|
Re: Programs Restricted/no desktop/Virtumonde
Since you had asked for DDS.txt following Combofix.txt in a prior post, in which I was unable to preform due to the lack of booting into Normal mode with desktop control,
I can now run it and here it is:
DDS (Version 1.0) - NTFSx86
Run by ME! at 15:02:20.01 on 2008-11-16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1711 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ME!\Desktop\dds.scr
============== Psuedo HJT Report ===============
uStart Page = hxxp://www.myspace.com/
mSearch Bar =
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
IE: c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {777B9D40-F35A-471A-A863-F6E7B3FC9751} = 208.67.220.220,208.67.222.222
TCP: {861BEBB0-E147-491F-B363-309EEC201B53} = 208.67.220.220,208.67.222.222
TCP: {9F1519AE-0148-44FB-9E19-8D4A8112F5C6} = 208.67.220.220,208.67.222.222
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} -
Notify: __c0024348 - c:\windows\system32\__c0024348.dat
Notify: __c00387E4 - c:\windows\system32\__c00387E4.dat
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 IOPort;IOPort;\??\c:\windows\system32\drivers\IOPORT.SYS
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe"
R3 ADM8211;Wireless PC Card;c:\windows\system32\drivers\WLANPCI.sys
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service
S3 WLANNDIS5;WLANNDIS5 NDIS Protocol Driver;\??\c:\progra~1\wirele~1\WLANNDIS5.SYS
=============== Created Last 30 ================
2008-11-16 14:29 35,840 a------- c:\windows\system32\__c00387E4.dat
2008-11-16 14:29 22,291 a------- c:\windows\system32\__c0024348.dat
2008-11-15 23:22 161,792 a------- c:\windows\SWREG.exe
2008-11-15 23:22 98,816 a------- c:\windows\sed.exe
2008-11-15 23:22 <DIR> --d----- C:\ComboFix
2008-11-15 21:26 <DIR> --d----- C:\Old_ComboFix
2008-11-09 23:26 <DIR> --d----- c:\program files\Trend Micro
2008-11-09 22:26 <DIR> a-dshr-- C:\cmdcons
2008-11-08 16:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-08 16:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-08 15:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-07 22:27 250 a------- c:\windows\gmer.ini
2008-11-07 01:28 <DIR> --d----- c:\windows\pss
2008-11-07 00:23 <DIR> --d----- c:\program files\CCleaner
2008-11-05 22:41 <DIR> --d----- c:\windows\ERUNT
2008-11-05 22:35 <DIR> --d----- C:\SDFix
2008-11-05 22:30 <DIR> --d----- C:\ClamWinPortable
2008-11-05 22:28 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-05 22:28 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-05 22:28 12,160 a------- c:\windows\system32\drivers\mouhid.sys
==================== Find3M ====================
2008-11-08 16:57 <DIR> a-d----- c:\program files\Lycos
2008-11-07 00:41 <DIR> --d----- c:\program files\Canon
2008-11-06 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\mralotun
2007-11-20 21:47 <DIR> --d----- c:\docume~1\me!\applic~1\IrfanView
2007-10-19 23:17 <DIR> --d----- c:\docume~1\me!\applic~1\Seekmo
2007-07-05 21:09 <DIR> --d----- c:\docume~1\me!\applic~1\Lexmark Imaging Studio
2007-02-15 22:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Broderbund
2007-01-24 16:31 <DIR> --d----- c:\docume~1\me!\applic~1\Viewpoint
2007-01-24 16:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-07-23 17:54 <DIR> --d----- c:\docume~1\me!\applic~1\ScanSoft
2006-07-23 17:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanWizard
2006-07-23 17:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanAppDataDir
2006-03-23 00:00 <DIR> --d----- c:\docume~1\me!\applic~1\EbkReader
2005-12-25 23:13 <DIR> --d----- c:\docume~1\me!\applic~1\Azureus
2005-12-25 19:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2005-09-13 20:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2005-03-17 18:52 <DIR> --d----- c:\docume~1\me!\applic~1\WeatherBug
2004-10-18 21:37 <DIR> --d----- c:\docume~1\me!\applic~1\Kontiki
2004-06-10 18:54 <DIR> --d----- c:\docume~1\me!\applic~1\Lycos
2004-03-06 03:56 <DIR> --d----- c:\docume~1\me!\applic~1\Jasc Software Inc
2004-03-06 03:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
============= FINISH: 15:02:29.06 ===============
|