Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Name of infection is unknown at the moment


  • This topic is locked This topic is locked
2 replies to this topic

#1 steller1

steller1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 18 July 2010 - 04:17 AM

Hello, I have followed all requests asked up untill this stage and regret not providing a better title and description and will explain . I have suspected that some kind of threat were hidden in my operating system for some time but did not know what it may be or where it may be hidden. This morning a message from verizon.net appeared saying that i need to make changes to my e-mail settings due to a possible threat , the changes were something to do with a port or socket , and that i should contact tech support by calling a phone number they provided. I were asked to let them have remote access to my pc. She did not know anything about the message i recieved but she was concerned about my slow connection speed and after a minute or so said that she noticed some strange activity and that it most likely is a virus or some othe type of infection. I asked her if she could give me any further details and she said that she were not an expert in the field and that i need to seek the help of a professional. I am now doing just that. I know it is not much to go on and hope that the logs will help fill in the blanks. One other thing the woman had me do were to uninstall any threat detection software that i installed. If i knew what i were dealing with i would do some research and give it a shot myself , but i am a rookie and want you all to know that i am greatfull for the time and effort you are giving to help me out and i will be patient until i hear from you. Good Luck, I truly am greatfull to you. Thanks.

rastelle..... rastelle@verizon.net


DDS (Ver_10-03-17.01) - NTFSx86
Run by EXCITER at 22:18:25.87 on Sat 07/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.854 [GMT -7:00]

AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EXCITER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1279223464781
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264055351493
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-6-29 689392]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-12-4 31640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-6-11 206120]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]
S3 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-6-11 185640]
S4 BgRaSvc;BgRaSvc;"c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe" --> c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [?]
S4 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2004-8-4 14336]
S4 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
S4 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
S4 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
S4 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2004-8-4 14336]
S4 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\bullguardscanner.exe --> c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [?]
S4 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\bullguardupdate.exe --> c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [?]
S4 FilesystemWatcher;Filesystem Watcher;"c:\program files\verizon\online backup & sharing\filesystem watcher\digidata.filesystemwatcher.service.watcher.exe" --> c:\program files\verizon\online backup & sharing\filesystem watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [?]
S4 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\verizon\online backup & sharing\scheduler\OnlineBackup.SchedulerService.exe [2010-2-10 20480]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-21 1201640]

=============== Created Last 30 ================

2010-07-17 19:22:22 61555 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-07-17 16:35:44 0 d-----w- c:\docume~1\exciter\applic~1\Jasc
2010-07-17 16:21:20 0 d-----w- c:\program files\Jasc Software Inc
2010-07-16 00:52:17 0 d-----w- C:\SMS2003ScanTools_ENU
2010-07-15 20:53:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-07-15 20:35:05 0 d-----w- c:\windows\Logs
2010-07-15 16:28:43 0 dc-h--w- c:\windows\ie8
2010-07-09 23:20:09 0 d-----w- c:\docume~1\exciter\applic~1\Stellarium
2010-07-09 23:17:33 0 d-----w- c:\program files\Stellarium
2010-07-08 22:08:23 88 --sh--r- c:\docume~1\alluse~1\applic~1\12A1CDC535.sys
2010-07-08 22:08:22 5018 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-07-08 21:01:00 0 d-----w- c:\windows\system32\windows media
2010-07-08 21:00:49 0 d--h--w- c:\windows\msdownld.tmp
2010-07-08 21:00:26 0 d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-07-08 20:59:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-07-08 20:56:49 0 d-----w- c:\program files\common files\Protexis
2010-07-08 20:52:24 0 d-----w- c:\program files\common files\Corel
2010-07-08 20:51:16 0 d-----w- c:\program files\Windows Media Components
2010-07-08 20:50:46 0 d-----w- c:\program files\common files\Ulead Systems
2010-07-08 20:50:31 0 d-----w- c:\program files\Corel
2010-07-08 20:49:56 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-06 18:24:31 96 ----a-w- c:\windows\Winsus0.dat
2010-07-06 16:46:18 0 d-----w- c:\windows\USB-IrDA
2010-07-06 16:44:47 0 d-----w- c:\program files\Susteen
2010-07-02 16:32:25 0 d-----w- c:\program files\common files\Motive
2010-07-02 08:33:18 0 d-----w- c:\windows\system32\NtmsData
2010-06-30 16:55:12 0 d-----w- C:\2751021196a8730d469e776cd102e8c6
2010-06-30 11:27:52 58832 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2010-06-30 02:26:43 0 d-----w- c:\windows\system32\CatRoot_bak
2010-06-30 00:26:56 8611328 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2010-06-30 00:23:12 279368 ----a-w- c:\windows\sediag.exe
2010-06-29 23:54:26 0 d-----w- c:\program files\VERIZONDM
2010-06-29 23:54:21 9830400 ----a-w- c:\windows\VerizonDM.msi
2010-06-29 22:16:23 0 d-----w- c:\docume~1\exciter\applic~1\Registry Mechanic
2010-06-22 05:19:46 754 ----a-w- c:\windows\WORDPAD.INI
2010-06-21 08:24:19 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-06-21 08:24:19 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-06-21 08:24:19 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-06-21 00:02:39 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-06-21 00:02:38 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-20 15:58:39 0 ----a-w- c:\documents and settings\exciter\pslist

==================== Find3M ====================

2010-06-16 07:12:03 1298432 ----a-w- c:\windows\system32\dxdiag.exe
2010-06-08 09:08:54 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-06-02 11:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-19 13:38:34 227840 ----a-w- c:\windows\system32\avtapi.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 10:19:50 98128 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 22:18:56.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:05 AM

Posted 25 July 2010 - 08:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:05 AM

Posted 06 August 2010 - 04:27 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users