Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delf infection


  • This topic is locked This topic is locked
1 reply to this topic

#1 lemartines

lemartines

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 July 2009 - 10:48 AM

The saga of the infection afflicting my laptop is here http://www.bleepingcomputer.com/forums/t/240630/internet-explorermozilla-firefox-not-connecting-to-internet/

Following instructions, I am posting a DDS log in this forum now. Also please find attached the "attach.zip" file for your evaluation.

NOTE: I was only able to run DDS and get it to generate logs with the computer booted in safe mode. Otherwise, DDS would only open its small black window but not generate any logs even after running for many hours.

Thank you.


DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by Luis at 6:52:28.28 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2621 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\Luis\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\luis\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
StartupFolder: c:\users\luis\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\adobe\photoshop5\calibrat\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultraw~1.lnk - c:\program files\dell\dell wusb\WQ_Tray2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\luis\appdata\roaming\mozilla\firefox\profiles\50lyguua.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\luis\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-8-1 77004]
R3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\drivers\WQ_hwa.sys [2008-7-24 157752]
R3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\drivers\WQ_rci.sys [2008-7-24 75448]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-10 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-10 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-23 73728]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-10 298776]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-20 24652]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-7 30192]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-7-24 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-7-24 7424]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\drivers\WQ_ldr.sys [2008-7-24 33464]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-7-24 209408]
S4 WQ_USBCBAF;WiQuest Cable Association driver;c:\windows\system32\drivers\WQ_cba.sys [2008-7-24 33976]
S4 WQ_USBDWA;WiQuest Device Wire Adapter driver;c:\windows\system32\drivers\WQ_dwa.sys [2008-7-24 94008]

=============== Created Last 30 ================

2009-07-15 21:42 --dsh--- c:\windows\system32\%APPDATA%
2009-07-15 18:22 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 18:22 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 18:22 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 18:22 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 16:07 --d----- c:\users\luis\DoctorWeb
2009-07-14 15:50 --dsh--- C:\$RECYCLE.BIN
2009-07-13 19:45 219,648 a------- c:\windows\PEV.exe
2009-07-13 19:45 161,792 a------- c:\windows\SWREG.exe
2009-07-13 19:45 98,816 a------- c:\windows\sed.exe
2009-07-13 19:32 --d----- C:\_OTM
2009-07-12 16:34 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-12 15:57 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-12 12:10 --d----- c:\program files\SopCast
2009-07-12 11:42 219,358 a------- C:\MGlogs.zip
2009-07-12 11:42 --d----- C:\MGtools
2009-07-11 23:37 --d----- c:\program files\Mozilla Firefox(26)
2009-07-11 18:32 --d----- C:\_OTL
2009-07-11 14:58 --d----- C:\Rooter$
2009-07-11 13:07 --d----- c:\program files\SpywareBlaster
2009-07-10 21:54 --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-10 21:54 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-10 21:53 --d----- c:\users\luis\appdata\roaming\SUPERAntiSpyware.com
2009-07-10 21:53 --d----- c:\program files\SUPERAntiSpyware
2009-07-10 21:12 --d----- c:\windows\pss
2009-07-10 21:05 --d-h--- C:\$AVG8.VAULT$
2009-07-10 20:56 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-10 20:56 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-10 20:56 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 20:56 --d----- c:\windows\system32\drivers\Avg
2009-07-10 20:56 --d----- c:\programdata\avg8
2009-07-10 20:56 --d----- c:\program files\AVG
2009-07-10 20:56 --d----- c:\progra~2\avg8
2009-07-09 21:54 193,061 a------- c:\windows\system32\AdobeFnt.lst
2009-07-09 21:26 68,232 a------- c:\windows\UnDeployV.exe
2009-06-28 17:45 --d----- c:\program files\iPod
2009-06-28 17:45 --d----- c:\program files\iTunes
2009-06-28 17:44 --d----- c:\program files\Bonjour
2009-06-28 14:16 --d--r-- c:\program files\Skype
2009-06-28 14:16 --d----- c:\programdata\Skype
2009-06-27 22:11 72,704 a------- c:\windows\system32\admparse.dll
2009-06-27 15:18 --d----- c:\programdata\Macrovision
2009-06-27 15:14 --d----- c:\program files\common files\Macromedia Shared
2009-06-27 15:12 --d----- c:\program files\common files\Macromedia
2009-06-27 15:11 --d----- c:\program files\Macromedia

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 15:16 88,616 a------- c:\programdata\nvModes.dat
2009-07-05 15:16 88,616 a------- c:\progra~2\nvModes.dat
2009-06-28 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-06-28 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-06-28 17:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-13 19:52 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-30 05:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 05:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-08-08 19:59 81,920 a------- c:\users\luis\appdata\roaming\ezpinst.exe
2008-08-08 19:59 47,360 a------- c:\users\luis\appdata\roaming\pcouffin.sys
2008-07-28 19:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-23 23:27 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 6:52:43.38 ===============

Attached Files


Edited by lemartines, 16 July 2009 - 10:54 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:37 AM

Posted 21 July 2009 - 07:58 PM

Hello :thumbup2:

Please do not waste our time by posting to multiple forums. We do understand that the lines can be a problem, but also understand that it's impossible to tell what's going on when you are following instructions from more than one person at the same time. Choose a forum and stick to it.

This thread is now closed.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users