Hi Blade! Thanks for the response and your advise.
FYI: Between the HiJackThis execution and log posted the other day and now, AdAware has been executed, and a Win32Trojan.Tdss (Malware) has been removed. [Files: C:\WINDOWS\system32\odrkrjmeokwtsivt.dll and opnvyunykfvpysmj.dll] NOD32 Still reports that it is finding "Operating memory - Win32/Olmarik trojan - unable to clean".
Now back to the requested information:
Here below is DDS.txt, and attached is Attach.zip (Zipped version of Attach.txt) as requested. I also downloaded GMER, as bfwgfo4y.exe. The results of the execution is at the end of this post.
I've read the FAQ and tried my best to follow the guidelines supplied - all very clear and reasonable.
Thanks guys for the great work and service you are providing.
/Peter
DDS (Ver_09-09-29.01) - NTFSx86
Run by Peter at 18:14:04,07 on 2009-10-10
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1022.194 [GMT 2:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\PROGRAM\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Free Download Manager\fdm.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program\Apple Software Update\SoftwareUpdate.exe
C:\Program\emacs-21.3\bin\emacs.exe
C:\Documents and Settings\Peter\Skrivbord\Downloaded\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.euro.dell.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9a157c2d-a9da-4ef1-a759-d824a4812667} - c:\windows\system32\zaregabi.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program\free download manager\iefdmcks.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program\google\google gears\internet explorer\0.5.4.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Free Download Manager] c:\program\free download manager\fdm.exe -autorun
uRun: [MsnMsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [ptidle] "c:\documents and settings\peter\application data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [g[Hn7gQky] c:\documents and settings\peter\application data\microsoft\windows\cvkkoaj.exe
uRun: [SpybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] c:\program\ati technologies\ati control panel\ATIPTAXX.EXE
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DMXLauncher] c:\program\dell\media experience\DMXLauncher.exe
mRun: [pdfSaver3]
mRun: [VaCtrl] c:\program\voiceage\common\VaCtrl.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [StartCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all with Free Download Manager - file://c:\program\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program\google\google gears\internet explorer\0.5.4.0\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\polarudu.dll c:\progra~1\thunmail\testabd.dll c:\windows\system32\miliyepa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 setuid
LSA: Notification Packages = scecli c:\windows\system32\polarudu.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\peter\applic~1\mozilla\firefox\profiles\fvazp8ky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program\mozilla firefox\components\dfff.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{15964B87-5FBE-4E16-AF1B-54E3C5B554C7}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{6304F630-C28D-40A9-A654-9F3413A0A848}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{77322F9F-BF99-4673-B68B-E644CE969734}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{7CCD23DD-89BF-422C-9633-6DA4B41056A2}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{84338D93-3760-4A87-A403-C70FF9C05B57}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{A2949525-3453-4128-8AE3-7372243A4643}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{A5C09217-5258-4D2C-B92A-FB822ABF08A4}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{C31C77BD-4D5C-4AAB-8105-19FF8EA247CF}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{C83C9375-06E3-4E3A-9466-001C9AF18294}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{DCEE8A2C-532E-4898-9B4B-8D6D7F8179E2}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{DE98CC08-268C-41FC-B9FE-31ACE687D827}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{E72EAD31-F3F1-404A-ACCB-EE2489167C86}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{EE12C842-6538-4BDA-8F50-9EBE2ECA881F}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{F65F1F29-316D-43D5-8168-A7C1405584B9}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program\mozilla firefox\extensions\{FAA789E6-6531-4153-834F-B9E6320CBD37}
---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-8 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 eati1ttx;eati1ttx;\??\c:\docume~1\victor\lokala~1\temp\eati1ttx.sys --> c:\docume~1\victor\lokala~1\temp\eati1ttx.sys [?]
S3 gnwlnknb;gnwlnknb;\??\c:\docume~1\victor\lokala~1\temp\gnwlnknb.sys --> c:\docume~1\victor\lokala~1\temp\gnwlnknb.sys [?]
S3 o1394bul;o1394bul;\??\c:\docume~1\victor\lokala~1\temp\o1394bul.sys --> c:\docume~1\victor\lokala~1\temp\o1394bul.sys [?]
S3 xintelpp;xintelpp;\??\c:\docume~1\victor\lokala~1\temp\xintelpp.sys --> c:\docume~1\victor\lokala~1\temp\xintelpp.sys [?]
=============== Created Last 30 ================
2009-10-10 18:10 256 a---h--- C:\aaw7boot.cmd
2009-10-10 00:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-10 00:04 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-08 12:30 <DIR> --d----- c:\program\Safer Networking
2009-10-08 10:30 <DIR> --d----- c:\program\Squeak3.8-current-win-full
2009-10-08 10:15 <DIR> --d----- c:\program\Spybot - Search & Destroy
2009-10-08 09:44 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-08 09:15 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-08 09:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-08 01:09 <DIR> --d----- c:\program\ESET
==================== Find3M ====================
2009-10-08 01:26 115 a------- C:\xcrashdump.dat
2008-01-05 18:50 5,947 a------- c:\program\INSTALL.LOG
2007-02-02 11:58 57,016 a------- c:\program\data1.hdr
2007-02-02 11:51 1,036,390,187 a------- c:\program\data2.cab
2007-02-02 11:51 450,560 a------- c:\program\setup.exe
2007-02-02 11:51 517 a------- c:\program\layout.bin
2007-02-02 11:48 67,332,864 a------- c:\program\data1.cab
2007-02-02 11:48 552,214 a------- c:\program\ISSetup.dll
2007-02-02 11:48 490 a------- c:\program\setup.ini
2007-01-23 17:03 317,248 a----r-- c:\program\dxwebsetup.exe
2007-01-23 17:02 44 a----r-- c:\program\autorun.inf
2006-08-07 10:09 164,784 a------- c:\program\_Setup.dll
2003-12-18 11:33 20,102 a------- c:\program\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program\EULA.txt
2008-09-12 08:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008091220080913\index.dat
============= FINISH: 18:14:39,10 ===============
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-10 18:34:31
Windows 5.1.2600 Service Pack 3
Running: bfwgfo4y.exe; Driver: C:\DOCUME~1\Peter\LOKALA~1\Temp\fxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT 8675BCB0 ZwOpenProcess
SSDT 8675C0D0 ZwOpenThread
SSDT 8675C6D0 ZwSuspendProcess
SSDT 8675C4F0 ZwSuspendThread
SSDT 8675BEE0 ZwTerminateProcess
SSDT 8675C310 ZwTerminateThread
Code 86E8B7D8 ZwEnumerateKey
Code 86EB8390 ZwFlushInstructionCache
Code 86EA214E IofCallDriver
Code 86DBC056 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86EA2153
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86DBC05B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86EB8394
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86E8B7DC
---- User code sections - GMER 1.0.15 ----
.text C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe[1820] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
---- Threads - GMER 1.0.15 ----
Thread System [4:344] 8675A930
---- EOF - GMER 1.0.15 ----