Results 1 to 3 of 3

Thread: DDS as requested

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    3

    Default DDS as requested

    My sincere apologies for earlier. Although I did read the stickys, I obviously got it wrong! Sorry.

    The problem seemed to start when I was online, just browsing a google search of open source freeware believe it or not! I clicked a link which opened a page, I heard a bleep from my pc and had to quickly 'deny' something! It all happened so quickly. Avira antivirus free and Spybot S&D were first to react, avira doing an instant scan.
    Naturally, I did run some apps after I realised there was a problem. I will explain in next post.

    Here's DDS stuff - and THANK YOU.

    (can I put tea-timer back on now? I feel vulnerable enough as it is!)


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by 2harts at 19:48:54.75 on 17/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1612 [GMT 1:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Documents and Settings\2harts\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = local
    BHO: AutorunsDisabled - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    StartupFolder: c:\docume~1\2harts\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229332717437
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-14 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-14 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-14 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-14 60936]
    S2 68E98106143DF8F2;68E98106143DF8F2;\??\c:\documents and settings\2harts\desktop\68e98106143df8f2\68e98106143df8f2 --> c:\documents and settings\2harts\desktop\68e98106143df8f2\68E98106143DF8F2 [?]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-22 136176]
    S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]

    ============== File Associations ===============

    .txt=

    =============== Created Last 30 ================

    2010-09-15 19:42:18 0 d-----w- c:\program files\Trend Micro
    2010-09-13 00:48:46 0 d-----w- c:\docume~1\2harts\applic~1\autodessys
    2010-09-13 00:35:15 0 d-----w- c:\program files\bonzai3d
    2010-08-28 00:59:19 444 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-08-26 01:53:46 791 ----a-w- c:\documents and settings\2harts\.recently-used.xbel
    2010-08-24 23:11:26 0 d-----w- c:\docume~1\2harts\applic~1\Filter Forge Freepack 1 - Metals
    2010-08-24 23:09:28 0 d-----w- c:\docume~1\2harts\applic~1\Filter Forge Freepack 3 - Frames
    2010-08-24 22:47:17 0 d-----w- c:\docume~1\2harts\applic~1\Filter Forge Freepack 2 - Photo Effects
    2010-08-24 21:26:09 0 d-----w- c:\program files\virtualStudio
    2010-08-24 19:26:50 0 d-----w- c:\program files\Little Ink Pot
    2010-08-24 19:20:49 1030144 ----a-w- c:\windows\system32\dbghelp-xfw.dll
    2010-08-24 19:20:45 0 d-----w- c:\program files\Filter Forge

    ==================== Find3M ====================

    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-25 15:24:40 44544 ------w- c:\windows\AWuninstall.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-07-06 12:46:28 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2009-03-02 23:18:25 88 --sh--r- c:\windows\system32\453B6DC42D.sys
    2008-12-25 19:16:47 16384 -csha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
    2008-12-25 19:16:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
    2008-12-25 19:16:41 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122520081226\index.dat
    2008-12-25 19:16:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

    ============= FINISH: 19:49:50.14 ===============

    Here is the link to my original post:

    http://forums.spybot.info/showthread.php?t=59482

    After I found Spybot S&D's record of the incident, I did the following - but not quite sure in what order.
    - ran a full system scan using Avira AntiVir Free version
    - ran quick scan using Malwarebytes' Anti-Malware
    - ran Autoruns
    - Silent Runners (report only)
    - HJT (report only)
    I also used Piriform's CCleaner to clear windows temp/temp.internet files.

    Sadly, I now feel a bit guilty at having done all this...
    I did not know that my actions would create problems for the cleaning process.
    So please forgive me - thought I was doing the right thing!
    Last edited by tashi; 2010-09-18 at 08:27. Reason: Merged two posts as per forum FAQ, please don't "add" :-)

  2. #2
    Junior Member
    Join Date
    Sep 2010
    Posts
    3

    Default Bye for now!

    Hi.
    I really do appreciate that you guys are busy and can only do so much in a day, so I thought I'd let you know that I will be seeking help from another source. I hope you understand.
    You do an excellent job helping folks - keep up the good work!
    Cheers!

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Thanks for letting us know. Topic is now closed & archived.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •