Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojans and Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 1515

1515

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 24 July 2009 - 07:34 PM

...start menu will not allow me to click on programs. Please help!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sarah at 15:54:51,01 on 24/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1019 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Internet Explorer\Iexplore.exe
D:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Protection System] c:\program files\protection system\psystem.exe
mRun: [AirPaceWifi] "c:\program files\abit\abit uguru\AirPaceWifi.exe" -nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [msupdate] msupdate.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lancem~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sarah\applic~1\mozilla\firefox\profiles\9wwf63tf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-10 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-10 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2007-12-25 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2007-12-25 23672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-10 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-10 298776]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2007-12-25 544512]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [2007-12-24 556832]
S3 kuzb;kuzb;\??\d:\downloads\oh no\kuzb.sys --> d:\downloads\oh no\kuzb.sys [?]

=============== Created Last 30 ================

2009-07-21 21:36 <DIR> --d----- c:\program files\Protection System
2009-07-21 21:23 257,536 a------- c:\windows\system32\resdll.dll
2009-07-21 21:22 52,224 a------- c:\windows\system32\mcenspc.dll
2009-07-19 13:27 <DIR> --d----- c:\program files\Bethesda Softworks
2009-07-19 13:24 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-19 13:23 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-19 13:23 <DIR> --d----- c:\windows\system32\xlive
2009-07-18 22:59 <DIR> --d----- c:\program files\VideoLAN
2009-07-18 13:55 <DIR> --d----- c:\program files\Thief - Deadly Shadows
2009-07-18 13:50 <DIR> --d----- c:\program files\Halflife 2
2009-07-18 13:31 139,264 a------- c:\windows\War3Unin.exe
2009-07-18 13:31 63,187 a------- c:\windows\War3Unin.dat
2009-07-18 13:31 2,829 a------- c:\windows\War3Unin.pif
2009-07-18 13:20 <DIR> --d----- c:\program files\Fallout 3
2009-07-18 13:20 <DIR> --d----- C:\New Folder
2009-07-18 13:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-18 13:07 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-18 13:07 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-18 13:03 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-18 13:03 <DIR> --d----- c:\docume~1\sarah\applic~1\DAEMON Tools Lite
2009-07-18 12:54 <DIR> --d----- c:\program files\Portal
2009-07-17 15:09 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-17 13:14 <DIR> --d----- c:\program files\Western Digital Corporation
2009-07-17 13:14 <DIR> --d----- c:\program files\Western Digital
2009-07-13 12:47 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-07-13 12:47 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-13 12:47 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-13 12:47 31,616 a------- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-07-07 09:21 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 23:40 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-02 12:36 108,144 a------- c:\windows\system32\CmdLineExt.dll

============= FINISH: 15:56:19,40 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:46 PM

Posted 03 August 2009 - 11:24 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 1515

1515
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 August 2009 - 04:27 PM

Hello Syler,

My name is Isis. Thanks so much for taking time to help me!

Okay, so Malwarebytes appears to install correctly, however, I cannot get the program to launch. There are no error messages or anything weird, it just doesn't start up.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:46 PM

Posted 03 August 2009 - 04:29 PM

Hi Isis,

Please try renaming MBAM to anything.exe if that doesn't work try anything.bat let me no if you still can't get it to run.

Cheers

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:46 PM

Posted 07 August 2009 - 06:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users