Active Recycler malware?

Trevor · 2009/02/06

[Active] Recycler malware?

Greetings,

A few days ago my PC was infected with some sort of virus/malware. It keeps inserting Vimax ads onto my webpages. It will not allow my spybot search and destroy and other virus detection/prevention utilites to run. Does anyone know what this is and how I can remove it from my machine?

PeteC · 2009/02/07

Welcome to WindowsBBS

Please read this and post the logs requested in this thread.

Trevor · 2009/02/07

Greetings Pete!

Thank you for replying to my post. I appreciate you giving up some of your valuable time to help others like me. Anyway, here are the logs you requested:
DDS (Ver_09-02-01.01) - NTFSx86
Run by Trevor at 8:14:10.89 on Sat 02/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.150 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PGPserv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\S4F\filter7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Trevor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL =
uSearch Bar =
uWindow Title =
mStart Page = hxxp://www.msn.com
mSearch Page = hxxp://www.google.com
mWindow Title =
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe "
mRun: [S4F] "c:\program files\s4f\Filter7.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system\wins4f.dll
Trusted Zone: musicmatch.com\online
DPF: AuthenticBrowserEdition - hxxps://orders.fiservls.com/Komodo/common/forms/cab/AuthenticBrowserEdition.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1091971963156
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} - hxxp://www.pvplus.com/citrix/UniPrint.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120592159781
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T26L10NSP49EP8/webex/ieatgpc.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {9F025046-0B5B-4E23-AFE1-8FBDE5998597} = 85.255.112.39,85.255.112.40
TCP: {C8D5F697-5B2E-4401-8806-D7F1F74F5F12} = 85.255.112.39,85.255.112.40
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-8-18 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2004-8-18 26624]

=============== Created Last 30 ================

2009-02-07 00:42 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 00:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 00:28 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 00:27 <DIR> --d----- c:\program files\Lavasoft
2009-02-07 00:26 34,543,112 a------- C:\Ad-AwareAE.exe
2009-02-06 23:35 <DIR> --d----- c:\documents and settings\trevor\.housecall6.6
2009-02-06 15:40 676,688 a------- C:\symantec setup.exe
2009-02-06 10:19 23 a------- C:\pvp001.sys
2009-02-03 17:13 <DIR> --d----- c:\program files\CCleaner
2009-02-03 13:12 16,409,960 a------- C:\spybotsd162.exe
2009-02-03 09:35 <DIR> --d----- c:\program files\uTorrent
2009-02-03 08:46 382 ---shr-- C:\autorun.inf
2009-01-30 08:47 <DIR> --d----- c:\program files\LimeWire
2009-01-20 17:31 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2009-01-19 09:59 <DIR> --d----- c:\docume~1\trevor\applic~1\uTorrent
2009-01-12 17:05 274,432 a------- c:\windows\system\Filter7.dll
2009-01-12 17:05 53,248 a------- c:\windows\system\wins4f.dll
2009-01-12 17:05 9,488 a------- c:\windows\system\sporder.dll
2009-01-09 14:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-09 13:14 133,120 a------- c:\windows\system32\gvpefccm.dll
2009-01-09 13:13 1,248,459 ---sh--- c:\windows\system32\txdwsecw.ini
2009-01-09 13:13 90,624 a------- c:\windows\system32\wceswdxt.dll
2009-01-09 13:08 40,256 a------- c:\windows\system32\drivers\seneka.sys
2009-01-09 12:44 525,104 a------- C:\setup.exe
2009-01-08 13:04 139,264 a------- c:\windows\system32\bbiauens.dll
2009-01-08 13:04 1,250,178 ---sh--- c:\windows\system32\bvlofemv.ini
2009-01-08 12:51 14,336 a------- c:\windows\system32\senekavygxbepf.dll
2009-01-08 11:56 139,264 a------- c:\windows\system32\oqanfept.dll
2009-01-08 11:53 1,250,178 ---sh--- c:\windows\system32\dloodcrm.ini
2009-01-08 11:53 90,624 a------- c:\windows\system32\mrcdoold.dll

==================== Find3M ====================

2009-01-09 15:25 722,284 a--sh--- c:\windows\system32\KjlSrtwa.ini2
2009-01-09 14:30 58,961 a------- c:\windows\system32\senekalog.dat
2009-01-07 11:55 129,536 a------- c:\windows\system32\uvrbxxbf.dll
2009-01-07 11:49 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-06 09:16 86,528 a------- c:\windows\system32\yvkesqnm.dll
2009-01-06 09:14 137,728 a------- c:\windows\system32\dcyuosne.dll
2009-01-06 08:16 50,176 a------- c:\windows\system32\pmnoNDVL.dll
2009-01-06 08:10 50,176 a------- c:\windows\system32\yaywustQ.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\qdklhwsq.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\dzqydy.dll
2009-01-06 08:01 114,688 a------- c:\windows\system32\prunnet.exe
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-09-23 15:57 560 a------- c:\docume~1\trevor\applic~1\ViewerApp.dat
2006-09-26 06:08 173,792 a------- c:\program files\wks7dll.exe
2005-03-23 15:20 13,824 a------- c:\documents and settings\trevor\atwbxdet.dll
2005-02-19 16:27 198,656 ac------ c:\program files\CFMCInt.doc
2005-02-01 10:08 2,084,888 ac------ c:\program files\reglite.exe
2005-01-17 10:58 402,564 ac------ c:\program files\bhblastersetup.exe
2004-10-23 14:41 35,121,138 a------- c:\program files\NIS_Retail.EXE
2004-10-11 08:18 2,000,600 a------- c:\program files\filterpakwin762.exe
2004-08-18 08:38 8,312,851 ac------ c:\program files\PGP810-PF-W.zip
2004-08-08 07:49 4,354,084 a------- c:\program files\spybotsd13.exe
2004-08-03 19:48 488,032 ac------ c:\program files\PopUpStopperFree.exe
2004-07-28 07:27 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-07-28 07:23 6,811,656 ac------ c:\program files\psa201se_us.exe
2004-03-19 16:43 94,784 -c-sh--- c:\windows\TWAIN.DLL
2008-04-13 18:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 18:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 18:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 18:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 18:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 18:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 8:14:31.34 ===============

DDS (Ver_09-02-01.01) - NTFSx86
Run by Trevor at 8:14:10.89 on Sat 02/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.150 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PGPserv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\S4F\filter7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Trevor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL =
uSearch Bar =
uWindow Title =
mStart Page = hxxp://www.msn.com
mSearch Page = hxxp://www.google.com
mWindow Title =
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe "
mRun: [S4F] "c:\program files\s4f\Filter7.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system\wins4f.dll
Trusted Zone: musicmatch.com\online
DPF: AuthenticBrowserEdition - hxxps://orders.fiservls.com/Komodo/common/forms/cab/AuthenticBrowserEdition.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1091971963156
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} - hxxp://www.pvplus.com/citrix/UniPrint.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120592159781
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T26L10NSP49EP8/webex/ieatgpc.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {9F025046-0B5B-4E23-AFE1-8FBDE5998597} = 85.255.112.39,85.255.112.40
TCP: {C8D5F697-5B2E-4401-8806-D7F1F74F5F12} = 85.255.112.39,85.255.112.40
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-8-18 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2004-8-18 26624]

=============== Created Last 30 ================

2009-02-07 00:42 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 00:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 00:28 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 00:27 <DIR> --d----- c:\program files\Lavasoft
2009-02-07 00:26 34,543,112 a------- C:\Ad-AwareAE.exe
2009-02-06 23:35 <DIR> --d----- c:\documents and settings\trevor\.housecall6.6
2009-02-06 15:40 676,688 a------- C:\symantec setup.exe
2009-02-06 10:19 23 a------- C:\pvp001.sys
2009-02-03 17:13 <DIR> --d----- c:\program files\CCleaner
2009-02-03 13:12 16,409,960 a------- C:\spybotsd162.exe
2009-02-03 09:35 <DIR> --d----- c:\program files\uTorrent
2009-02-03 08:46 382 ---shr-- C:\autorun.inf
2009-01-30 08:47 <DIR> --d----- c:\program files\LimeWire
2009-01-20 17:31 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2009-01-19 09:59 <DIR> --d----- c:\docume~1\trevor\applic~1\uTorrent
2009-01-12 17:05 274,432 a------- c:\windows\system\Filter7.dll
2009-01-12 17:05 53,248 a------- c:\windows\system\wins4f.dll
2009-01-12 17:05 9,488 a------- c:\windows\system\sporder.dll
2009-01-09 14:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-09 13:14 133,120 a------- c:\windows\system32\gvpefccm.dll
2009-01-09 13:13 1,248,459 ---sh--- c:\windows\system32\txdwsecw.ini
2009-01-09 13:13 90,624 a------- c:\windows\system32\wceswdxt.dll
2009-01-09 13:08 40,256 a------- c:\windows\system32\drivers\seneka.sys
2009-01-09 12:44 525,104 a------- C:\setup.exe
2009-01-08 13:04 139,264 a------- c:\windows\system32\bbiauens.dll
2009-01-08 13:04 1,250,178 ---sh--- c:\windows\system32\bvlofemv.ini
2009-01-08 12:51 14,336 a------- c:\windows\system32\senekavygxbepf.dll
2009-01-08 11:56 139,264 a------- c:\windows\system32\oqanfept.dll
2009-01-08 11:53 1,250,178 ---sh--- c:\windows\system32\dloodcrm.ini
2009-01-08 11:53 90,624 a------- c:\windows\system32\mrcdoold.dll

==================== Find3M ====================

2009-01-09 15:25 722,284 a--sh--- c:\windows\system32\KjlSrtwa.ini2
2009-01-09 14:30 58,961 a------- c:\windows\system32\senekalog.dat
2009-01-07 11:55 129,536 a------- c:\windows\system32\uvrbxxbf.dll
2009-01-07 11:49 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-06 09:16 86,528 a------- c:\windows\system32\yvkesqnm.dll
2009-01-06 09:14 137,728 a------- c:\windows\system32\dcyuosne.dll
2009-01-06 08:16 50,176 a------- c:\windows\system32\pmnoNDVL.dll
2009-01-06 08:10 50,176 a------- c:\windows\system32\yaywustQ.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\qdklhwsq.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\dzqydy.dll
2009-01-06 08:01 114,688 a------- c:\windows\system32\prunnet.exe
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-09-23 15:57 560 a------- c:\docume~1\trevor\applic~1\ViewerApp.dat
2006-09-26 06:08 173,792 a------- c:\program files\wks7dll.exe
2005-03-23 15:20 13,824 a------- c:\documents and settings\trevor\atwbxdet.dll
2005-02-19 16:27 198,656 ac------ c:\program files\CFMCInt.doc
2005-02-01 10:08 2,084,888 ac------ c:\program files\reglite.exe
2005-01-17 10:58 402,564 ac------ c:\program files\bhblastersetup.exe
2004-10-23 14:41 35,121,138 a------- c:\program files\NIS_Retail.EXE
2004-10-11 08:18 2,000,600 a------- c:\program files\filterpakwin762.exe
2004-08-18 08:38 8,312,851 ac------ c:\program files\PGP810-PF-W.zip
2004-08-08 07:49 4,354,084 a------- c:\program files\spybotsd13.exe
2004-08-03 19:48 488,032 ac------ c:\program files\PopUpStopperFree.exe
2004-07-28 07:27 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-07-28 07:23 6,811,656 ac------ c:\program files\psa201se_us.exe
2004-03-19 16:43 94,784 -c-sh--- c:\windows\TWAIN.DLL
2008-04-13 18:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 18:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 18:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 18:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 18:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 18:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 8:14:31.34 ===============

DDS (Ver_09-02-01.01) - NTFSx86
Run by Trevor at 8:14:10.89 on Sat 02/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.150 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PGPserv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\S4F\filter7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Trevor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL =
uSearch Bar =
uWindow Title =
mStart Page = hxxp://www.msn.com
mSearch Page = hxxp://www.google.com
mWindow Title =
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe "
mRun: [S4F] "c:\program files\s4f\Filter7.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system\wins4f.dll
Trusted Zone: musicmatch.com\online
DPF: AuthenticBrowserEdition - hxxps://orders.fiservls.com/Komodo/common/forms/cab/AuthenticBrowserEdition.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1091971963156
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} - hxxp://www.pvplus.com/citrix/UniPrint.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120592159781
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T26L10NSP49EP8/webex/ieatgpc.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.mainstreetval.com/ImageUploader4.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {9F025046-0B5B-4E23-AFE1-8FBDE5998597} = 85.255.112.39,85.255.112.40
TCP: {C8D5F697-5B2E-4401-8806-D7F1F74F5F12} = 85.255.112.39,85.255.112.40
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-8-18 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2004-8-18 26624]

=============== Created Last 30 ================

2009-02-07 00:42 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 00:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 00:28 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 00:27 <DIR> --d----- c:\program files\Lavasoft
2009-02-07 00:26 34,543,112 a------- C:\Ad-AwareAE.exe
2009-02-06 23:35 <DIR> --d----- c:\documents and settings\trevor\.housecall6.6
2009-02-06 15:40 676,688 a------- C:\symantec setup.exe
2009-02-06 10:19 23 a------- C:\pvp001.sys
2009-02-03 17:13 <DIR> --d----- c:\program files\CCleaner
2009-02-03 13:12 16,409,960 a------- C:\spybotsd162.exe
2009-02-03 09:35 <DIR> --d----- c:\program files\uTorrent
2009-02-03 08:46 382 ---shr-- C:\autorun.inf
2009-01-30 08:47 <DIR> --d----- c:\program files\LimeWire
2009-01-20 17:31 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2009-01-19 09:59 <DIR> --d----- c:\docume~1\trevor\applic~1\uTorrent
2009-01-12 17:05 274,432 a------- c:\windows\system\Filter7.dll
2009-01-12 17:05 53,248 a------- c:\windows\system\wins4f.dll
2009-01-12 17:05 9,488 a------- c:\windows\system\sporder.dll
2009-01-09 14:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-09 13:14 133,120 a------- c:\windows\system32\gvpefccm.dll
2009-01-09 13:13 1,248,459 ---sh--- c:\windows\system32\txdwsecw.ini
2009-01-09 13:13 90,624 a------- c:\windows\system32\wceswdxt.dll
2009-01-09 13:08 40,256 a------- c:\windows\system32\drivers\seneka.sys
2009-01-09 12:44 525,104 a------- C:\setup.exe
2009-01-08 13:04 139,264 a------- c:\windows\system32\bbiauens.dll
2009-01-08 13:04 1,250,178 ---sh--- c:\windows\system32\bvlofemv.ini
2009-01-08 12:51 14,336 a------- c:\windows\system32\senekavygxbepf.dll
2009-01-08 11:56 139,264 a------- c:\windows\system32\oqanfept.dll
2009-01-08 11:53 1,250,178 ---sh--- c:\windows\system32\dloodcrm.ini
2009-01-08 11:53 90,624 a------- c:\windows\system32\mrcdoold.dll

==================== Find3M ====================

2009-01-09 15:25 722,284 a--sh--- c:\windows\system32\KjlSrtwa.ini2
2009-01-09 14:30 58,961 a------- c:\windows\system32\senekalog.dat
2009-01-07 11:55 129,536 a------- c:\windows\system32\uvrbxxbf.dll
2009-01-07 11:49 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-06 09:16 86,528 a------- c:\windows\system32\yvkesqnm.dll
2009-01-06 09:14 137,728 a------- c:\windows\system32\dcyuosne.dll
2009-01-06 08:16 50,176 a------- c:\windows\system32\pmnoNDVL.dll
2009-01-06 08:10 50,176 a------- c:\windows\system32\yaywustQ.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\qdklhwsq.dll
2009-01-06 08:08 137,728 a------- c:\windows\system32\dzqydy.dll
2009-01-06 08:01 114,688 a------- c:\windows\system32\prunnet.exe
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-09-23 15:57 560 a------- c:\docume~1\trevor\applic~1\ViewerApp.dat
2006-09-26 06:08 173,792 a------- c:\program files\wks7dll.exe
2005-03-23 15:20 13,824 a------- c:\documents and settings\trevor\atwbxdet.dll
2005-02-19 16:27 198,656 ac------ c:\program files\CFMCInt.doc
2005-02-01 10:08 2,084,888 ac------ c:\program files\reglite.exe
2005-01-17 10:58 402,564 ac------ c:\program files\bhblastersetup.exe
2004-10-23 14:41 35,121,138 a------- c:\program files\NIS_Retail.EXE
2004-10-11 08:18 2,000,600 a------- c:\program files\filterpakwin762.exe
2004-08-18 08:38 8,312,851 ac------ c:\program files\PGP810-PF-W.zip
2004-08-08 07:49 4,354,084 a------- c:\program files\spybotsd13.exe
2004-08-03 19:48 488,032 ac------ c:\program files\PopUpStopperFree.exe
2004-07-28 07:27 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-07-28 07:23 6,811,656 ac------ c:\program files\psa201se_us.exe
2004-03-19 16:43 94,784 -c-sh--- c:\windows\TWAIN.DLL
2008-04-13 18:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 18:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 18:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 18:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 18:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 18:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 8:14:31.34 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/27/2004 11:50:06 PM
System Uptime: 2/7/2009 12:45:23 AM (8 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 106.675 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1707: 11/7/2008 4:44:50 AM - System Checkpoint
RP1708: 11/8/2008 5:44:49 AM - System Checkpoint
RP1709: 11/9/2008 6:44:49 AM - System Checkpoint
RP1710: 11/10/2008 7:53:01 AM - System Checkpoint
RP1711: 11/11/2008 7:59:17 AM - System Checkpoint
RP1712: 11/12/2008 1:20:57 PM - System Checkpoint
RP1713: 11/12/2008 4:59:04 PM - Installed FilterPak for Windows
RP1714: 11/13/2008 6:36:56 PM - System Checkpoint
RP1715: 11/14/2008 6:40:57 PM - System Checkpoint
RP1716: 11/15/2008 6:56:53 PM - System Checkpoint
RP1717: 11/16/2008 10:24:07 PM - System Checkpoint
RP1718: 11/17/2008 10:41:00 PM - System Checkpoint
RP1719: 11/18/2008 10:53:33 PM - System Checkpoint
RP1720: 11/19/2008 11:52:33 PM - System Checkpoint
RP1721: 11/21/2008 12:14:40 AM - System Checkpoint
RP1722: 11/22/2008 3:37:24 AM - System Checkpoint
RP1723: 11/23/2008 4:14:40 AM - System Checkpoint
RP1724: 11/24/2008 5:14:38 AM - System Checkpoint
RP1725: 11/25/2008 6:14:35 AM - System Checkpoint
RP1726: 11/26/2008 7:14:35 AM - System Checkpoint
RP1727: 11/26/2008 2:46:44 PM - Installed HP Product Assistant
RP1728: 11/26/2008 2:48:52 PM - Removed HP Software Update
RP1729: 11/27/2008 3:12:24 PM - System Checkpoint
RP1730: 11/28/2008 2:25:20 AM - Spybot-S&D Spyware removal
RP1731: 11/28/2008 9:31:07 AM - Spybot-S&D Spyware removal
RP1732: 11/29/2008 11:21:23 AM - System Checkpoint
RP1733: 11/30/2008 11:30:33 AM - System Checkpoint
RP1734: 12/1/2008 4:59:30 PM - System Checkpoint
RP1735: 12/2/2008 10:29:08 AM - Removed Sonic MyDVD
RP1736: 12/2/2008 10:30:17 AM - Removed Sonic Update Manager
RP1737: 12/3/2008 2:47:07 PM - System Checkpoint
RP1738: 12/4/2008 3:00:44 PM - System Checkpoint
RP1739: 12/5/2008 6:55:19 PM - System Checkpoint
RP1740: 12/6/2008 4:11:03 PM - Installed Sony Picture Utility
RP1741: 12/6/2008 4:11:38 PM - Installed PMBCore
RP1742: 12/6/2008 4:13:32 PM - Installed G3Exporter
RP1743: 12/6/2008 4:14:44 PM - Installed Picture Package Music Transfer
RP1744: 12/6/2008 4:16:15 PM - Installed DirectX
RP1745: 12/7/2008 9:50:15 AM -
RP1746: 12/8/2008 12:33:39 PM - System Checkpoint
RP1747: 12/9/2008 12:49:42 PM - System Checkpoint
RP1748: 12/10/2008 2:10:24 PM - System Checkpoint
RP1749: 12/11/2008 2:34:10 PM - System Checkpoint
RP1750: 12/12/2008 3:19:19 PM - System Checkpoint
RP1751: 12/13/2008 4:11:05 PM - System Checkpoint
RP1752: 12/14/2008 4:27:01 PM - System Checkpoint
RP1753: 12/15/2008 5:13:20 PM - System Checkpoint
RP1754: 12/16/2008 6:35:01 PM - System Checkpoint
RP1755: 12/17/2008 6:48:13 PM - System Checkpoint
RP1756: 12/18/2008 7:48:15 PM - System Checkpoint
RP1757: 12/19/2008 8:47:11 PM - System Checkpoint
RP1758: 12/20/2008 9:48:17 PM - System Checkpoint
RP1759: 12/21/2008 11:22:27 PM - System Checkpoint
RP1760: 12/23/2008 12:06:22 AM - System Checkpoint
RP1761: 12/23/2008 7:45:51 AM - Removed FilterPak for Windows
RP1762: 12/24/2008 3:01:04 AM - Software Distribution Service 3.0
RP1763: 12/25/2008 3:36:15 AM - System Checkpoint
RP1764: 12/26/2008 4:37:18 AM - System Checkpoint
RP1765: 12/27/2008 5:36:14 AM - System Checkpoint
RP1766: 12/28/2008 12:30:53 AM - Removed Sonic MyDVD Studio
RP1767: 12/28/2008 12:32:30 AM - Installed Sonic MyDVD
RP1768: 12/28/2008 4:48:12 PM - Installed FilterPak for Windows
RP1769: 12/29/2008 4:54:09 PM - System Checkpoint
RP1770: 12/30/2008 5:36:33 PM - System Checkpoint
RP1771: 12/31/2008 6:18:02 PM - System Checkpoint
RP1772: 1/1/2009 6:59:24 PM - System Checkpoint
RP1773: 1/2/2009 10:36:51 AM - Shockwave Player
RP1774: 1/2/2009 10:51:16 AM - Shockwave Player
RP1775: 1/3/2009 1:39:30 PM - System Checkpoint
RP1776: 1/4/2009 2:20:30 PM - System Checkpoint
RP1777: 1/5/2009 3:01:52 PM - System Checkpoint
RP1778: 1/6/2009 7:28:11 AM - Removed FilterPak for Windows
RP1779: 1/9/2009 5:23:59 PM - Installed FilterPak for Windows
RP1780: 1/10/2009 6:17:50 PM - System Checkpoint
RP1781: 1/11/2009 7:24:05 PM - System Checkpoint
RP1782: 1/12/2009 7:26:35 AM - Removed FilterPak for Windows
RP1783: 1/12/2009 5:05:05 PM - Installed FilterPak for Windows
RP1784: 1/13/2009 5:10:45 PM - System Checkpoint
RP1785: 1/14/2009 5:52:17 PM - System Checkpoint
RP1786: 1/15/2009 6:11:52 PM - System Checkpoint
RP1787: 1/16/2009 7:00:18 PM - System Checkpoint
RP1788: 1/17/2009 7:33:26 PM - System Checkpoint
RP1789: 1/18/2009 9:31:55 PM - System Checkpoint
RP1790: 1/19/2009 9:33:30 PM - System Checkpoint
RP1791: 1/20/2009 10:48:23 PM - System Checkpoint
RP1792: 1/21/2009 11:56:23 PM - System Checkpoint
RP1793: 1/23/2009 12:32:18 AM - System Checkpoint
RP1794: 1/24/2009 12:44:24 AM - System Checkpoint
RP1795: 1/25/2009 1:12:25 AM - System Checkpoint
RP1796: 1/26/2009 2:12:34 AM - System Checkpoint
RP1797: 1/27/2009 3:12:28 AM - System Checkpoint
RP1798: 1/28/2009 4:12:29 AM - System Checkpoint
RP1799: 1/29/2009 5:12:25 AM - System Checkpoint
RP1800: 1/30/2009 6:12:31 AM - System Checkpoint
RP1801: 1/31/2009 6:50:25 AM - System Checkpoint
RP1802: 2/1/2009 7:48:37 AM - System Checkpoint
RP1803: 2/2/2009 8:08:22 AM - System Checkpoint
RP1804: 2/3/2009 10:03:32 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
6300
6300_Help
6300Trb
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan_CDA
AiOSoftwareNPI
America Online (Choose which version to remove)
Apple Software Update
AutoUpdate
BACS
Banctec Service Agreement
Broadcom Advanced Control Suite
Browser Hijack Recover(BHR) 3.0
BufferChm
CCleaner (remove only)
Citrix ICA Web Client
Compatibility Pack for the 2007 Office system
Compton's Interactive Bible NIV
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
DellSupport
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Dig'nRigs
Digital Line Detect
DocProc
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax_CDA
FilterPak for Windows
First Step Guide
FullDPAppQFolder
GearDrvs
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Document Viewer 6.1
HP Driver Diagnostics
HP Imaging Device Functions 6.1
HP Photo Printing Software
HP Photosmart Premier Software 6.1
HP Product Assistant
HP PSC & OfficeJet 6.1.A
HP Share-to-Web
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
ImageMixer VCD2
InstantShareDevices
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 5.0.11
Macromedia Flash Player
MGI PhotoSuite 8.06 (Remove Only)
MGI VideoWave SE+ (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mr. Potato Head Uninstaller
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
NetWaiting
NewCopy_CDA
Nicktoons Slimeball Multiplayer
PanoStandAlone
PGP 8.1
PhotoGallery
Picture Package
Picture Package Music Transfer
PowerDVD 5.1
PrimoPDF
ProductContextNPI
Qualxserve Service Agreement
QuickTime
RandMap
Readme
RealPlayer
Registrar Lite 2.00
Sansa Media Converter
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SkinsHP1
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sonic_PrimoSDK
Sony Picture Utility
Sony USB Driver
Sponge Bob
SpongeBob Squarepants 3D Obstacle Odyssey
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Status
SupportSoft Assisted Service
Symantec Technical Support Web Controls
The Mystery of Veggie Island
Thomas & Friends - The Great Festival Adventure
Toolbox
TrayApp
Ultra Video Joiner 4.1.0
Uninstall 1.0.0.1
UniPrint Client 3.0
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
ZipForm Desktop

==== Event Viewer Messages From Past Week ========

2/3/2009 6:07:08 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/3/2009 5:54:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/3/2009 5:55:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/3/2009 6:51:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/6/2009 5:43:16 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

==== End Of File ===========================
Thank you again, Pete. I really appreciate you (and all the board contributers)

PeteC · 2009/02/07

Thanks - one of our trained malware analysts will look at your log ASAP - as they are kept extremely busy you must have a little patience All logs are dealt with in the order received.

noahdfear · 2009/02/10

Welcome to WindowsBBS Trevor

You've got a number of infections present, requiring some special cleanup. Before we begin I need to ask a couple of questions.

Are you using a router with your internet connection?
If so, are there other computers accessing through the router?

Trevor · 2009/02/11

I have a standard home DSL account/connection, with a password protected wireless router for my laptop use.

noahdfear · 2009/02/12

We Need to Verify your DNS Configuration

Please download DNSCheck and save it to your desktop

Double click the DNSCheck icon on your desktop.

Follow the on-screen instructions. When done, a log will open, and be saved to the desktop.

Please copy and paste the contents of that log in your next reply.

Trevor · 2009/02/13

Hi Dave,

the DNSCheck link in your thread is not active (I keep getting a 404 error message). Is there another place where I can download it from?

Thanks for all your help.

noahdfear · 2009/02/14

Sorry about that. Just found that the DNSCheck tool was removed from service.

First download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, close it for now.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

If you are connected to a router you will need to stay disconnected until completing all instructions. If there are other computers connected to the router, they will also need to have MBAM installed and updated, then disconnected from the router as well.

You will likely need to reconfigure the router's wireless settings when done using a wired connection.

Disconnect from the router (all computers) then on this computer, disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Close it for now.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Now open MBAM and do a complete system scan.

Make sure that everything found is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Now run MBAM the same way on all other computers.

Next, you will need to reset the router to factory defaults. You will need something small such as a pencil lead to press and hold for at least 10 seconds, the recessed reset button located on the back of the router.

Once the router has been reset and all computers disinfected, reconnect to the router and login to it's control panel.
Change the default password and if able to, the login username.

Now post the contents of the MBAM log and the C:\ComboFix.txt log here.

I would also recommend posting DDS logs and MBAM reports from all other computers connected.

Trevor · 2009/02/19

Sorry it has taken me so long to get back to you....Apparently the malware is on one of my memory sticks. I ran the utilities you suggested and they seemed to be successful. I was going to post the logs last night (02/18). Yesterday, I had to retrieve some pictures from my camera's memory stick. I noticed signs of the malware returning. My computer screen froze. When I rebooted, Windows would not load, and continues to not load. The (windows) loading screen will appear, followed shortly by a blue screen error message. The error reads: STOP:0x00000024 (0x00190203, 0x81EBCEF0, 0xC0000102, 0x00000000).
I have tried starting in safe mode, last known good configuration, ect, but keep getting the same result (windows will not load/blue sceen error message). Please advise.....

noahdfear · 2009/02/22

Was the Recovery Console successfully installed when you ran ComboFix? If so, when you start the computer it should pause for 2 seconds on a screen that gives you the option to boot the Windows XP operating system or the Recovery Console.
Use the up/down arrows button(s) to select the recovery Console.
Once at the C:\Windows> prompt, type the following command then hit Enter.

chkdsk /r

When the checkdisk utility completes, type Exit to exit the Recovery Console and restart the computer.

If the Recovery Console was not installed, you can also access it using the XP operating system cd (option 2).

Log in or Sign up

Active Recycler malware?

Trevor Inactive Thread Starter

PeteC SuperGeek Staff

Trevor Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active Recycler malware?

Trevor Inactive Thread Starter

PeteC SuperGeek Staff

Trevor Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Trevor Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches