Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I haven't had any problems in a while since I started using SuperAntiSpyware.

However, in the past two weeks, sadly, things have changed. After booting up, the monitor flashes completely black (as if I turned it off) for 1 or 2 seconds, maybe 2 or 3 times, sometimes a few seconds apart, sometimes 10 or 15 minutes apart.

Then, shortly after that, the system freezes - everything locks up, CTRL-ALT-DEL doesn't work, the Windows key doesn't
work, the mouse doesn't work, etc. I have to do a hard reboot.

I've run Superantispyware and RegCure many times. Seems like SuperAntiSpyware picks up a number of adaware issues when I
go to some of the malware sites (which seems pretty strange to me), but I don't seem to be picking up any dangerous virus.

Here's the most recent SAS log:

"SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2009 at 08:35 PM

Application Version : 4.27.1002

Core Rules Database Version : 4063
Trace Rules Database Version: 2003

Scan type : Complete Scan
Total Scan Time : 02:16:32

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 7378
Registry threats detected : 1
File items scanned : 91512
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\FX Moon\Cookies\[email protected][1].txt
C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][1].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][2].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][1].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][1].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][2].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][2].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][2].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][2].txt
C:\Documents and Settings\Heidi\Cookies\[email protected][1].txt

Rogue.AdwareAlert
HKU\S-1-5-21-801828363-3392912774-354312795-1006\Software\AdwareAlert"

I took a look at the Event viewer as well. I used to be getting this .NET Runtime 2.0 Error in the Event Viewer:

"Faulting application cdas39.exe, version 5.7.21.4, stamp 4a6597f4, faulting module cdspnsrv.dll, version 5.5.1.1, stamp

49fb8925, debug? 0, fault address 0x0002f74e."

I removed CyberDefender (I think that program isn't very good, and in fact, may actually be creating problems).

Now I no longer get that, but it still freezes and I get this Service Control Manager error:

"The CdaC15BA service failed to start due to the following error:
The system cannot find the file specified. "

That file is not there, but if you look at the log below, you'll see that this is:

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

I've tried to do some research but I can't tell at this point if that file is dangerous or not.

Below is the HiJackThis log file. Any suggestions as to what might be causing this would be greatly appreciated.

Thanks in advance.

F.X. Moon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:11 PM, on 8/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\RegCure\RegCure.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;;*.local
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\FX Moon\Local

Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\FX Moon\Local

Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -

http://www.superadblocker.com/activex/sabspx.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c98fd2b05d0e84) (gupdate1c98fd2b05d0e84) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update

Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6080 bytes
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top