Please help me with may problem. I've been suffring from an "attack" I don't know what it caused.
I've some behavioral changes in may computer:
1) My IE homepage is set to http://rnd009.googlepages.com/google.html.
2) My TASK MANAGER, REGISTRY EDITOR and FOLDER OPTION IS DISABLED.
3) I've found out when I transfer a file into a CLEAN/NEWLY FORMATTED Flash Drive it also send gphone.exe as I look it into the attributes of my Flash Drive.
4) It also create a New Folder.exe as I transfer files. I've also notice that inside a specific folder it also created same folder. Example: I have Folder A when I transfer this Folder into my Flash Drive, it will create a folder inside my Folder A named after it.
Thanks in advance guys.
I also run dds for this and here is the result:
DDS (Ver_09-02-01.01) - NTFSx86
Run by cssioson at 11:45:17.43 on 02-27-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.642 [GMT 8:00]
AV: avast! antivirus 4.8.1229 [VPS 090225-1] *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cssioson\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = https://home.cocoplans.com:39920/ITD/default.aspx
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = mail.cocoplans.com:3128
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
uPolicies-system: Wallpaper = \\coconet\corporate wallpaper\Wallpaper_December_08.jpg
uPolicies-system: WallpaperStyle = 2
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
============= SERVICES / DRIVERS ===============
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-7-17 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-15 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-15 147640]
R2 NBXPacket;NBX Packet Driver;c:\windows\system32\drivers\NBXPkt2k.sys [2008-7-18 8495]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-15 250040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-15 348344]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-18 33752]
=============== Created Last 30 ================
2009-02-27 10:52 <DIR> --d----- c:\windows\ERUNT
2009-02-27 10:50 <DIR> --d----- C:\backups
2009-02-27 10:50 <DIR> --d----- C:\backupreg
2009-02-27 10:50 146,432 a------- C:\editreg.exe
2009-02-27 10:50 27,136 a------- C:\rtsdnif.exe
2009-02-27 10:50 11,264 a------- C:\attrib.exe
2009-02-27 10:50 9,216 a------- C:\dnif.exe
2009-02-27 10:24 <DIR> --d----- C:\SDFix
2009-02-27 08:10 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-27 08:09 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-27 08:09 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-27 08:09 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-27 08:09 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-27 08:09 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-27 08:09 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-27 08:09 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-27 08:09 <DIR> --d----- C:\6744dfb33442ae9af86ec395d046df50
2009-02-27 08:07 <DIR> --d----- c:\program files\MSXML 6.0
2009-02-26 10:46 <DIR> a-dshr-- C:\autorun.inf
2009-02-26 08:15 <DIR> --d----- C:\Sys Dev't
2009-02-26 07:29 163,840 -c------ c:\windows\system32\dllcache\jgdw400.dll
2009-02-26 07:29 27,648 -c------ c:\windows\system32\dllcache\jgpl400.dll
2009-02-26 07:28 28,672 -------- c:\windows\system32\verclsid.exe
2009-02-26 07:27 453,120 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 14:01 <DIR> --d----- c:\program files\Trend Micro
2009-02-24 12:48 410,449 a--shr-- c:\windows\system32\gphone.exe
2009-02-24 12:48 410,449 a------- c:\windows\gphone.exe
2009-02-18 13:32 <DIR> --d----- c:\docume~1\cssioson\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-18 12:03 <DIR> --d----- C:\WebXML
2009-02-12 07:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-12 07:06 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-11 08:34 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-11 08:34 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 08:34 2,057,600 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-11 08:34 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 08:33 172,416 -c------ c:\windows\system32\dllcache\kmixer.sys
2009-02-11 08:33 82,944 -c------ c:\windows\system32\dllcache\wdmaud.sys
2009-02-11 08:33 6,400 -c------ c:\windows\system32\dllcache\splitter.sys
2009-02-11 08:33 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-11 08:33 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-11 08:33 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-11 08:33 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-11 08:33 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-11 08:33 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-11 08:33 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-11 08:33 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-10 07:29 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-04 15:00 <DIR> --d----- C:\ITD Inventory Documents
2009-02-04 08:30 <DIR> --d----- c:\program files\MSN Messenger
2009-02-04 08:17 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-03 17:12 <DIR> --d----- c:\documents and settings\cssioson\Tracing
2009-02-03 17:05 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-02-03 16:59 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-03 10:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GRETECH
2009-02-03 10:17 <DIR> --d----- c:\program files\GRETECH
2009-02-03 07:18 268 a---h--- C:\sqmdata02.sqm
2009-02-03 07:18 244 a---h--- C:\sqmnoopt02.sqm
==================== Find3M ====================
2009-02-27 09:10 36,912 a------- c:\docume~1\cssioson\applic~1\GDIPFONTCACHEV1.DAT
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-20 07:57 249,856 -------- c:\windows\Setup1.exe
2009-01-05 16:10 354,560 a------- c:\windows\system32\TuneUpDefragService.exe
2008-12-21 07:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-16 09:07 25,504 a------- c:\windows\system32\emptyregdb.dat
============= FINISH: 11:45:43.52 ===============
Hope we can fix this out.
Keep safe and More Power