Magpie
2010-11-17, 01:14
Hi
Ok to start with every time we log on we get a popup to say that DeBugView has stopped working - I don't believe we ever installed this.
Antivirus (FProt) scan picked up almost 2000 problems which it "removed"
MalwareBytes picked up one trojan which it removed.
Antivirus then picked up about 40 things, removed most except one trojan.
Since then, Spybot, MalwareBytes and SuperAntispyware scans all come back clear.
(sorry if I have messed up running these :sad:)
However, FProt is contstantly popping up with list of things it has removed - doing it all the time, several times while I have been writing this post. This is making the computer effectively unuseable. Possibly FProt itself has become corrupted somehow ...
Also Norton System Scan has installed itself a few times - I remove it and it comes back.
This computer is mostly used by my teenagers, one of whom has WoW curse client installed which I suspect might be a cause but don't know ...
Anyway, my DDS log:
Magpi
DDS (Ver_10-11-10.01) - NTFSx86
Run by Sarah Fielden at 22:38:53.87 on 16/11/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_21
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sarah Fielden\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\microsoft\watermark.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [0x017] 0x017
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R? Revoflt;Revoflt
S? aawservice;Ad-Aware 2007 Service
S? FPAV_RTP;FPAV_RTP
S? FPAVServer;F-PROT Antivirus for Windows system
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SBSDWSCService;SBSD Security Center Service
=============== Created Last 30 ================
2010-11-16 21:35:00 -------- d-----w- c:\program files\NortonInstaller
2010-11-15 21:19:17 -------- dc----w- c:\progra~2\SUPERAntiSpyware.com
2010-11-15 21:19:17 -------- d-----w- c:\users\sarahf~1\appdata\roaming\SUPERAntiSpyware.com
2010-11-15 21:18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-15 19:36:44 700632 ----a-w- c:\windows\system32\drivers\FStopW.sys
2010-11-15 03:13:59 -------- d-----w- c:\program files\Trend Micro
2010-11-14 21:53:00 -------- d-----w- c:\program files\tmp
2010-11-14 08:14:11 6146896 ------w- c:\progra~2\microsoft\windows defender\definition updates\{2fe868ba-c9e3-4817-9847-6d0b09a2f02d}\mpengine.dll
2010-11-04 23:21:37 -------- dc----w- c:\progra~2\Symantec
2010-10-28 16:22:39 -------- d-----w- c:\users\sarahf~1\appdata\roaming\VS Revo Group
2010-10-28 16:17:52 -------- d-----w- c:\users\sarahf~1\appdata\local\VS Revo Group
2010-10-28 16:17:44 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-10-28 16:17:43 -------- d-----w- c:\program files\VS Revo Group
==================== Find3M ====================
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 22:41:21.08 ===============
Ok to start with every time we log on we get a popup to say that DeBugView has stopped working - I don't believe we ever installed this.
Antivirus (FProt) scan picked up almost 2000 problems which it "removed"
MalwareBytes picked up one trojan which it removed.
Antivirus then picked up about 40 things, removed most except one trojan.
Since then, Spybot, MalwareBytes and SuperAntispyware scans all come back clear.
(sorry if I have messed up running these :sad:)
However, FProt is contstantly popping up with list of things it has removed - doing it all the time, several times while I have been writing this post. This is making the computer effectively unuseable. Possibly FProt itself has become corrupted somehow ...
Also Norton System Scan has installed itself a few times - I remove it and it comes back.
This computer is mostly used by my teenagers, one of whom has WoW curse client installed which I suspect might be a cause but don't know ...
Anyway, my DDS log:
Magpi
DDS (Ver_10-11-10.01) - NTFSx86
Run by Sarah Fielden at 22:38:53.87 on 16/11/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_21
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sarah Fielden\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\microsoft\watermark.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [0x017] 0x017
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R? Revoflt;Revoflt
S? aawservice;Ad-Aware 2007 Service
S? FPAV_RTP;FPAV_RTP
S? FPAVServer;F-PROT Antivirus for Windows system
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SBSDWSCService;SBSD Security Center Service
=============== Created Last 30 ================
2010-11-16 21:35:00 -------- d-----w- c:\program files\NortonInstaller
2010-11-15 21:19:17 -------- dc----w- c:\progra~2\SUPERAntiSpyware.com
2010-11-15 21:19:17 -------- d-----w- c:\users\sarahf~1\appdata\roaming\SUPERAntiSpyware.com
2010-11-15 21:18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-15 19:36:44 700632 ----a-w- c:\windows\system32\drivers\FStopW.sys
2010-11-15 03:13:59 -------- d-----w- c:\program files\Trend Micro
2010-11-14 21:53:00 -------- d-----w- c:\program files\tmp
2010-11-14 08:14:11 6146896 ------w- c:\progra~2\microsoft\windows defender\definition updates\{2fe868ba-c9e3-4817-9847-6d0b09a2f02d}\mpengine.dll
2010-11-04 23:21:37 -------- dc----w- c:\progra~2\Symantec
2010-10-28 16:22:39 -------- d-----w- c:\users\sarahf~1\appdata\roaming\VS Revo Group
2010-10-28 16:17:52 -------- d-----w- c:\users\sarahf~1\appdata\local\VS Revo Group
2010-10-28 16:17:44 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-10-28 16:17:43 -------- d-----w- c:\program files\VS Revo Group
==================== Find3M ====================
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 22:41:21.08 ===============