Results 1 to 2 of 2

Thread: Files req 4 help w/Dealio malware

  1. 2010-09-19, 04:42 #1
    Rslimgood
    Rslimgood is offline
    Junior Member
    Join Date
    Sep 2010
    Posts
    4

    Default Files req 4 help w/Dealio malware

    Please find attached the requested files for assistance DDS.txt, attach.zip
    Having trouble getting attach.zip to copy; will send on follow up thread. Sorry


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 23:42:23.43 on Wed 08/11/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.78 [GMT -4:00]

    AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner.MAINPC\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.verizon.net/central/vzc.portal
    uSearch Page = hxxp://srch-qus10.hpwis.com/
    uDefault_Page_URL = hxxp://qus10.hpwis.com/
    uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
    uSearch Bar = hxxp://srch-qus10.hpwis.com/
    mSearch Bar = hxxp://srch-qus10.hpwis.com/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
    BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
    BHO: Blubster Toolbar Helper: {09aa6c75-179e-42e0-82f7-302603339a82} - c:\program files\blubster toolbar\v3.3.0.1\Blubster_Toolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
    BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
    TB: Blubster Toolbar: {7efbc57c-cd57-481f-b794-648fce9c9116} - c:\program files\blubster toolbar\v3.3.0.1\Blubster_Toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [RecordNow!]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Blubster] c:\program files\blubster\Blubster.exe SILENT
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    StartupFolder: c:\docume~1\owner~1.mai\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\SpySub.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\versio~1.lnk - c:\windows\installer\{c1edc38f-2760-4a4e-9ced-95b53024134c}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    Trusted Zone: blackboard.com\hcconline
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-6-20 179984]
    R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
    R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
    R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
    R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]
    R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
    R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
    R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
    S2 gupdate1ca9d4e763f275c;Google Update Service (gupdate1ca9d4e763f275c);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 133104]
    S2 mrtRate;mrtRate; [x]

    =============== Created Last 30 ================

    2010-08-10 21:57:50 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
    2010-08-10 14:13:48 271704 ----a-r- c:\windows\system32\hpzids01.dll
    2010-08-10 14:13:48 121344 ----a-w- c:\windows\system32\hpf3l083.dll
    2010-08-10 14:12:59 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
    2010-08-10 14:12:59 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
    2010-08-10 14:12:59 372736 ----a-r- c:\windows\system32\hppldcoi.dll
    2010-08-10 14:12:59 309760 ----a-r- c:\windows\system32\difxapi.dll
    2010-08-10 14:12:59 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
    2010-08-10 14:04:59 0 d-----w- c:\docume~1\owner~1.mai\applic~1\HpUpdate
    2010-08-10 14:03:28 0 d-----w- c:\program files\HP Photo Creations
    2010-08-10 14:03:28 0 d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations
    2010-08-10 13:36:17 171887 ----a-w- c:\windows\hpoins37.dat
    2010-08-10 13:36:16 558 ------w- c:\windows\hpomdl37.dat
    2010-08-04 02:28:04 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini
    2010-07-14 19:19:01 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

    ==================== Find3M ====================

    2010-08-12 03:42:04 1650464 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2010-08-12 03:38:50 171892256 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-08-12 02:30:13 155708 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2010-08-12 02:30:12 2302556 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-08-11 04:42:09 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2008-10-25 23:11:08 11738 ----a-w- c:\program files\common files\ydadiduzi.lib
    2004-10-17 07:06:26 0 --sha-w- c:\windows\sminst\HPCD.sys
    2008-10-26 03:57:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
    2007-05-14 04:00:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007051220070513\index.dat
    2007-08-20 17:47:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007081820070819\index.dat
    2007-09-02 16:11:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007090220070903\index.dat
    2007-12-17 19:10:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007121220071213\index.dat
    2007-12-24 13:42:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007122120071222\index.dat
    2008-01-28 11:24:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008012720080128\index.dat
    2008-07-03 02:40:22 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062720080628\index.dat
    2008-09-30 00:55:08 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat
    2008-10-06 12:30:58 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat
    2008-10-28 02:28:07 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102020081027\index.dat
    2008-10-28 02:32:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat
    2008-10-28 12:59:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102820081029\index.dat
    2009-02-27 16:41:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022720090228\index.dat

    ============= FINISH: 23:44:08.75 ===============
  2. 2010-09-19, 08:33 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,966

    Default

    http://forums.spybot.info/showthread...750#post383750

    New topic started, this one closed.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules