Thread: Downloader.Delf.12.AN
View Single Post
Old 11-12-2008, 04:29 PM   #3 (permalink)
paul.hunt
Registered User
 
Join Date: Nov 2008
Posts: 14
OS: Windows XP Home SP2


Re: Downloader.Delf.12.AN
Yes, I did misunderstand.

dds.txt:

DDS (Version 1.0) - NTFSx86
Run by Ben at 18:08:27.56 on Wed 11/12/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.446 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Ben\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {10708868-CEF5-49E5-A211-A8339B8F7188} - c:\windows\system32\dsoun.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EPSON Stylus Photo 820 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S0EIC1.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo 820"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui -igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R0 edpwofvk;edpwofvk;c:\windows\system32\drivers\megvtacw.dat
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe

=============== Created Last 30 ================

2008-11-10 19:30 <DIR> --d----- c:\program files\trend micro
2008-11-10 19:19 250 a------- c:\windows\gmer.ini
2008-11-10 14:50 <DIR> --d----- c:\program files\Lavasoft
2008-11-10 14:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-10 14:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-10 14:30 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-10 14:30 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-10 14:30 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-10 14:30 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-10 13:22 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-10 13:22 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-10 13:22 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-10 13:22 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-10 13:22 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-10 13:22 <DIR> --d----- c:\docume~1\ben\applic~1\PC Tools
2008-11-07 20:22 1,152 a------- c:\windows\system32\windrv.sys
2008-11-07 20:22 <DIR> --d----- c:\program files\SpyNoMore
2008-11-07 12:47 161,792 a------- c:\windows\SWREG.exe
2008-11-07 12:47 98,816 a------- c:\windows\sed.exe
2008-11-07 12:42 <DIR> --dshr-- C:\cmdcons
2008-11-07 12:42 <DIR> --d----- c:\windows\setup.pss
2008-11-07 12:42 <DIR> --d----- c:\windows\setupupd
2008-11-06 09:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-06 09:52 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-06 09:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-06 09:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-06 09:52 <DIR> --d----- c:\docume~1\ben\applic~1\AVGTOOLBAR
2008-11-06 09:51 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-06 09:51 <DIR> --d----- c:\program files\AVG
2008-11-06 09:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-06 09:30 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-06 09:30 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-11-06 09:30 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-11-06 09:30 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys

==================== Find3M ====================

2008-11-06 09:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-08-28 05:04 333,056 -------- c:\windows\system32\dllcache\srv.sys
2008-08-26 16:16 348,160 a------- c:\windows\system32\msvcr71.dll
2008-08-19 04:38 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2008-06-14 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2008-06-09 05:47 <DIR> --d----- c:\docume~1\ben\applic~1\McAfee.com Personal Firewall
2008-03-02 08:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2008-01-07 06:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2007-04-26 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2006-10-28 11:03 <DIR> --d----- c:\docume~1\ben\applic~1\Quark
2006-10-21 05:47 <DIR> --d----- c:\docume~1\ben\applic~1\FotoWire
2006-09-20 16:20 <DIR> --d----- c:\docume~1\ben\applic~1\Corel Photo Album
2006-08-06 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Quark
2006-06-14 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2006-06-14 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2004-08-10 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2007-08-24 18:27 1,135 ---sh--- c:\windows\fonts\ntp2.ini2
2007-02-18 14:41 88 ---shr-- c:\windows\system32\D47D29D109.sys
2007-02-18 14:41 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:09:22.98 ===============
Attached Files
File Type: zip Attach.zip (3.4 KB, 1 views)
File Type: txt gmer.txt (223.1 KB, 1 views)
paul.hunt is offline