I'm infected - DDS log file and attached

[Havelock]

Here are my results:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Petar at 1:38:14 on 2012-04-16

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2039.1100 [GMT 3:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

svchost.exe

C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Opera\opera.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.bg/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ConfigHelper] c:\documents and settings\petar\local settings\application data\vectir\config\ConfigHelper.exe /Startup

uRun: [Google Update] "c:\documents and settings\petar\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [<NO NAME>]

mRun: [Ashampoo WinOptimizer Live-Tuner] "c:\program files\ashampoo\ashampoo winoptimizer 8\LiveTuner.exe" -TRAY

mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions

mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

TCP: DhcpNameServer = 94.26.42.33 94.26.50.8

TCP: Interfaces\{2515C4E1-893F-4164-B332-FA20A1BE8F3C} : DhcpNameServer = 94.26.42.33 94.26.50.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\petar\application data\mozilla\firefox\profiles\xxkl3khf.default\

FF - plugin: c:\documents and settings\petar\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-4 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-4 314456]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-14 232512]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-4-14 21592]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 332248]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 212568]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-4 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-4 44768]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2012-1-21 20072]

R2 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 8\DfSdkS.exe [2012-1-4 406016]

R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files\ashampoo\ashampoo winoptimizer 8\LiveTunerProcessMonitor32.sys [2012-1-4 12696]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 654408]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-10 632792]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-4-14 74968]

R2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\ashampoo\ashampoo winoptimizer 8\LiveTunerService.exe [2012-1-4 885160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22344]

R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-1-14 8192]

S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [2004-10-27 22144]

S3 cpuz134;cpuz134;\??\c:\temp\cpuz134\cpuz134_x32.sys --> c:\temp\cpuz134\cpuz134_x32.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RTL8192cu;Surf Wireless Micro USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2012-1-4 907496]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]

.

=============== File Associations ===============

.

txtfile\shell\edit\command="c:\program files\notepad++\notepad++.exe" %1

.

=============== Created Last 30 ================

.

2012-04-14 20:35:07 -------- dc----w- c:\documents and settings\petar\local settings\application data\Apple Computer

2012-04-14 20:35:05 -------- dc----w- c:\documents and settings\all users\application data\Panasonic

2012-04-14 20:35:01 -------- dc----w- c:\documents and settings\petar\local settings\application data\Panasonic

2012-04-14 20:13:45 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2012-04-14 20:13:44 80024 ----a-w- c:\windows\system32\PICSDK.dll

2012-04-14 20:13:44 120992 ----a-w- c:\windows\system32\EpPicPrt.dll

2012-04-14 20:13:44 108704 ----a-w- c:\windows\system32\PICEntry.dll

2012-04-14 20:13:43 71840 ----a-w- c:\windows\system32\EPPicMgr.dll

2012-04-14 20:07:12 -------- d-----w- c:\program files\common files\Panasonic

2012-04-14 20:05:40 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-04-14 20:05:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-04-14 10:09:21 -------- dc----w- c:\documents and settings\petar\local settings\application data\adaware

2012-04-14 10:09:16 -------- dc----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection

2012-04-14 10:06:22 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-04-14 10:06:21 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2012-04-14 10:06:19 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-04-14 10:06:16 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys

2012-04-14 10:04:41 -------- dc----w- c:\documents and settings\petar\application data\Malwarebytes

2012-04-14 10:04:23 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-14 10:04:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-14 10:04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-14 10:03:42 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-04-14 10:03:42 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-04-14 10:03:12 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-04-14 09:59:48 -------- dc----w- c:\documents and settings\petar\application data\Ad-Aware Antivirus

2012-04-14 09:25:35 -------- d-----w- c:\program files\coolpro2

2012-04-13 15:25:15 91264 ----a-r- c:\windows\system32\drivers\zebrsce.sys

2012-04-13 15:25:05 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys

2012-04-13 15:25:05 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys

2012-04-13 15:25:01 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys

2012-04-13 15:25:01 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys

2012-04-13 15:25:01 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys

2012-04-13 15:24:35 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys

2012-04-13 15:23:37 -------- dc----w- c:\documents and settings\petar\application data\Teleca

2012-04-13 15:21:29 63360 ----a-r- c:\windows\system32\drivers\zebrceb.sys

2012-04-13 15:21:29 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys

2012-04-13 15:21:29 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys

2012-04-13 15:20:31 -------- dc----w- c:\documents and settings\petar\local settings\application data\Sony Ericsson

2012-04-13 15:20:30 -------- dc----w- c:\documents and settings\petar\application data\Sony Ericsson

2012-04-13 15:20:12 -------- d-----w- c:\program files\Intuwave

2012-04-13 15:20:10 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2012-04-13 15:20:10 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2012-04-13 15:20:10 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2012-04-13 15:20:10 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2012-04-13 15:20:10 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2012-04-13 15:20:09 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2012-04-13 15:20:09 -------- d-----w- c:\program files\Symbian

2012-04-13 15:20:08 286720 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2012-04-13 15:19:04 -------- dc----w- c:\documents and settings\all users\application data\Sony Ericsson

2012-04-13 15:19:04 -------- d-----w- c:\program files\common files\Sony Ericsson Shared

2012-04-13 15:18:59 -------- d-----w- c:\program files\common files\Teleca Shared

2012-04-13 15:18:58 -------- dc----w- c:\documents and settings\all users\application data\Teleca

2012-04-13 15:18:58 -------- d-----w- c:\program files\Sony Ericsson

2012-04-13 15:18:52 -------- d-----w- c:\program files\MSXML 6.0

2012-04-13 15:01:35 -------- d-----w- c:\windows\Downloaded Installations

2012-03-31 21:12:26 -------- d-----w- c:\program files\Mv2Player

2012-03-29 20:22:42 -------- d-----w- c:\program files\SA Dictionary

2012-03-25 19:19:37 -------- d-----w- c:\program files\common files\3DO Shared

2012-03-25 19:19:37 -------- d-----w- c:\program files\3DO

2012-03-25 19:18:58 306688 ----a-w- c:\windows\IsUninst.exe

2012-03-24 08:50:40 839680 ----a-w- c:\windows\system32\lameACM.acm

2012-03-24 08:50:40 39936 ----a-w- c:\windows\system32\huffyuv.dll

2012-03-24 08:50:40 216064 ----a-w- c:\windows\system32\lagarith.dll

2012-03-24 08:50:39 630784 ----a-w- c:\windows\system32\vp7vfw.dll

2012-03-24 08:50:39 4078592 ----a-w- c:\windows\system32\x264vfw.dll

2012-03-24 08:50:38 650752 ----a-w- c:\windows\system32\xvidcore.dll

2012-03-24 08:50:38 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2012-03-24 08:50:24 151552 ----a-w- c:\windows\system32\ac3acm.acm

2012-03-24 08:50:18 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2012-03-24 08:50:10 -------- d-----w- c:\program files\K-Lite Codec Pack

2012-03-22 08:50:40 -------- dc----w- c:\documents and settings\petar\application data\MechCAD

2012-03-22 08:50:31 -------- d-----w- c:\program files\AceMoney

2012-03-21 11:01:35 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-21 11:01:35 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-02-27 06:38:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 1:43:21,23 ===============Attach.zipAttach.zip

[MrCharlie]

Welcome to the forum.

What seems to be the problem??

------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

--------------------

Last....

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!