Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter · #1 ·
I have a virus that is not showing up with my anti-virus software. IE links go to ads and surveys. Avast Shield is blocking something that is trying to go to a know malicious site (directitfast.com/seneka/engine???). Every two minutes I get an Avast "pop-up" informing me that it blocked it??? My system restore feature no longer works. I don't know how I got infected but did.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Windows at 17:33:50.52 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.116 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090430-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Windows\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [Google Update] "c:\documents and settings\windows\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Vonage] c:\program files\vonage\vonage click-2-call\click2call.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [A00F14A4F2A.exe] c:\windows\temp\_A00F14A4F2A.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
Trusted Zone: crmondemand.com\*.secure-ausomxeaa
Trusted Zone: crmondemand.com\secure-ausomxeaa
Trusted Zone: unitedhealthadvisors.com\www
Trusted Zone: unitedhealthproducers.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/45.19/uploader2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191431230196
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198679527367
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} - hxxp://fdl.msn.com/public/investor/v5/ticker.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goldenrule.webex.com/client/T23LSP33EP10/event/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.stephens.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-11-23 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-22 138680]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-22 352920]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2007-10-3 92550]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [2008-1-11 99248]
S3 JL2008PC;Digital Camera;c:\windows\system32\drivers\jl2008pc.sys [2005-7-11 125370]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080519.003\NAVENG.SYS [2008-5-19 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080519.003\NAVEX15.SYS [2008-5-19 895408]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]

=============== Created Last 30 ================

2009-04-28 14:30 1 -------- c:\windows\system32\uniq.tll
2009-04-27 08:16 <DIR> --d----- C:\New Folder
2009-04-27 08:06 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-21 16:53 <DIR> --d----- C:\ComboFix
2009-04-21 16:53 389,120 -------- c:\windows\system32\CF11279.exe
2009-04-21 16:53 389,120 -------- c:\windows\system32\CF11272.exe
2009-04-20 17:26 <DIR> --d----- c:\docume~1\windows\applic~1\Malwarebytes
2009-04-20 17:25 15,504 -------- c:\windows\system32\drivers\mbam.sys
2009-04-20 17:25 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 17:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-20 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 15:12 <DIR> --dsh--- c:\documents and settings\windows\IECompatCache
2009-04-20 14:37 <DIR> --dsh--- c:\documents and settings\windows\IETldCache
2009-04-20 14:28 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-20 14:28 78,336 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-20 14:26 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-20 09:06 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 13:56 <DIR> --d----- c:\windows\Crack Installer
2009-04-18 13:56 <DIR> --d----- c:\program files\Crack Installer
2009-04-18 13:54 <DIR> --d----- c:\program files\IEToolbar
2009-04-16 05:21 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:21 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:21 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:21 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 05:21 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:21 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 05:21 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:21 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:21 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 05:21 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 09:54 <DIR> --d----- C:\MDT

==================== Find3M ====================

2009-03-09 05:19 410,984 -------- c:\windows\system32\deploytk.dll
2009-03-08 17:02 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-03-06 09:22 284,160 -------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 -------- c:\windows\system32\wininet.dll
2009-02-09 07:10 729,088 -------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 -------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 -------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 -------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 -------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 -------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 -------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 -------- c:\windows\system32\secur32.dll
2008-08-04 20:50 8,104 -------- c:\docume~1\alluse~1\applic~1\ypinfo.bin
2006-06-02 12:12 65,536 -------- c:\program files\im32fax.dil
2008-06-28 10:59 56 ---shr-- c:\windows\system32\0C6F9F96EE.sys
2008-07-16 19:12 1,682 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-19 12:25 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051920080520\index.dat

============= FINISH: 17:34:53.78 ===============
 

Attachments

1 - 2 of 2 Posts
Status
Not open for further replies.
Top