Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Author Behind ‘Hidden Figures’ Book & Movie Inspires at RSA Conference

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Virtumonde.sdn and others?

Started by Ace.Of.Spades. , Sep 12 2009 05:11 PM

This topic is locked

2 replies to this topic

#1 Ace.Of.Spades.

Members
1 posts
OFFLINE

Gender:Female
Local time:12:04 PM

Posted 12 September 2009 - 05:11 PM

Okay, so I ran SpyBot -Search and Destroy, and I was waiting for it to scan and see if there were any threats. I noticed that it was scanning all these files that weren't there before.

Every time I scan using spybot, it scans 584,359 files and when I noticed the description of it I saw virtumonde.sdn, which seemed to be the bulk of it, Perfect Keylogger, FraudAntivirus, Fake Alert, something like Hacker.exe, Smitfraud-C, Zango, Cydoor, SpyArsenal, and a lot more but since it scans it so quickly, I can't see what it says. Well, I scanned using Avira but nothing was wrong. I scanned using Spyware Doctor, but no threats apparently. I downloaded Malwarebytes since I heard it was good but nothing again. I tried all of them in safe mode as well but no results.

Whatever I have isn't doing anything. No pop-ups, barely making my internet slower, no redirected websites. I am at a lost of what to do. Oh, and every time I cancel Spybot, the blue bar says, unloading user registry hives might take a while... I tried system restore but when my computer turns on again, it says that the restore was incomplete and couldn't restore to a previous point.

I have Windows XP

(BTW, Not sure if this is in the right topic. Sorry ^^; )

This is the DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by - at 19:48:52.70 on Sat 09/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1130 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\37918993-bfbd-4507-9ff4-61e47cccfaff.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\-\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\37918993-bfbd-4507-9ff4-61e47cccfaff.exe
uRun: [ParetoLogic Anti-Spyware] "c:\program files\paretologic\anti-spyware\Pareto_AS.exe" -NM -hidesplash
uRunOnce: [UniblueRegistryBooster] "launcher.exe" delay 20000
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251500698187
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\-\applic~1\mozilla\firefox\profiles\90v1jk2s.default\
FF - plugin: c:\documents and settings\-\application data\mozilla\firefox\profiles\90v1jk2s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-28 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-28 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-28 55656]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-11 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-11 1097096]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-12 38224]

=============== Created Last 30 ================

2009-09-12 17:47 <DIR> --d-hr-- c:\documents and settings\-\Recent
2009-09-12 17:42 <DIR> --d----- c:\program files\RegistryFix7
2009-09-12 17:33 <DIR> --d----- c:\docume~1\-\applic~1\Uniblue
2009-09-12 17:33 <DIR> --d----- c:\program files\Uniblue
2009-09-12 11:47 <DIR> --d----- c:\program files\Trend Micro
2009-09-12 10:41 <DIR> --d----- C:\VundoFix Backups
2009-09-12 10:40 <DIR> --d----- c:\docume~1\-\applic~1\Malwarebytes
2009-09-12 10:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 10:40 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 10:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 10:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-12 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Spyware
2009-09-12 10:22 <DIR> --d----- c:\program files\ParetoLogic
2009-09-12 10:22 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-09-11 23:15 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-11 23:15 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-11 23:15 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-11 23:15 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-11 23:15 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-11 23:15 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-11 23:15 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-11 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-11 23:15 <DIR> --d----- c:\docume~1\-\applic~1\PC Tools
2009-09-11 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-11 22:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-11 22:15 <DIR> --d----- c:\docume~1\-\applic~1\SUPERAntiSpyware.com
2009-09-11 22:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-11 20:53 <DIR> --d----- c:\program files\iDump (Freeware)
2009-09-04 19:24 <DIR> --d----- c:\docume~1\-\applic~1\WinRAR
2009-09-04 17:33 <DIR> --d----- c:\docume~1\-\applic~1\TeamViewer
2009-09-04 17:33 <DIR> --d----- c:\program files\TeamViewer
2009-09-04 17:33 <DIR> --d----- c:\documents and settings\-\temp
2009-09-02 16:01 <DIR> --d----- c:\windows\system32\Adobe
2009-08-30 11:16 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-30 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-29 11:00 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-28 19:58 <DIR> --d----- c:\documents and settings\-\.gimp-2.6
2009-08-28 19:58 <DIR> --d----- c:\documents and settings\-\.gegl-0.0
2009-08-28 19:27 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-08-28 19:27 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-08-28 19:23 <DIR> --d----- c:\docume~1\-\applic~1\Macromedia
2009-08-28 19:23 <DIR> --d----- c:\docume~1\-\applic~1\Adobe
2009-08-28 19:16 32,592 a------- c:\windows\system32\msonpmon.dll
2009-08-28 19:13 <DIR> --d----- c:\windows\SHELLNEW
2009-08-28 19:04 <DIR> --ds---- c:\documents and settings\-\UserData
2009-08-28 18:56 553 a------- c:\windows\USetup.iss
2009-08-28 18:55 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2009-08-28 18:54 528,384 a------- c:\windows\RtlExUpd.dll
2009-08-28 18:52 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-08-28 18:50 <DIR> --d----- c:\program files\Zone Labs
2009-08-28 18:50 <DIR> --d----- c:\windows\Internet Logs
2009-08-28 18:50 <DIR> --d----- c:\docume~1\-\applic~1\Apple Computer
2009-08-28 18:50 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-28 18:50 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-28 18:50 <DIR> --d----- c:\program files\iPod
2009-08-28 18:50 <DIR> --d----- c:\program files\iTunes
2009-08-28 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-08-28 18:50 <DIR> --d----- c:\program files\Bonjour
2009-08-28 18:49 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-08-28 18:49 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:47 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-28 18:47 <DIR> --d----- c:\program files\Avira
2009-08-28 18:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-28 18:46 <DIR> --d----- c:\program files\CCleaner
2009-08-28 18:45 <DIR> --d----- c:\program files\Gimp-2.0
2009-08-28 18:45 <DIR> --d----- c:\docume~1\-\applic~1\IObit
2009-08-28 18:45 <DIR> --d----- c:\program files\IObit
2009-08-28 18:42 <DIR> --d----- c:\documents and settings\-\Bluebirds
2009-08-28 18:40 <DIR> --d----- c:\docume~1\-\applic~1\HP
2009-08-28 18:36 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-08-28 18:36 <DIR> --d----- c:\docume~1\-\applic~1\Mozilla
2009-08-28 18:35 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-28 18:35 <DIR> --d----- c:\program files\common files\HP
2009-08-28 18:35 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-08-28 18:34 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-08-28 18:34 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-08-28 18:34 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-08-28 18:34 164 a------- c:\windows\system32\AddPort.ini
2009-08-28 18:34 732 a------- c:\windows\hpntwksetup.ini
2009-08-28 18:34 <DIR> --d----- C:\TEMP
2009-08-28 18:32 <DIR> --d----- c:\program files\HP
2009-08-28 18:24 <DIR> --d----- c:\program files\PowerQuest
2009-08-28 18:22 6,048,768 a------- c:\windows\system32\drivers\igxpmp32.sys
2009-08-28 18:21 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-28 18:21 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-08-28 18:20 <DIR> --d----- C:\Intel
2009-08-28 18:20 120,064 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-28 18:20 73,728 a----r-- c:\windows\system32\RtNicProp32.dll
2009-08-28 18:20 <DIR> --d----- c:\program files\Realtek
2009-08-28 18:19 5,441 a------- c:\windows\Ascd_tmp.ini
2009-08-28 18:19 10,288 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-08-28 18:19 <DIR> --d----- c:\docume~1\-\applic~1\Identities
2009-08-28 18:19 <DIR> --ds---- c:\documents and settings\-\Cookies
2009-08-28 18:19 <DIR> --ds---- c:\docume~1\-\applic~1\Microsoft
2009-08-28 18:19 <DIR> --d-hr-- c:\documents and settings\-\Application Data
2009-08-28 18:19 <DIR> --d-h--- c:\documents and settings\-\Local Settings
2009-08-28 18:19 <DIR> --d--r-- c:\documents and settings\-\My Documents
2009-08-28 18:19 <DIR> --d--r-- c:\documents and settings\-\Favorites
2009-08-28 18:19 <DIR> --d----- c:\documents and settings\-\Desktop
2009-08-28 18:19 4,718,592 a---h--- c:\documents and settings\-\NTUSER.DAT
2009-08-28 18:19 <DIR> --d-hr-- c:\documents and settings\-\SendTo
2009-08-28 18:19 <DIR> --d-h--- c:\documents and settings\-\Templates
2009-08-28 18:19 <DIR> --d-h--- c:\documents and settings\-\PrintHood
2009-08-28 18:19 <DIR> --d-h--- c:\documents and settings\-\NetHood
2009-08-28 18:19 <DIR> --d--r-- c:\documents and settings\-\Start Menu
2009-08-28 18:19 <DIR> --d----- c:\documents and settings\-
2009-08-28 18:18 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-28 18:09 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-28 18:07 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-08-28 18:06 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-28 18:06 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-28 18:06 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-28 18:05 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-28 18:04 <DIR> --d----- c:\program files\Online Services
2009-08-28 18:04 <DIR> --d----- c:\program files\Messenger
2009-08-28 18:04 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-28 18:04 <DIR> --d----- c:\program files\Windows NT
2009-08-28 14:00 <DIR> --d----- c:\program files\common files\ODBC
2009-08-28 14:00 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-28 14:00 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-08-29 18:20 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-28 18:58 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-28 18:40 117,088 a------- c:\windows\hpoins11.dat
2009-08-28 18:05 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:49:25.81 ===============

Attached Files

Attach.txt 4.91KB 0 downloads
ark.txt 10.29KB 0 downloads

Edited by Ace.Of.Spades., 12 September 2009 - 07:08 PM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Net_Surfer

Banned
2,154 posts
OFFLINE

Gender:Male
Local time:09:04 AM

Posted 27 September 2009 - 11:17 PM

Hello and to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:

Posted Image

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Kind regards
Net_Surfer

Back to top

#3 teacup61

Bleepin' Texan!

Malware Response Team
17,075 posts
OFFLINE

Gender:Female
Location:Wills Point, Texas
Local time:11:04 AM

Posted 08 October 2009 - 05:23 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic