|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
08-14-2009, 03:55 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 2
OS: Vista home premium
|
I suspect malware
I am running Vista home premium on a HP Pavillion. I am wondering of there is some kind of spyware on my computer. Two nights ago I was working and PC Doctor tried to run. I got the "allow permission" screen so I said no. Then it happened again. I figured out that it happens evey time i press 'h'. I killed "KBD.exe" from the task manager and the problem went away. There was one other key (I think 's') that was making this little window pop up with HP machine information (model etc.) This also went away when I killed KBD.exe. At the same time when I tried opening another browser window, it showed the border for a second and disappeared, this doesn't happen anymore.
What do you think? DDS (Ver_09-07-30.01) - NTFSx86 Run by totty at 21:20:42.72 on Thu 08/13/2009 Internet Explorer: 7.0.6000.16890 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1911 [GMT -4:00] AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Sophos Anti-Virus *disabled* (Updated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\svchost.exe -k NetworkService c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\schtasks.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ehome\ehtray.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\totty\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\mcupdate.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\totty\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [SansaDispatch] c:\users\totty\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [<NO NAME>] mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL ============= SERVICES / DRIVERS =============== R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20081125.002\IDSvix86.sys [2008-11-25 270384] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2009-2-26 93192] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064] R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\visioneer\onetouch 4.0\OtService.exe [2007-7-13 126976] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-7 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624] S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [2008-10-10 34376] S3 BJYZXFH;BJYZXFH;c:\users\totty\appdata\local\temp\BJYZXFH.exe [2009-7-12 584576] S3 CEQIRP;CEQIRP;c:\users\totty\appdata\local\temp\CEQIRP.exe [2009-7-12 551808] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-28 99376] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-2-26 20288] =============== Created Last 30 ================ 2009-08-11 15:57 71,680 a------- c:\windows\system32\atl.dll 2009-08-11 15:57 156,160 a------- c:\windows\system32\wkssvc.dll 2009-08-11 15:57 1,871,872 a------- c:\windows\system32\mstscax.dll 2009-08-11 15:57 116,736 a------- c:\windows\system32\aaclient.dll 2009-08-11 15:57 36,352 a------- c:\windows\system32\tsgqec.dll 2009-08-11 15:57 88,576 a------- c:\windows\system32\avifil32.dll 2009-08-11 15:57 123,904 a------- c:\windows\system32\msvfw32.dll 2009-08-11 15:57 82,944 a------- c:\windows\system32\mciavi32.dll 2009-08-11 15:57 65,024 a------- c:\windows\system32\avicap32.dll 2009-08-11 15:57 31,232 a------- c:\windows\system32\msvidc32.dll 2009-08-11 15:57 12,800 a------- c:\windows\system32\msrle32.dll 2009-08-11 15:56 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-08-11 15:56 7,680 a------- c:\windows\system32\spwmp.dll 2009-08-11 15:56 8,147,968 a------- c:\windows\system32\wmploc.DLL 2009-08-11 15:56 4,096 a------- c:\windows\system32\msdxm.ocx 2009-08-11 15:56 4,096 a------- c:\windows\system32\dxmasf.dll 2009-08-11 15:56 43,520 a------- c:\windows\system32\msdxm.tlb 2009-08-11 15:56 18,432 a------- c:\windows\system32\amcompat.tlb 2009-08-03 14:19 <DIR> --d----- c:\program files\Blue Coat K9 Web Protection 2009-07-24 08:48 <DIR> --dsh--- c:\users\totty\appdata\roaming\.# 2009-07-15 10:30 156,160 a------- c:\windows\system32\t2embed.dll 2009-07-15 10:30 289,792 a------- c:\windows\system32\atmfd.dll 2009-07-15 10:30 72,704 a------- c:\windows\system32\fontsub.dll 2009-07-15 10:30 34,304 a------- c:\windows\system32\atmlib.dll 2009-07-15 10:30 24,064 a------- c:\windows\system32\lpk.dll 2009-07-15 10:30 10,240 a------- c:\windows\system32\dciman32.dll ==================== Find3M ==================== 2009-08-12 12:13 6,664 a------- c:\users\totty\appdata\roaming\wklnhst.dat 2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll 2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll 2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll 2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll 2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll 2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll 2009-07-10 08:31 130,104 a------- c:\windows\system32\sdccoinstaller.dll 2009-06-21 13:20 51,200 a------- c:\windows\inf\infpub.dat 2009-06-21 13:20 86,016 a------- c:\windows\inf\infstor.dat 2009-06-21 13:20 143,360 a------- c:\windows\inf\infstrng.dat 2009-06-12 14:39 2,560 a------- c:\windows\_MSRSTRT.EXE 2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2008-12-12 04:13 174 a--sh--- c:\program files\desktop.ini 2008-10-20 14:35 665,600 a------- c:\windows\inf\drvindex.dat 2008-10-06 16:18 56 a---h--- c:\programdata\ezsidmv.dat 2008-10-06 16:18 56 a---h--- c:\progra~2\ezsidmv.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-04-23 14:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-04-23 14:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-04-23 14:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2008-06-15 17:40 22 a--sh--- c:\windows\sminst\HPCD.SYS 2008-10-22 22:06 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-10-22 22:06 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-10-22 22:06 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat 2007-10-24 09:32 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT ============= FINISH: 21:20:58.69 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
