\oure6ez9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-9 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-9 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-6-9 98984]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-6-13 18560]

=============== Created Last 30 ================

2010-07-18 23:13:39 0 d-----w- c:\docume~1\valued~1\applic~1\Malwarebytes
2010-07-18 23:13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 23:13:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-18 23:13:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 23:13:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 23:05:56 0 d-----w- C:\_OTM
2010-07-16 22:41:35 0 d-----w- c:\docume~1\valued~1\applic~1\.minecraft
2010-07-14 03:30:08 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 23:48:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 23:28:15 0 d-----w- c:\windows\pss
2010-07-04 03:09:20 94208 ----a-w- c:\windows\amcap.exe
2010-07-04 03:09:20 20480 ----a-w- c:\windows\FixCamera.exe
2010-06-29 06:23:53 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 03:47:33 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-28 03:47:33 77824 ----a-w- c:\windows\system32\xvid.ax
2010-06-28 03:47:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-28 03:47:33 0 d-----w- c:\program files\Xvid
2010-06-25 19:37:37 0 d-----w- c:\program files\DVDVideoSoft
2010-06-25 19:37:37 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-06-24 04:37:44 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 04:37:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-23 04:42:06 0 d-----w- c:\documents and settings\valued client\dwhelper
2010-06-22 19:24:11 0 d-----w- c:\program files\Kreatives.org
2010-06-22 19:23:23 0 d-----w- c:\docume~1\valued~1\applic~1\GetRightToGo
2010-06-21 05:44:46 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1104db41b910.mof
2010-06-21 05:40:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-21 05:32:50 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-21 05:32:14 0 d-----w- c:\windows\SHELLNEW

==================== Find3M ====================

2010-06-09 23:33:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2006-06-25 06:48:54 32768 -c--a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 14:58:32.53 ===============




attach log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2010 4:48:01 PM
System Uptime: 7/18/2010 7:56:44 PM (19 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5G41-M LE
Processor: Intel Pentium II processor | LGA775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 425.256 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 75.859 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/9/2010 4:48:04 PM - System Checkpoint
RP2: 6/9/2010 4:49:58 PM - Software Distribution Service 3.0
RP3: 6/9/2010 4:59:38 PM - Software Distribution Service 3.0
RP4: 6/9/2010 5:32:53 PM - Installed Windows XP WgaNotify.
RP5: 6/9/2010 7:15:06 PM - avast! Free Antivirus Setup
RP6: 6/9/2010 7:33:23 PM - Installed Java(TM) 6 Update 20
RP7: 6/9/2010 7:43:19 PM - Installed Windows KB954550-v5.
RP8: 6/9/2010 7:43:24 PM - Printer Driver Microsoft XPS Document Writer Installed
RP9: 6/9/2010 7:43:30 PM - Printer Driver Microsoft XPS Document Writer Installed
RP10: 6/9/2010 7:49:23 PM - Software Distribution Service 3.0
RP11: 6/9/2010 7:53:33 PM - Installed Engine Installer
RP12: 6/9/2010 7:53:43 PM - Installed NOMAD Explorer
RP13: 6/9/2010 7:54:03 PM - Installed Creative System Information
RP14: 6/9/2010 7:54:09 PM - Installed Creative Zen Touch
RP15: 6/9/2010 7:56:03 PM - Installed Engine Installer
RP16: 6/9/2010 7:56:23 PM - Installed Common Audio Driver Interface
RP17: 6/9/2010 7:56:32 PM - Installed Creative MediaSource
RP18: 6/9/2010 7:56:54 PM - Installed Creative MediaSource Detector
RP19: 6/9/2010 7:57:03 PM - Installed Creative MediaSource CD-ROM Burner Plugin
RP20: 6/9/2010 7:57:13 PM - Installed Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
RP21: 6/9/2010 7:57:23 PM - Installed Creative MediaSource AudioSync Plugin
RP22: 6/9/2010 7:57:31 PM - Installed Creative MediaSource NOMAD MuVo Plugin
RP23: 6/9/2010 7:57:40 PM - Installed Creative MediaSource Player Skin Pack
RP24: 6/9/2010 7:57:49 PM - Installed Creative MediaSource
RP25: 6/9/2010 8:12:45 PM - Installed Adobe Reader 9.3.
RP26: 6/9/2010 8:47:06 PM - Software Distribution Service 3.0
RP27: 6/9/2010 9:00:12 PM - Software Distribution Service 3.0
RP28: 6/9/2010 9:01:54 PM - Software Distribution Service 3.0
RP29: 6/10/2010 9:49:06 PM - System Checkpoint
RP30: 6/11/2010 1:36:30 PM - Installed Video Power
RP31: 6/12/2010 2:09:40 PM - System Checkpoint
RP32: 6/13/2010 3:33:51 PM - System Checkpoint
RP33: 6/14/2010 4:04:46 PM - System Checkpoint
RP34: 6/15/2010 12:16:59 AM - Installed QuickTime
RP35: 6/16/2010 7:47:16 AM - System Checkpoint
RP36: 6/17/2010 7:49:16 AM - System Checkpoint
RP37: 6/18/2010 8:32:50 AM - System Checkpoint
RP38: 6/18/2010 12:25:42 PM - Installed CCS64 V3.8
RP39: 6/19/2010 1:16:30 PM - System Checkpoint
RP40: 6/20/2010 4:00:23 PM - System Checkpoint
RP41: 6/21/2010 1:31:17 AM - Installed Microsoft Office Enterprise 2007
RP42: 6/21/2010 1:40:39 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP43: 6/21/2010 1:57:28 AM - Software Distribution Service 3.0
RP44: 6/21/2010 2:13:37 AM - Software Distribution Service 3.0
RP45: 6/21/2010 11:00:28 AM - Software Distribution Service 3.0
RP46: 6/22/2010 11:39:24 AM - System Checkpoint
RP47: 6/22/2010 7:14:16 PM - Software Distribution Service 3.0
RP48: 6/23/2010 8:24:06 PM - System Checkpoint
RP49: 6/24/2010 9:22:48 PM - System Checkpoint
RP50: 6/25/2010 9:37:48 PM - System Checkpoint
RP51: 6/26/2010 10:18:03 PM - System Checkpoint
RP52: 6/27/2010 10:44:19 PM - System Checkpoint
RP53: 6/28/2010 11:07:29 PM - System Checkpoint
RP54: 6/30/2010 8:04:36 AM - System Checkpoint
RP55: 7/1/2010 8:20:07 AM - System Checkpoint
RP56: 7/2/2010 8:26:40 AM - System Checkpoint
RP57: 7/3/2010 9:05:53 PM - System Checkpoint
RP58: 7/3/2010 11:08:03 PM - Removed Video Power
RP59: 7/3/2010 11:09:11 PM - Installed USB PC Camera-168
RP60: 7/3/2010 11:09:42 PM - Installed Video Power
RP61: 7/4/2010 11:19:59 PM - System Checkpoint
RP62: 7/6/2010 12:41:11 AM - System Checkpoint
RP63: 7/7/2010 1:44:00 AM - System Checkpoint
RP64: 7/8/2010 1:53:53 AM - System Checkpoint
RP65: 7/9/2010 7:36:35 AM - System Checkpoint
RP66: 7/9/2010 6:31:31 PM - Removed USB PC Camera-168
RP67: 7/9/2010 6:31:58 PM - Removed Video Power
RP68: 7/10/2010 6:38:06 PM - System Checkpoint
RP69: 7/11/2010 7:01:16 PM - System Checkpoint
RP70: 7/12/2010 9:45:30 PM - System Checkpoint
RP71: 7/13/2010 10:41:37 PM - System Checkpoint
RP72: 7/14/2010 3:00:20 AM - Software Distribution Service 3.0
RP73: 7/15/2010 3:49:12 AM - System Checkpoint
RP74: 7/16/2010 4:47:15 AM - System Checkpoint
RP75: 7/17/2010 7:26:37 AM - System Checkpoint
RP76: 7/18/2010 9:20:00 AM - System Checkpoint
RP77: 7/19/2010 10:01:29 AM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
avast! Free Antivirus
BestPractice (remove only)
Creative Jukebox Driver
Creative MediaSource
Creative System Information
Creative Zen Touch
DVDVideoSoftTB Toolbar
ERUNT 1.1j
Free 3D Photo Maker version 2.0
Free Studio version 4.8
Free Video to Sony PSP Converter version 2.0
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 20
KRISTAL Audio Engine
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Lexmark 5600-6600 Series
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG Power Tools
Line 6 Uninstaller
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
MSN
MSVCRT
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Spybot - Search & Destroy
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vyzex Pocket POD 1.17
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The lxduCATSCustConnectService service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The lxdu_device service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 7:05:57 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
7/17/2010 10:12:52 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 892c500c.
7/17/2010 10:12:47 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 87cd600c.
7/17/2010 10:10:28 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 8808000c.
7/16/2010 1:00:35 PM, error: Print [6161] - The document Microsoft Word - John Kyrkos owned by valued Client failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 31696. Number of bytes printed: 31696. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\NONE-7CD5C6DF47. Win32 error code returned by the print processor: 0 (0x0).
7/14/2010 2:30:08 PM, error: Print [6161] - The document Microsoft Word - John Kyrkos owned by valued Client failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 29212. Number of bytes printed: 29212. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\NONE-7CD5C6DF47. Win32 error code returned by the print processor: 0 (0x0).
7/13/2010 1:46:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.
7/13/2010 1:46:46 PM, error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

JonTom
2010-07-20, 01:38
Hello TheSound

Thank you for the log.


it came up with 1 threat That file was the one we removed with OTM. It will be taken care of when OTM is uninstalled.

Your logs appear to be clean! Good job :bigthumb:

We only have a few things left to take care of:


Please perform the following cleanup procedure



Double click on the OTM.exe icon on your desktop to run the program. (Note: If you are running Vista, right-click on the file and choose Run As Administrator).
Once OTM has opened, click on the "CleanUp!" button.
Follow any prompts that you receive.



Please update your Java


To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
In the window that opens, click on the "Update" tab, and then on "Update Now".
Your Java should begin to update. Please follow any prompts that you receive.



Your Adobe is out of date


You can obtain the latest version of Adobe Reader from here (http://get.adobe.com/uk/reader/), and the latest version of Flash Player from here. (http://www.adobe.com/products/flashplayer/)
For more information and links to Adobe updates and downloads click here. (http://www.adobe.com/downloads/)



Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.



Finally, please take the time to read through the information provided below:

Enhance your System Security

For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.

Web Browsers and Browser Security

Firefox

Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here. (http://www.mozilla.com/en-US/firefox/)


No-Script

If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)


Internet Explorer

The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)


SpywareBlaster

If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)

Web of Trust

When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)


Keep your Software Updated

Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)


Passwords

Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)


General Reading

How did I get infected in the first place? (http://www.spywareinfoforum.com/index.php?showtopic=60955)

PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)

How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


Learn How To Combat Malware

Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)

TheSound
2010-07-20, 21:24
THANK you very much for helping me out JonTom, i really appreciate it. I got everything up to date.got a quick question for ya,i have avast as my anti-virus program, it has a web shield in the program too. do i still need a firewall program like comodo firewall or is it fine with out it?


:thanks::bigthumb:

JonTom
2010-07-20, 22:51
Hello TheSound


do i still need a firewall program like comodo firewall or is it fine with out it? Good question. From what I have read, I think that you may still need both.

The Web Shield and Firewall provided by Avast are described as follows:


Web Shield
Scans all visited web pages and checks all files, pages and java scripts downloaded from the internet. Thanks to the Intelligent Stream Scan feature, the Web shield doesn't slow down your web browsing.


Silent Firewall
The firewall enables you to control incoming and outgoing traffic from your computer. Protection is based on heuristic and behavioral analysis, and a white list of known safe applications. There are three network settings which can be changed depending on the type of connection.


If you look at the Avast! Internet Security page here:

http://www.avast.com/internet-security

It mentions that the Internet Security package it provides has the Web Shield and a firewall, which makes me suspect that the web shield alone does not replace a stand alone firewall (and it certainly sounds that way from the above descriptions). For this reason, as you only have the AV, I believe it is better to go with a third party firewall (like Commodo) along side the web shield.



THANK you very much for helping me out JonTom, i really appreciate it. You are Very Welcome TheSound. Glad we could help :)

Best wishes
JonTom

TheSound
2010-07-21, 03:07
alright i'll install comodo then.


i guess we're done here, you seem to have fixed the problem.

again thanks for the help, bye :)

JonTom
2010-07-21, 09:37
Since this problem appears to be resolved this topic is now closed.

Glad we could help :)

If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).

Everyone else please start a new topic.


Best wishes
JonTom