Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Getting annoyed with spyware infection

  • This topic is locked This topic is locked
2 replies to this topic

#1 jo222


  • Members
  • 1 posts
  • Local time:03:01 AM

Posted 21 May 2009 - 12:38 PM

I have brought a new pc just a 4 days ago and i m in problem now... it seems some spyware has attacked the system and its killing me...

i have a security moniter saying.........
System detected a potential hazard(trojanSPM/LX) on your computer that may infect executable files......

and also warning like "your computer is infected
windows has detected spyware infection.." which pop's up frequently

i have download many things like
spybot search and destroy
Ad adware se personal
and many antispyware tools
but nothing has helped me and i m in panic now...

i have the avast 4.8 anitivirus home edition installed in my system

DDS (Ver_09-05-14.01) - NTFSx86
Run by jyothi at 22:53:12.50 on Thu 05/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1613 [GMT 5.5:30]

AV: avast! antivirus 4.8.1201 [VPS 080611-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Documents and Settings\All Users\Application Data\92892646\92892646.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\jyothi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy---sr\SDHelper.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [12882654] c:\documents and settings\all users\application data\12882654\12882654.exe
mRun: [92892646] c:\documents and settings\all users\application data\92892646\92892646.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy---sr\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-16 78416]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-5-16 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-16 144760]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-16 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-16 349560]
S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [2009-5-17 560128]

=============== Created Last 30 ================

2009-05-21 22:41 <DIR> --ds---- c:\documents and settings\jyothi\UserData
2009-05-21 22:13 <DIR> --d----- c:\documents and settings\jyothi
2009-05-21 22:08 <DIR> --d----- c:\program files\Trend Micro
2009-05-21 19:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy---sr
2009-05-21 18:59 <DIR> --d----- c:\program files\Lavasoft
2009-05-21 17:33 2,686 a------- c:\windows\system32\tmp.reg
2009-05-21 17:11 <DIR> --d----- c:\windows\uninstall
2009-05-21 16:54 <DIR> --d----- C:\VundoFix Backups
2009-05-21 16:08 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-21 15:53 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-21 11:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-21 11:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-21 10:57 0 a------- c:\windows\VPC32.INI
2009-05-21 10:38 <DIR> --d-h--- c:\windows\PIF
2009-05-21 09:42 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-05-21 09:42 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-21 09:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-05-20 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92892646
2009-05-20 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12882654
2009-05-18 17:44 13,312 a------- c:\windows\system32\drivers\MTictwl.sys
2009-05-18 17:44 <DIR> --d----- c:\program files\SEC
2009-05-17 14:20 361 a------- c:\windows\lgfwup.ini
2009-05-17 14:20 102,912 a------- c:\windows\system32\Vb6stkit.dll
2009-05-17 14:20 102,160 a------- c:\windows\system32\VB6KO.DLL
2009-05-17 14:20 115,920 a------- c:\windows\system32\MSINET.OCX
2009-05-17 14:20 16,384 a------- c:\windows\system32\lgfwunis.exe
2009-05-17 14:20 <DIR> --d----- c:\program files\lg_fwupdate
2009-05-17 14:15 <DIR> --d----- c:\program files\Yahoo!
2009-05-17 13:47 <DIR> --d----- C:\DECCHECK
2009-05-17 12:43 <DIR> --d----- c:\program files\Conduit
2009-05-17 12:43 <DIR> --d----- c:\program files\BS_Player
2009-05-17 12:42 <DIR> --d----- c:\program files\Webteh
2009-05-17 11:51 <DIR> --d----- C:\Temp
2009-05-17 03:35 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-05-17 03:35 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-05-17 03:33 <DIR> --d----- c:\program files\common files\ODBC
2009-05-17 03:33 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-17 03:33 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-17 03:32 261 a------- c:\windows\system32\$winnt$.inf
2009-05-17 00:10 <DIR> --d----- c:\program files\common files\PAP7501
2009-05-16 22:31 <DIR> --d----- c:\program files\common files\xing shared
2009-05-16 22:31 <DIR> --d----- c:\program files\common files\Real
2009-05-16 22:30 <DIR> --d----- c:\program files\VideoLAN
2009-05-16 22:29 <DIR> --d----- c:\program files\Nero
2009-05-16 22:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-16 22:23 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-05-16 22:16 <DIR> --d----- c:\program files\Realtek
2009-05-16 22:11 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-16 22:10 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-16 22:10 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-16 22:09 <DIR> --d----- c:\program files\Online Services
2009-05-16 22:08 <DIR> --d----- c:\program files\Messenger
2009-05-16 22:08 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-16 22:08 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-05-21 22:14 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-16 22:17 319,488 a------- c:\windows\HideWin.exe
2009-05-16 22:09 21,640 a------- c:\windows\system32\emptyregdb.dat
2005-11-10 07:47 352,256 a------- c:\program files\Xray-Demo.exe
2005-11-07 22:55 30,978 a------- c:\program files\Alarm.wav
2005-11-07 22:53 67,628 a------- c:\program files\ALERT.wav
2005-10-19 17:47 8,333 a------- c:\program files\Documentation.doc

============= FINISH: 22:53:22.53 ===============

pls pls help me out!!!!!!!!
i will be grateful

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:01 AM

Posted 04 June 2009 - 05:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:01 AM

Posted 12 June 2009 - 12:08 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users