Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

R U sure you want to navigate away from this page?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Inspector_L

Inspector_L

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 11 December 2010 - 12:51 PM

Any help would be appreciated. Thanks, HG
__________ DDS.txt __________


DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Patrick at 11:46:05.59 on Sat 12/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1545 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Info Select\is.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrick\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: cashtitan browser enhancer: {37d5d30b-3827-f868-1644-67e24b27d597} - C:\Windows\SysWow64\pyhjrlmcbwpxqya.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [mkpfuddhmi] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\pyhjrlmcbwpxqya.dll"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOPHOS~1.LNK - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\542jiesg.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Amazon Toolbar: toolbar-amazon@alexa.com - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\542jiesg.default\extensions\toolbar-amazon@alexa.com

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2010-9-19 141816]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-9-19 104488]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-9-19 93736]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-6 1153368]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2010-1-26 175144]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-9-20 11576]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDMI64.sys [2009-6-23 684544]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-3-4 58456]
R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-3-3 51672]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2010-12-3 31800]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-9-20 161448]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2010-9-19 25592]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-20 1255736]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2010-9-19 25608]

=============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-12-11 15:53:55 -------- d-----w- C:\BACKUP
2010-12-11 06:17:09 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2010-12-11 06:16:41 -------- d-----w- C:\Program Files (x86)\Quicken
2010-12-11 06:14:13 61215 ----a-w- C:\Windows\SysWow64\qpzploihik.exe
2010-12-10 15:19:38 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{73D34E72-81FA-4882-BFE6-A9BD0A24C3AB}\mpengine.dll
2010-12-07 14:54:08 410112 ----a-w- C:\Windows\SysWow64\pyhjrlmcbwpxqya.dll
2010-12-03 20:38:56 -------- d-----w- C:\Users\Patrick\AppData\Roaming\RemoteScanClient
2010-12-03 15:22:28 49152 ----a-w- C:\Windows\SysWow64\INETWH32.DLL
2010-12-03 15:22:28 28672 ----a-w- C:\Windows\SysWow64\nnr.dll
2010-12-03 15:22:28 1056768 ----a-w- C:\Windows\SysWow64\ROBOEX32.DLL
2010-12-03 15:19:47 -------- d-----w- C:\Program Files (x86)\NetObjects
2010-12-03 14:53:13 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2010-12-03 14:53:12 -------- d-----w- C:\Program Files\VS Revo Group
2010-12-01 16:03:35 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-01 14:09:57 -------- d-----w- C:\Users\Patrick\AppData\Local\Scansoft
2010-12-01 03:44:59 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Zeon
2010-12-01 03:31:30 737280 ----a-w- C:\Windows\iun6002.exe
2010-12-01 03:26:47 -------- d-----w- C:\Users\Patrick\AppData\Roaming\TwainImporter
2010-12-01 02:11:11 146976 ----a-w- C:\Windows\SysWow64\Mfcoleui.dll
2010-11-29 20:14:40 73728 ----a-w- C:\Windows\System32\ssdevm64.dll
2010-11-29 20:14:40 57344 ----a-w- C:\Windows\SysWow64\ssdevm.dll
2010-11-29 20:14:40 49152 ----a-w- C:\Windows\SysWow64\ssusbpn.dll
2010-11-29 20:14:40 47104 ----a-w- C:\Windows\System32\ssusbp64.dll
2010-11-29 05:19:43 -------- d-----w- C:\Productivity
2010-11-29 03:20:43 -------- d-----w- C:\Users\Patrick\AppData\Local\Google
2010-11-27 04:19:38 -------- d-----w- C:\PROGRA~3\BugBopper
2010-11-27 01:15:48 -------- d-----w- C:\Temp
2010-11-24 15:54:49 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 15:54:49 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 04:08:23 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-23 04:08:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-23 04:08:23 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-23 04:08:23 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-23 04:08:22 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-23 04:08:22 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-23 04:08:22 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-23 04:07:20 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2010-11-23 03:56:08 -------- d-----w- C:\PROGRA~3\Intuit
2010-11-14 23:13:03 344064 ----a-w- C:\Windows\SysWow64\Msvcr70.dll
2010-11-14 23:13:02 -------- d-----w- C:\Program Files (x86)\Absolute MP3 Splitter
2010-11-12 18:46:58 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-11-12 02:09:08 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai

==================== Find3M ====================

2010-11-08 00:58:53 614400 ----a-w- C:\Windows\AutoKMS.exe
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-27 16:19:55 1024 ---h--r- C:\Windows\SysWow64\NTIBUN4.dll
2010-09-27 16:17:42 1024 ---h--r- C:\Windows\SysWow64\NTICDMK7.dll
2010-09-27 16:17:35 1024 ---h--r- C:\Windows\SysWow64\NTIMPEG2.dll
2010-09-27 16:17:35 1024 ---h--r- C:\Windows\SysWow64\NTIMP3.dll
2010-09-27 16:17:35 1024 ---h--r- C:\Windows\SysWow64\NTIFCD3.dll
2010-09-19 22:32:53 25592 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys
2010-09-19 22:32:53 141816 ----a-w- C:\Windows\System32\drivers\savonaccess.sys
2010-09-19 22:32:42 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys
2010-09-19 16:55:33 0 ----a-w- C:\Windows\ativpsrm.bin

============= FINISH: 11:47:08.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Inspector_L

Inspector_L
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 December 2010 - 09:55 PM

Well, I may have solved my own problem with the Spyware that was infecting me. It was a three-headed devil. Or devils.
One was an audio file that played an ad for some department store. (Yet, Task Mgr did not show any process running that I could identify with it.) The second was a "CashTItan" ad. And the third was an IExplorer window that kept asking me if I was sure that I wanted to "navigate away from this page?". Even though I don't use IExplorer and I wasn't -at least actively - surfing the web.
So, I threw all tools at it. Adaware, Spybot, AntiSpyware, SpywareBlaster and a Sophos complete scan. I think they're dead.
Only time will tell. HG

Edited by Inspector_L, 13 December 2010 - 09:57 PM.


#3 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:43 PM

Posted 19 December 2010 - 05:07 PM

Hi inspector_L!.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Thank you for letting us know your problem was solved!

If you encounter the problem again don't hesitate to come back!

#4 Inspector_L

Inspector_L
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 20 December 2010 - 10:27 PM

Thanks for the reply, Judicandus.
I appreciate this board and look forward to posting again in the future.
HG




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users