Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Problems


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ira Jandel Mejia

Ira Jandel Mejia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 04 February 2009 - 06:46 AM

First of all, I have 3 partitions, C:/ which is my SYSTEM, D:/ which is my FILES and E:/ which is my FILES ALSO... I Formatted my letter C and E because of that crazy thing that keeps saying:

http://img27.imageshack.us/my.php?image=78549910hv1.png

PROBLEMS:
1.) I can't open my HD by DOUBLE CLICK.. I have to explore it
2.) This crazy Virus/Malware/Trojan keeps my AVG and SPYBOT S&D USELESS.. I' can't even update or run my SPYBOT.. it says: error sending request the server name or adress cannot be resolved
4.) even stop ME TO GO FOR ANTI-VIRUS SITES like SPYBOT, NOD32

3.) I can't install some softwares that require INTERNET Validation because this VIRUS keeps blocking whatever kind of things.

SOME THINGS I DO:
I RAN Malwarebytes' anti-malware and this 4 MALWARE appear but when i reboot the problem is still in: SEE AT THE BOTTOM


DDS LOGS:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Mejia Inc at 19:34:12.37 on Wed 02/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.572 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Seagate\SeaTools for Windows\SeaToolsforWindows.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Seagate\SeaTools for Windows\STXENG\stxcon.exe
C:\Documents and Settings\Mejia Inc\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uRun: [Google Update] "c:\documents and settings\mejia inc\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [SoundMan] SOUNDMAN.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-4 38496]

=============== Created Last 30 ================

2009-02-04 19:21 <DIR> --d----- c:\program files\Seagate
2009-02-04 19:10 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-04 18:59 <DIR> --d----- c:\docume~1\mejiai~1\applic~1\Malwarebytes
2009-02-04 18:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 18:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 18:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 18:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 18:59 6,272 ac------ c:\windows\system32\dllcache\splitter.sys
2009-02-04 18:59 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-02-04 18:59 83,072 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-02-04 18:59 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-02-04 18:58 <DIR> --d----- c:\program files\Realtek Sound Manager
2009-02-04 18:58 <DIR> --d----- c:\program files\AvRack
2009-02-04 18:58 <DIR> --d----- c:\program files\Realtek AC97
2009-02-04 18:36 <DIR> --d----- c:\program files\Trend Micro
2009-02-04 18:31 60,928 a----r-- c:\windows\system32\drivers\viamraid.sys
2009-02-04 18:30 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-04 18:29 <DIR> --d----- c:\program files\VIA
2009-02-04 18:28 <DIR> --d----- c:\windows\system32\Tools
2009-02-04 18:28 17,505 a----r-- C:\DBI.EXE
2009-02-04 18:27 383 ---shr-- C:\autorun.inf
2009-02-04 18:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-04 18:25 <DIR> --d----- c:\documents and settings\Mejia Inc
2009-02-04 13:49 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-04 13:49 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-04 13:46 131,584 ac------ c:\windows\system32\dllcache\pmxviceo.dll
2009-02-04 13:45 514,587 ac------ c:\windows\system32\dllcache\edb500.dll
2009-02-04 13:44 2,577 a------- c:\windows\system32\CONFIG.NT
2009-02-04 13:44 0 a------- c:\windows\control.ini
2009-02-04 13:44 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-04 13:44 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-04 13:44 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-04 13:43 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-04 13:43 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-04 13:42 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-04 13:41 <DIR> --d----- c:\program files\Online Services
2009-02-04 13:41 <DIR> --d----- c:\program files\Messenger
2009-02-04 13:41 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-04 13:40 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-02-04 13:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-04 13:41 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:34:20.04 ===============


HIJACKTHIS LOGS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:00 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Seagate\SeaTools for Windows\SeaToolsforWindows.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Seagate\SeaTools for Windows\STXENG\stxcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mejia Inc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--
End of file - 2106 bytes


MALWARE LOGS:
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/4/2009 7:06:39 PM
mbam-log-2009-02-04 (19-06-39).txt

Scan type: Quick Scan
Objects scanned: 41322
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5510302c-2454-46ae-9ca7-28340a388093}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5510302c-2454-46ae-9ca7-28340a388093}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


Edited by Ira Jandel Mejia, 04 February 2009 - 07:20 AM.


BC AdBot (Login to Remove)

 


#2 Ira Jandel Mejia

Ira Jandel Mejia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 05 February 2009 - 07:34 AM

Damn it.. I already solve the UPDATE PROBLEM AND HD PROBLEM only its that. I SCAN USING MALWAREBYTES... but still SPYBOT WEBSITE ( i can't still access there) and i can't install spybot...

PLEASE HELP ME

Edited by Ira Jandel Mejia, 05 February 2009 - 07:34 AM.


#3 Ira Jandel Mejia

Ira Jandel Mejia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 06 February 2009 - 08:06 AM

NVM.. I solved it on my own, damn it's so hard..

CLOSE THREAD PLEASE

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:35 PM

Posted 17 February 2009 - 10:29 AM

Thanks for telling us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users