Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection


  • This topic is locked This topic is locked
1 reply to this topic

#1 kai0909

kai0909

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 15 May 2009 - 04:02 AM

Hi, I have some sort of infection on my computer, I don't know what it is and have tried many programs to detect it, but nothing has worked. The problem is that whatever I have is blocking my anti-virus and spyware/malware removal programs from updating and also is blocking windows update and certain websites (including yours). I was being helped in another forum and he told be about trying to update/access the restricted sites through open dns, which is how im able to reach your site at this moment. Here is a link to that forum so that you may can see what i've done to try and figure out whats wrong http://forum.kaspersky.com/index.php?showtopic=116488

DDS (Ver_09-05-14.01) - NTFSx86
Run by Kai at 3:53:52.40 on Fri 05/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1400 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kai\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nbc.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GEST] "c:\program files\gigabyte\gest\RUN.exe"
mRun: [DeathAdder] "c:\program files\razer\deathadder\razerhid.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files\google\gmail notifier\gnotify.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
StartupFolder: c:\docume~1\kai\startm~1\programs\startup\auto shutdown.lnk - c:\program files\ali keshavarz\auto shutdown\AutoShutdown.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: att.net
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: {A1A6D365-6016-48B4-A8A3-039FCD7D14BC} = 208.67.222.222,208.67.220.220
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kai\applic~1\mozilla\firefox\profiles\5x57o0h2.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-3-3 110360]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2008-8-28 12288]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-1-27 175888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 89600]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-8-28 22784]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2008-8-28 55816]
S3 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe [2007-3-9 200768]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2008-8-28 31104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\video3d32.sys --> c:\windows\system32\drivers\Video3D32.sys [?]

=============== Created Last 30 ================

2009-05-15 03:36 <DIR> --d----- C:\RootkitNO
2009-05-15 03:36 2 a--shrot c:\windows\winstart.bat
2009-05-15 03:36 <DIR> --d----- c:\program files\UnHackMe
2009-05-15 02:51 <DIR> --dsh--- c:\documents and settings\kai\IECompatCache
2009-05-15 02:26 45,056 -------- c:\windows\system32\KmRemove.exe
2009-05-15 02:26 <DIR> --d----- c:\program files\HP Wireless Keyboard
2009-05-15 02:20 <DIR> --dsh--- c:\documents and settings\kai\PrivacIE
2009-05-15 02:17 <DIR> --dsh--- c:\documents and settings\kai\IETldCache
2009-05-15 00:50 <DIR> --d----- c:\windows\ie8updates
2009-05-15 00:49 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-15 00:47 <DIR> -cd-h--- c:\windows\ie8
2009-05-14 04:22 <DIR> --d----- C:\quarantine
2009-05-14 04:18 <DIR> --d----- C:\asda
2009-05-14 02:36 <DIR> --d----- c:\docume~1\kai\applic~1\Malwarebytes
2009-05-14 02:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 02:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-14 02:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-14 00:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-14 00:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-14 00:17 <DIR> --d----- c:\docume~1\kai\applic~1\SUPERAntiSpyware.com
2009-05-13 21:59 <DIR> a-dshr-- C:\cmdcons
2009-05-13 21:58 <DIR> --d----- C:\12313
2009-05-13 21:51 <DIR> --d----- C:\as12sa
2009-05-11 00:35 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-07 23:27 0 a------- c:\windows\popcreg.dat
2009-05-07 23:27 <DIR> --d----- c:\program files\PopCap Games
2009-05-06 20:30 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-05 22:55 <DIR> --d----- c:\windows\Cache
2009-05-05 22:55 <DIR> --d----- c:\program files\Coupons
2009-05-05 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-05-05 22:51 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-05-05 22:51 118,272 a------- c:\windows\system32\hpz3l5ha.dll
2009-05-05 22:50 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-05-05 22:50 970,752 a----r-- c:\windows\system32\hpotiop5.dll
2009-05-05 22:50 729,088 a----r-- c:\windows\system32\hpowiax5.dll
2009-05-05 22:50 364,544 a----r-- c:\windows\system32\hppldcoi.dll
2009-05-05 22:50 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-05-05 22:50 303,104 a----r-- c:\windows\system32\hpovst12.dll
2009-05-05 22:50 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-05-05 22:47 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-05 22:46 <DIR> --d----- c:\program files\common files\HP
2009-05-05 22:45 <DIR> --d----- c:\program files\HP
2009-05-05 22:45 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-05-05 22:45 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-05 22:45 164,906 a------- c:\windows\hpoins21.dat
2009-05-05 22:45 7,262 -------- c:\windows\hpomdl21.dat
2009-05-03 00:19 7,680 a--sh--- c:\windows\Thumbs.db
2009-05-03 00:19 3,072 a--sh--- C:\Thumbs.db
2009-05-03 00:14 <DIR> --d----- C:\my art
2009-05-02 22:23 <DIR> --d----- c:\program files\Bonjour
2009-05-02 22:16 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-04-16 00:56 <DIR> --d----- c:\docume~1\kai\applic~1\Braid
2009-04-15 20:23 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-05-15 03:53 713,504 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-15 03:51 19,923,488 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-15 03:47 16,608 ac------ c:\windows\gdrv.sys
2009-05-15 03:43 267,836 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-15 03:43 67,868 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-23 11:22 141,568 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-03-26 22:29 65,024 a------- c:\windows\IFinst26.exe
2009-03-17 21:55 3,625 a------- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-03-17 21:55 1,073,528 a------- c:\windows\system32\SpoonUninstall.exe
2009-03-17 21:42 3,328 a------- c:\windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat
2009-03-17 21:40 1,844 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2009-03-17 21:40 2,228 a------- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-03-17 21:40 11,473 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2009-03-17 21:40 3,008 a------- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-03-17 21:40 3,061 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-03-17 21:40 3,153 a------- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-03-17 21:40 3,107 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-03-17 21:39 2,987 a------- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-03-17 21:39 2,843 a------- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-03-17 21:38 8,457 a------- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-03-10 21:40 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:18 73,728 a------- c:\windows\system32\RtNicProp32.dll

============= FINISH: 3:54:12.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kai0909

kai0909
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 15 May 2009 - 11:25 PM

u can delete this thread. i dont need any help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users