Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popping up with Spysweeper?


  • This topic is locked This topic is locked
2 replies to this topic

#1 newchap

newchap

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 28 January 2009 - 02:07 PM

DDS (Ver_09-01-19.01) - NTFSx86
Run by troy at 15:24:46.60 on 28/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1507 [GMT -3.5:30]

FW: Webroot Internet Security Essentials *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\troy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sympatico.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition premium\avgnt.exe" /min
uPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: avsda.dll
DPF: Microsoft XML Parser for Java
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138450112312
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://sympatico.zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\troy\applic~1\mozilla\firefox\profiles\iy56v8u8.default\
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 avgio;avgio;c:\program files\avira\antivir personaledition premium\avgio.sys [2009-1-19 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition premium\avgntflt.sys [2009-1-19 52032]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\avira\antivir personaledition premium\avmailc.exe [2009-1-19 164097]
R4 AntiVirScheduler;Avira AntiVir Premium Scheduler;c:\program files\avira\antivir personaledition premium\sched.exe [2009-1-19 68865]
R4 AntiVirService;Avira AntiVir Premium Guard;c:\program files\avira\antivir personaledition premium\avguard.exe [2009-1-19 151297]
R4 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\avira\antivir personaledition premium\avesvc.exe [2009-1-19 41217]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-11-12 3667312]
R4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-12-21 1086840]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2005-6-3 227200]
S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-8-13 598856]
S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2008-3-15 419448]
S4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\avira\antivir personaledition premium\avwebgrd.exe [2009-1-19 258305]
S4 VFILT;VFILT; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-28 15:19 --d----- c:\program files\CCleaner
2009-01-24 22:15 --d----- C:\fsaua.data
2009-01-24 11:31 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-01-20 22:44 --d----- c:\program files\SUPERAntiSpyware
2009-01-20 22:44 --d----- c:\docume~1\troy\applic~1\SUPERAntiSpyware.com
2009-01-20 18:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-19 19:41 --d----- c:\program files\Avira
2009-01-19 19:06 --d----- c:\docume~1\troy\applic~1\Malwarebytes
2009-01-19 19:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-19 19:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 19:05 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 14:12 --d----- c:\program files\Glary Utilities
2009-01-10 12:09 --d----- c:\program files\IObit
2009-01-08 00:24 --d----- c:\program files\18 Wheels of Steel American Long Haul

==================== Find3M ====================

2008-12-21 21:42 164 a------- C:\install.dat
2008-12-13 03:10 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 07:27 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 07:27 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-07 19:54 106 a------- c:\docume~1\troy\applic~1\netstat.bat
2008-11-13 17:11 1,553,272 a------- c:\windows\WRSetup.dll
2008-07-19 17:18 0 ac------ c:\program files\temp01
2007-09-24 14:26 1,308,216 ac------ c:\program files\HiJackThis_v2.exe
2006-03-04 13:33 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-01 10:43 218 ac-sh--- c:\docume~1\alluse~1\applic~1\databack.dat
2008-03-11 08:15 23 ac-sh--- c:\windows\system32\afdbccf6_z.dll
2007-06-20 17:16 5 ac-sh--- c:\windows\system32\ffaab7_d.dll
2007-04-28 07:26 5 ac-sh--- c:\windows\system32\ffaab7_g.dll
2007-06-24 15:36 23 ac-sh--- c:\windows\system32\ffecdc0_r.dll
2008-07-15 16:42 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071520080716\index.dat

============= FINISH: 15:25:14.39 ===============



Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2008

==== Event Viewer Messages From Past Week ========

24/01/2009 3:34:11 PM, error: Service Control Manager [7001] - The Windows

Media Player Network Sharing Service service depends on the Universal Plug

and Play Device Host service which failed to start because of the following

error: The service cannot be started, either because it is disabled or

because it has no enabled devices associated with it.
24/01/2009 3:32:35 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order to run

the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/01/2009 1:43:58 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service netman with arguments "" in order to run the

server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
24/01/2009 1:43:36 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: AFD avgio avipbb

BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV

SASKUTIL ssmdrv Tcpip WS2IFSL
24/01/2009 1:43:36 PM, error: Service Control Manager [7001] - The DHCP

Client service depends on the NetBios over Tcpip service which failed to

start because of the following error: A device attached to the system is not

functioning.
24/01/2009 1:42:32 PM, error: sfsync02 [12] -

==== End Of File ===========================


I was sent here by rigel.These are the scans that i've ran so far.

http://www.bleepingcomputer.com/forums/t/196865/this-seems-strange/

BC AdBot (Login to Remove)

 


#2 newchap

newchap
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 01 February 2009 - 08:54 AM

This can be closed,I have posted this somewhere else.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:46 PM

Posted 01 February 2009 - 02:42 PM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users