Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
5 replies to this topic

#1 brecky

brecky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 07 June 2009 - 05:50 AM

My computer has been very slow lately & a "Spybot' search indicates that the Virtumonde trojan is present.

DDS (Ver_09-05-14.01) - NTFSx86
Run by clyde collier at 20:30:17.76 on Sun 07/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1264 [GMT 10:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\clyde collier\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
mWinlogon: Shell=explorer.exe c:\windows\SPOOLSV.EXE
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HuaWeiEVDO.exe] "c:\program files\3 mobile\3 mobile broadband\3 Mobile Broadband.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Voipwise] "c:\program files\voipwise.com\voipwise\Voipwise.exe" -nosplash -minimized
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LexPPS.exe] c:\windows\system32\lexpps.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Managing Services] c:\windows\system32\spools.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Advanced DHTML Enable] C:\msv2008.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\clydec~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.au\www.gaydar
Trusted Zone: gay.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://supportapj.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120545835607
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133515695765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {F9C7CA0B-E3CA-4427-92B6-C1AAA81FA9C3} = 202.124.65.18 202.124.65.22
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-12 214024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-15 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-6 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-12 144704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 CX88VID;FusionHDTV 88x AvStream Video Capture;c:\windows\system32\drivers\zl88avs.sys [2008-11-29 365312]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-12 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-12 40552]
S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird2.sys [2008-11-29 403712]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2005-7-5 29603]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-12 34216]
S3 P1160COM;Creative PC-CAM 880 (Camera);c:\windows\system32\drivers\p1160buk.sys --> c:\windows\system32\drivers\P1160Buk.sys [?]

=============== Created Last 30 ================

2009-06-07 19:09 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-07 18:02 <DIR> --d----- c:\docume~1\clydec~1\applic~1\AdwareAlert
2009-06-05 00:14 <DIR> --d----- c:\program files\iPod
2009-06-05 00:14 <DIR> --d----- c:\program files\iTunes
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-19 18:14 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-22 00:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-15 08:22 410,984 a------- c:\windows\system32\deploytk.dll
2005-10-03 18:22 96 ---sh--- c:\windows\gollkdcn.sys
2008-09-01 06:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/07/2005 5:24:57 PM
System Uptime: 6/07/2009 5:04:55 PM (-693 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 120.466 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9106521523C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9106521523C01
Service: NIC1394

==== System Restore Points ===================

RP1584: 10/03/2009 7:27:23 AM - Software Distribution Service 3.0
RP1585: 11/03/2009 5:50:03 AM - Software Distribution Service 3.0
RP1586: 12/03/2009 7:20:34 PM - System Checkpoint
RP1587: 13/03/2009 2:12:26 AM - Software Distribution Service 3.0
RP1588: 14/03/2009 2:44:51 AM - System Checkpoint
RP1589: 15/03/2009 3:00:19 AM - Software Distribution Service 3.0
RP1590: 15/03/2009 9:22:20 AM - Removed Java™ 6 Update 11
RP1591: 15/03/2009 9:22:50 AM - Installed Java™ 6 Update 12
RP1592: 15/03/2009 10:15:19 AM - Installed Windows XP KB954708.
RP1593: 15/03/2009 10:15:33 AM - Installed DirectX
RP1594: 16/03/2009 3:00:35 AM - Software Distribution Service 3.0
RP1595: 17/03/2009 3:13:38 AM - System Checkpoint
RP1596: 17/03/2009 6:19:57 PM - Software Distribution Service 3.0
RP1597: 18/03/2009 7:53:08 PM - System Checkpoint
RP1598: 19/03/2009 10:11:20 PM - System Checkpoint
RP1599: 20/03/2009 2:47:36 PM - Software Distribution Service 3.0
RP1600: 21/03/2009 3:41:25 PM - System Checkpoint
RP1601: 22/03/2009 9:20:57 PM - System Checkpoint
RP1602: 23/03/2009 10:49:38 PM - System Checkpoint
RP1603: 24/03/2009 6:39:06 AM - Software Distribution Service 3.0
RP1604: 25/03/2009 5:10:52 PM - System Checkpoint
RP1605: 26/03/2009 5:15:00 PM - System Checkpoint
RP1606: 27/03/2009 1:54:12 AM - Software Distribution Service 3.0
RP1607: 28/03/2009 2:05:25 AM - System Checkpoint
RP1608: 29/03/2009 9:23:12 AM - System Checkpoint
RP1609: 30/03/2009 5:25:40 PM - System Checkpoint
RP1610: 31/03/2009 8:50:36 AM - Software Distribution Service 3.0
RP1611: 1/04/2009 11:13:16 AM - System Checkpoint
RP1612: 2/04/2009 1:28:56 PM - System Checkpoint
RP1613: 3/04/2009 2:17:55 PM - System Checkpoint
RP1614: 3/04/2009 3:33:37 PM - Software Distribution Service 3.0
RP1615: 4/04/2009 2:13:55 PM - Removed FusionHDTV
RP1616: 4/04/2009 2:16:20 PM - Removed Samsung Music Studio
RP1617: 5/04/2009 8:20:08 PM - System Checkpoint
RP1618: 6/04/2009 11:32:37 PM - System Checkpoint
RP1619: 7/04/2009 6:54:34 AM - Software Distribution Service 3.0
RP1620: 8/04/2009 5:46:38 PM - System Checkpoint
RP1621: 9/04/2009 7:13:14 PM - System Checkpoint
RP1622: 10/04/2009 10:42:17 AM - Configured Microsoft Office Professional 2007 Trial
RP1623: 10/04/2009 10:45:40 AM - Removed Microsoft Office Professional 2007 Trial
RP1624: 11/04/2009 10:47:30 AM - System Checkpoint
RP1625: 12/04/2009 11:29:28 AM - System Checkpoint
RP1626: 12/04/2009 2:12:13 PM - Unsigned driver install
RP1627: 13/04/2009 3:29:32 PM - System Checkpoint
RP1628: 14/04/2009 5:41:23 PM - Software Distribution Service 3.0
RP1629: 15/04/2009 7:32:45 PM - System Checkpoint
RP1630: 16/04/2009 8:21:59 PM - System Checkpoint
RP1631: 17/04/2009 3:00:33 AM - Software Distribution Service 3.0
RP1632: 19/04/2009 11:56:12 AM - System Checkpoint
RP1633: 20/04/2009 12:38:14 PM - System Checkpoint
RP1634: 21/04/2009 8:35:30 PM - System Checkpoint
RP1635: 22/04/2009 2:06:01 AM - Software Distribution Service 3.0
RP1636: 23/04/2009 6:06:02 AM - System Checkpoint
RP1637: 24/04/2009 6:40:36 AM - System Checkpoint
RP1638: 24/04/2009 6:58:43 PM - Software Distribution Service 3.0
RP1639: 25/04/2009 1:44:41 PM - 25.10.2008
RP1640: 25/04/2009 1:46:00 PM - 25.10.2008
RP1641: 26/04/2009 2:40:25 PM - System Checkpoint
RP1642: 27/04/2009 6:15:39 PM - System Checkpoint
RP1643: 28/04/2009 6:06:42 PM - Software Distribution Service 3.0
RP1644: 29/04/2009 6:10:16 PM - System Checkpoint
RP1645: 30/04/2009 3:00:15 AM - Software Distribution Service 3.0
RP1646: 30/04/2009 7:59:35 AM - Software Distribution Service 3.0
RP1647: 1/05/2009 8:32:17 AM - System Checkpoint
RP1648: 1/05/2009 5:35:41 PM - Software Distribution Service 3.0
RP1649: 2/05/2009 10:33:48 AM - Installed Compatibility Pack for the 2007 Office system
RP1650: 3/05/2009 11:37:50 AM - System Checkpoint
RP1651: 4/05/2009 11:58:20 PM - System Checkpoint
RP1652: 5/05/2009 1:50:05 AM - Software Distribution Service 3.0
RP1653: 6/05/2009 7:14:39 PM - System Checkpoint
RP1654: 7/05/2009 8:52:25 PM - System Checkpoint
RP1655: 8/05/2009 5:29:06 PM - Software Distribution Service 3.0
RP1656: 9/05/2009 6:36:17 PM - System Checkpoint
RP1657: 10/05/2009 7:09:47 PM - System Checkpoint
RP1658: 11/05/2009 7:12:04 PM - System Checkpoint
RP1659: 12/05/2009 7:00:31 AM - Software Distribution Service 3.0
RP1660: 13/05/2009 5:15:46 PM - System Checkpoint
RP1661: 14/05/2009 3:00:31 AM - Software Distribution Service 3.0
RP1662: 15/05/2009 2:19:38 AM - Software Distribution Service 3.0
RP1663: 16/05/2009 3:52:04 AM - System Checkpoint
RP1664: 16/05/2009 11:43:45 AM - Installed Java™ 6 Update 13
RP1665: 17/05/2009 7:30:06 PM - Unsigned driver install
RP1666: 18/05/2009 8:00:57 PM - System Checkpoint
RP1667: 19/05/2009 7:17:07 AM - Restore Operation
RP1668: 19/05/2009 7:35:31 AM - Unsigned driver install
RP1669: 19/05/2009 6:10:04 PM - Restore Operation
RP1670: 19/05/2009 6:12:30 PM - Restore Operation
RP1671: 19/05/2009 6:21:32 PM - Software Distribution Service 3.0
RP1672: 20/05/2009 8:15:27 AM - Unsigned driver install
RP1673: 20/05/2009 8:21:10 AM - Installed McAfee Virtual Technician
RP1674: 21/05/2009 8:24:23 PM - System Checkpoint
RP1675: 24/05/2009 10:49:28 PM - Software Distribution Service 3.0
RP1676: 25/05/2009 11:33:34 PM - System Checkpoint
RP1677: 26/05/2009 2:16:51 AM - Software Distribution Service 3.0
RP1678: 27/05/2009 3:16:57 AM - System Checkpoint
RP1679: 28/05/2009 3:00:16 AM - Software Distribution Service 3.0
RP1680: 29/05/2009 3:34:23 AM - System Checkpoint
RP1681: 29/05/2009 5:41:38 PM - Software Distribution Service 3.0
RP1682: 30/05/2009 7:13:43 PM - System Checkpoint
RP1683: 31/05/2009 7:15:59 PM - System Checkpoint
RP1684: 1/06/2009 7:46:51 PM - System Checkpoint
RP1685: 2/06/2009 5:40:32 PM - Software Distribution Service 3.0
RP1686: 3/06/2009 6:17:15 PM - System Checkpoint
RP1687: 4/06/2009 6:47:03 PM - System Checkpoint
RP1688: 5/06/2009 2:26:08 AM - Software Distribution Service 3.0
RP1689: 6/06/2009 3:50:47 AM - System Checkpoint
RP1690: 7/06/2009 10:47:11 AM - System Checkpoint
RP1691: 7/06/2009 6:02:12 PM - Installed AdwareAlert
RP1692: 7/06/2009 6:35:07 PM - Removed AdwareAlert
RP1693: 7/06/2009 7:08:00 PM - Installed Windows Backup Utility

==== Installed Programs ======================


3 Mobile Broadband
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AOL Australia
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 2000
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom Advanced Control Suite 2
Canon ScanGear Toolbox CS 2.2
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Media Experience
e-tax 2008
eBay Desktop
Form Fill (Windows Live Toolbar)
Google Earth
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 12
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
McAfee Shredder
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MSVCRT
ninemsn Internet Software
OGA Notifier 1.7.0105.35.0
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 2.4
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PCShowBuzz
Perf3490P_3590P User's Guide
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.5
QuickTime
RealPlayer Basic
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Viewpoint Media Player (Remove Only)
Vimicro USB PC Camera (ZC0301PLH)
VLC media player 0.9.8a
WebFldrs XP
Windows Backup Utility
Windows Defender
Windows Defender Signatures
Windows Driver Package - Dvico (AvsBluebird) Media (12/16/2007 6.2.00.0)
Windows Driver Package - Dvico (CX88VID) Media (11/24/2007 6.2.00.2)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Search Protection
Yahoo! Software Update
Yahoo!7 Toolbar
YP-F1

==== Event Viewer Messages From Past Week ========

7/06/2009 6:35:08 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

============= FINISH: 20:31:38.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:45 AM

Posted 17 June 2009 - 05:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 brecky

brecky
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 17 June 2009 - 06:44 AM

Scan results attached as requested.

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:45 AM

Posted 18 June 2009 - 05:38 AM

Hello my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.
*I want you to understand that I'm still in training. I will be working with my Coach so there's a possibility to have some delay between post.
*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.
*You must reply within 5 days otherwise this topic will be closed.

Your log will be analyzed and I will instruct you what to do next as soon as possible.

Dex :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:45 AM

Posted 19 June 2009 - 11:55 PM

Hello brecky,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Dex :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:45 PM

Posted 24 June 2009 - 12:43 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users