Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INFECTED


  • Please log in to reply
1 reply to this topic

#1 drprince

drprince

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 25 September 2009 - 06:53 PM

DDS (Ver_09-09-24.01) - NTFSx86
Run by DRPRINCE at 21:06:54,03 on ˜ 25/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.1919.1428 [GMT 3:00]


============== Running Processes ===============

C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\oodag.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\windows\System32\alg.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\File-Ex 3\FileEx.exe
C:\windows\explorer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DRPRINCE\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [uTorrent] "c:\program files\utorrent\utorrent.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
StartupFolder: c:\docume~1\drprince\startm~1\programs\startup\file-ex.lnk - c:\program files\file-ex 3\FileEx.exe
StartupFolder: c:\docume~1\drprince\startm~1\programs\startup\h2o.lnk - c:\program files\syncrosoft\pos\h2o\cledx.exe
StartupFolder: c:\docume~1\drprince\startm~1\programs\startup\e29f~1.lnk - c:\program files\today\TODAY.EXE
uPolicies-explorer: MaxRecentDocs = 11 (0xb)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220862490359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222813617343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Controls Folder -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-12-28 103680]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-9-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-23 46864]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-25 142592]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-12-28 33792]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2009-3-13 302728]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-9-23 33552]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2005-12-28 28672]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-18 33176]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-4-7 13352]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\magix\samplitude7_pro\mxasio.sys [2006-1-6 4899]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-6-5 42512]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2008-4-7 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2008-4-7 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2008-4-7 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2008-4-7 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2008-4-7 98696]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-12-11 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-12-11 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-12-11 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-12-11 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-12-11 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-12-11 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-12-11 97704]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-4-7 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-4-7 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-4-7 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-4-7 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-4-7 86368]
S4 gupdate1c9a693793fef2a;Google Update Service (gupdate1c9a693793fef2a);c:\program files\google\update\GoogleUpdate.exe [2009-3-17 133104]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-25 04:09 75,188 a------- C:\DriverPack_MassStorage_wnt5_x86-32.ini
2009-09-25 03:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AntiSpyInfo
2009-09-25 02:02 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-25 02:02 <DIR> --d----- c:\docume~1\drprince\applic~1\Spyware Terminator
2009-09-25 02:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-09-25 02:02 <DIR> --d----- c:\program files\Spyware Terminator
2009-09-25 00:35 54,784 a------- c:\windows\system32\rundll32.exe
2009-09-23 23:12 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-23 23:12 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-23 23:12 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-23 21:35 <DIR> --d----- c:\program files\SopCast
2009-09-23 20:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-23 14:58 1,563,008 a------- c:\windows\WRSetup.dll
2009-09-23 14:58 <DIR> --d----- c:\program files\Webroot
2009-09-23 14:58 <DIR> --d----- c:\docume~1\drprince\applic~1\Webroot
2009-09-23 14:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-09-23 14:46 164 a------- c:\windows\install.dat
2009-09-23 00:45 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 19:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 18:34 <DIR> --d----- c:\docume~1\drprince\applic~1\AVG8
2009-09-21 16:48 <DIR> --d----- c:\program files\Enigma Software Group
2009-09-21 15:37 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-21 15:37 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 00:43 18,704 a----r-- c:\windows\system32\drivers\se27nd5.sys
2009-09-06 00:42 90,800 a----r-- c:\windows\system32\drivers\se27unic.sys
2009-09-06 00:42 4,128 a----r-- c:\windows\system32\drivers\se27cr.sys
2009-09-06 00:42 88,688 a----r-- c:\windows\system32\drivers\SE27mgmt.sys
2009-09-06 00:41 86,560 a----r-- c:\windows\system32\drivers\SE27obex.sys
2009-09-06 00:30 97,184 a----r-- c:\windows\system32\drivers\SE27mdm.sys
2009-09-06 00:30 9,360 a----r-- c:\windows\system32\drivers\SE27mdfl.sys
2009-09-06 00:30 6,240 a----r-- c:\windows\system32\drivers\SE27cmnt.sys
2009-09-06 00:30 6,240 a----r-- c:\windows\system32\drivers\SE27cm.sys
2009-09-06 00:29 61,600 a----r-- c:\windows\system32\drivers\SE27bus.sys
2009-09-06 00:29 5,872 a----r-- c:\windows\system32\drivers\SE27whnt.sys
2009-09-06 00:29 5,872 a----r-- c:\windows\system32\drivers\se27wh.sys

==================== Find3M ====================

2009-07-02 03:37 79,360 a------- c:\windows\system32\spoolsv.exe
2008-03-24 03:14 87,608 a------- c:\docume~1\drprince\applic~1\inst.exe
2008-03-24 03:14 47,360 a------- c:\docume~1\drprince\applic~1\pcouffin.sys
2006-01-13 04:30 90 ---sh--- c:\windows\cnerolf.dat
2008-07-18 23:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071820080719\index.dat

============= FINISH: 21:07:13,81 ===============



task bar is frozen every time istart my pc.i use TaskbarRepairToolPlus to unfroze it.cannot acces any microsoft or any antvirus/antimalware/spyware site

i have installed ThreatFire,Malwarebytes' Anti-Malware,Spybot - Search & Destroy,spyware terminator but they are useless and i cannot update them

i started getting alerts for simple things like sending a message with outlook....I attached hijackthis.log hoping it helps

THANK YOU VERY MUCH FOR YOUR CARE!!!!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 12 October 2009 - 08:01 PM

Hello drprince,

Try rebooting into Safe Mode with networking (Tap F8 during startup until a menu appears then select Safe Mode with networking)

Try updating Malwarebyte's AntiMalware and scanning your system.

Let me know the results.

Thanks.
Steven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users