Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds.txt and hijack this attachment zipped please help


  • Please log in to reply
1 reply to this topic

#1 tulipcamp

tulipcamp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 31 December 2008 - 02:31 AM

dds.txt
DDS (Version 1.1.0) - NTFSx86
Run by Valentin Bernacho at 0:59:13.21 on 31/12/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.502.37 [GMT -6:00]

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe
C:\Program Files\Sakar\Mouse Driver\MouseDriver.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hardcopy\hardcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Valentin Bernacho\Desktop\dds program from bleepingcomputers\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2038145
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.14.0_1\MySpaceToolbar.dll
BHO: Demonoid Toolbar: {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - c:\program files\demonoid\tbDemo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.14.0_1\MySpaceToolbar.dll
TB: Demonoid Toolbar: {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - c:\program files\demonoid\tbDemo.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SmartAudio.exe -c
mRun: [DyanPointMouseDriverHelper] c:\program files\sakar\mouse driver\MouseDriver.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\valent~1\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hardcopy.lnk - c:\hardcopy\hardcopy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-12-30 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2008-12-30 234888]

=============== Created Last 30 ================

2008-12-30 23:08 <DIR> --d----- c:\program files\AskBarDis
2008-12-30 23:06 <DIR> --d----- c:\program files\Vuze
2008-12-28 23:06 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-28 23:06 1,409 a------- c:\windows\QTFont.for
2008-12-28 03:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2008-12-28 03:20 <DIR> --d----- c:\docume~1\valent~1\applic~1\Azureus
2008-12-19 02:07 <DIR> --d----- c:\program files\Conduit
2008-12-19 02:07 <DIR> --d----- c:\program files\Demonoid
2008-12-17 23:19 224,016 a------- c:\windows\system32\tabctl32.ocx
2008-12-17 23:19 303,104 a------- c:\windows\system32\ciplListBar.ocx
2008-12-17 23:19 155,648 a------- c:\windows\system32\ciplImageList.ocx
2008-12-17 03:11 23,392 a------- c:\windows\system32\nscompat.tlb
2008-12-17 03:11 16,832 a------- c:\windows\system32\amcompat.tlb
2008-12-16 20:52 <DIR> --d----- c:\docume~1\valent~1\applic~1\MySpace
2008-12-16 20:52 <DIR> --d----- c:\program files\MySpace
2008-12-16 18:58 <DIR> --d----- c:\docume~1\valent~1\applic~1\MiniDm
2008-12-16 03:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-15 15:58 <DIR> --d----- c:\program files\IEPro
2008-12-15 15:58 <DIR> --d----- c:\docume~1\valent~1\applic~1\IEPro
2008-12-15 06:26 208,744 a------- c:\windows\system32\muweb.dll
2008-12-15 06:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-15 06:26 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-15 05:42 <DIR> --dsh--- c:\documents and settings\valentin bernacho\PrivacIE
2008-12-15 05:06 <DIR> --d----- C:\SREngLog
2008-12-15 04:08 <DIR> --d----- C:\MALWAREBYTES
2008-12-15 04:07 <DIR> --d----- C:\HIJACKTHIS
2008-12-15 03:59 <DIR> --d----- c:\program files\Trend Micro
2008-12-15 03:44 <DIR> --d----- c:\docume~1\valent~1\applic~1\Malwarebytes
2008-12-15 03:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-15 03:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 03:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 03:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-15 03:25 81,920 a------- c:\windows\system32\ieencode.dll
2008-12-15 01:20 <DIR> --d----- C:\DOWNLOADS
2008-12-15 00:57 <DIR> --d----- c:\program files\ATTToolbar
2008-12-13 02:25 <DIR> --d----- c:\program files\ABC Amber LIT Converter
2008-12-13 02:23 57,436 a------- c:\windows\DASShp.dll
2008-12-13 02:23 <DIR> --d----- c:\program files\Microsoft Reader
2008-12-09 04:43 <DIR> --d----- c:\docume~1\valent~1\applic~1\My Star World
2008-12-09 04:42 <DIR> --d----- c:\program files\My Star World
2008-12-09 04:41 <DIR> --d----- C:\hardcopy
2008-12-09 04:40 503,808 a------- c:\windows\SwSetupu.exe
2008-12-08 20:39 <DIR> --d----- c:\windows\system32\Adobe
2008-12-07 22:32 <DIR> --d----- c:\program files\Realore
2008-12-07 22:01 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-07 22:01 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys
2008-12-07 21:40 <DIR> --d----- c:\program files\VideoLAN
2008-12-07 06:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 06:20 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-07 06:16 <DIR> --d----- c:\program files\uTorrent
2008-12-07 06:15 <DIR> --d----- c:\docume~1\valent~1\applic~1\uTorrent
2008-12-07 05:28 <DIR> --d----- C:\My Games
2008-12-07 05:28 <DIR> --d----- C:\users
2008-12-07 05:26 <DIR> --d----- c:\program files\RealArcade
2008-12-06 23:21 <DIR> --d----- c:\docume~1\valent~1\applic~1\Zango
2008-12-06 04:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-12-06 04:09 <DIR> --d----- c:\program files\Yahoo! Games
2008-12-06 04:04 <DIR> --d----- c:\windows\system32\scripting
2008-12-06 04:04 <DIR> --d----- c:\windows\l2schemas
2008-12-06 04:04 <DIR> --d----- c:\windows\system32\en
2008-12-06 04:04 <DIR> --d----- c:\windows\system32\bits
2008-12-06 04:02 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-06 03:56 <DIR> --d----- c:\windows\EHome
2008-12-05 13:23 0 a------- C:\.autoreg
2008-12-05 03:53 397,056 -------- c:\windows\system32\s3gnb.dll
2008-12-05 03:52 61,440 -------- c:\windows\system32\kmsvc.dll
2008-12-05 03:51 7,168 -------- c:\windows\system32\bitsprx4.dll
2008-12-05 02:56 991,232 a------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-05 02:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2008-12-05 02:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-05 02:51 138,496 -------- c:\windows\system32\dllcache\afd.sys
2008-12-05 02:51 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-12-05 02:51 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-05 02:49 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 02:49 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 02:49 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 02:49 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 02:47 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 02:47 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 02:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2008-12-05 02:47 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 02:47 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 02:40 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-05 02:40 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-05 02:40 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-05 02:40 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-05 00:22 <DIR> --d----- C:\2Wire_DSL_Setup_Tool

==================== Find3M ====================

2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-06 04:08 82,275 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-21 15:47 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 15:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 07:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 01:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2007-10-30 17:23 0 a------- c:\docume~1\valent~1\applic~1\wklnhst.dat

============= FINISH: 1:00:05.90 ===============


*********************************************************************************************************************************************************************************************************************************************************
i also attached my hijack this log that is zipped.

and

the attachment (from dds.) that is zipped (hope i did it right)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:29 PM

Posted 10 January 2009 - 04:14 PM

Welcome to BC :thumbsup:

Sorry for the delay.

Since its been more than a week, i need a fresh Hijackthis log. Thanks
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users