Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New AI Algorithm Can Fix Grainy Images Without Looking at Clean Photos

Featured Deal: Deal for 77% off a NordVPN 3 Year VPN Subscription

Photo

am I infected or what? (HELP..!)

Started by Rekhyt , Nov 06 2009 07:42 AM

  • Please log in to reply
1 reply to this topic

#1 Rekhyt

Rekhyt

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:06:39 PM

Posted 06 November 2009 - 07:42 AM

I don't know what happen to my computer, it's easily hung, sometime just after log on, and sometimes i got to press power button to shut down computer, because noting response. anyone here could help me to solve the problem, here i show my Runscanner logfile result.

Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : SAMIR-UIE
Creation time : 11/6/2009 7:24:50 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.9.0.9
User Language : English (United States)
User rights : Administrator
Windows folder : C:\windows

Running processes
-----------------
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
* C:\windows\System32\alg.exe (Microsoft Corporation)
* C:\windows\system32\csrss.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\System32\svchost.exe (Microsoft Corporation)
* C:\windows\System32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
* C:\windows\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
* C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
* C:\Documents and Settings\Samir & Uie\Desktop\runscanner.exe (Runscanner.net)
* C:\windows\system32\services.exe (Microsoft Corporation)
* C:\windows\system32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
* C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
* C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
* C:\windows\Explorer.EXE (Microsoft Corporation)
* C:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
C:\Program Files\Common Files\Systemsasd\WINSERV32.exe
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
* C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
* C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

Unrated items
-------------
002 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
010 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service)
010 C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira AntiVir Guard)
010 C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira AntiVir Scheduler)
010 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (Hotspot Shield Routing Service)
010 C:\Program Files\Hotspot Shield\bin\openvpnas.exe (Hotspot Shield Service)
010 C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (Hotspot Shield Tray Service)
010 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex)
010 * C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Drive Defrag Service)
010 * C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Utilities Service)
010 C:\Program Files\Common Files\Systemsasd\WINSERV32.exe (WINSERV32)
011 * C:\windows\system32\DRIVERS\taphss.sys (Anchorfree HSS Adapter)
011 * C:\Program Files\Avira\AntiVir Desktop\avgio.sys (avgio)
011 * C:\windows\system32\DRIVERS\avgntflt.sys (avgntflt)
011 * C:\windows\system32\DRIVERS\avipbb.sys (avipbb)
011 C:\windows\system32\DRIVERS\UIUSYS.SYS (Conexant Setup API)
011 C:\windows\system32\drivers\Dyncal.sys (Dynamic Calibration Service)
011 * C:\windows\system32\DRIVERS\hotcore3.sys (hc3ServiceName)
011 C:\windows\System32\Drivers\sptd.sys (sptd)
011 * C:\windows\system32\DRIVERS\ssmdrv.sys (ssmdrv)
011 * C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUpUtilitiesDrv)
035 C:\temp\install\install\dllwin.exe {12MW38YA-6E13-614D-4VUC-443KN3811RSD}
041 C:\Program Files\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
045 C:\Program Files\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
052 C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) {F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
052 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
052 C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) {000123B4-9B42-4900-B3F7-F4B073EFC214}
060 GUID / CLSID not found {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
061 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\Program Files\TeraCopy\TeraCopy.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}
061 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
061 * C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll (TuneUp Software) {4838CD50-7E5D-4811-9B17-C47A85539F28}
061 * C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll (TuneUp Software) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
061 * C:\windows\System32\uxtuneup.dll (TuneUp Software) {44440D00-FF19-4AFC-B765-9A0970567D97}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
073 Automatic troubleshooting.job : C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe (TuneUp Software)
102 GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
105 &Download by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
105 &Grab video by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
105 Add to Google Photos Screensa&ver : res://C:\windows\system32\GPhotos.scr/200
105 Do&wnload selected by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
105 Down&load all by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
173 GUID / CLSID not found
173 GUID / CLSID not found
173 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
173 * C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll (TuneUp Software) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
180 HKEY_CLASSES_ROOT htafile : NOTEPAD.EXE %1
221 GUID / CLSID not found
221 GUID / CLSID not found
221 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
221 * C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll (TuneUp Software) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223 C:\Program Files\Smadav\SmadExt.dll (Smadsoft) {D036DC1D-DF35-4B6B-81B8-DD0FE2DF6905}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 GUID / CLSID not found
225 GUID / CLSID not found
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Smadav\SmadExt.dll (Smadsoft) {D036DC1D-DF35-4B6B-81B8-DD0FE2DF6905}
225 C:\Program Files\Smadav\SmadExt.dll (Smadsoft) {D036DC1D-DF35-4B6B-81B8-DD0FE2DF6905}
225 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
225 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found
227 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
227 * C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll (TuneUp Software) {4838CD50-7E5D-4811-9B17-C47A85539F28}
227 * C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll (TuneUp Software) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 C:\Program Files\TeraCopy\TeraCopyExt.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
251 C:\Program Files\TeraCopy\TeraCopy.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Missing files
-------------
011 C:\windows\system32\drivers\Abiosdsk.sys
011 C:\windows\system32\drivers\abp480n5.sys
011 C:\windows\system32\drivers\adpu160m.sys
011 C:\windows\system32\drivers\Aha154x.sys
011 C:\windows\system32\drivers\aic78u2.sys
011 C:\windows\system32\drivers\aic78xx.sys
011 C:\windows\system32\drivers\AliIde.sys
011 C:\windows\system32\drivers\amsint.sys
011 C:\windows\system32\drivers\asc.sys
011 C:\windows\system32\drivers\asc3350p.sys
011 C:\windows\system32\drivers\asc3550.sys
011 C:\windows\system32\drivers\Atdisk.sys
011 C:\DOCUME~1\SAMIR&~1\LOCALS~1\Temp\catchme.sys
011 C:\windows\system32\drivers\cd20xrnt.sys
011 C:\windows\system32\drivers\Changer.sys
011 C:\windows\system32\drivers\CmdIde.sys
011 C:\windows\system32\drivers\Cpqarray.sys
011 C:\windows\system32\drivers\dac2w2k.sys
011 C:\windows\system32\drivers\dac960nt.sys
011 C:\windows\system32\drivers\dpti2o.sys
011 C:\windows\system32\drivers\hpn.sys
011 C:\windows\system32\drivers\i2omgmt.sys
011 C:\windows\system32\drivers\i2omp.sys
011 C:\windows\system32\drivers\ini910u.sys
011 C:\windows\system32\drivers\lbrtfdc.sys
011 c:\windows\system32\drivers\mksmwqdsidewxewm.sys
011 C:\windows\system32\drivers\mraid35x.sys
011 C:\windows\system32\drivers\PCIDump.sys
011 C:\windows\system32\drivers\PDCOMP.sys
011 C:\windows\system32\drivers\PDFRAME.sys
011 C:\windows\system32\drivers\PDRELI.sys
011 C:\windows\system32\drivers\PDRFRAME.sys
011 C:\windows\system32\drivers\perc2.sys
011 C:\windows\system32\drivers\perc2hib.sys
011 C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
011 C:\windows\system32\drivers\ql1080.sys
011 C:\windows\system32\drivers\Ql10wnt.sys
011 C:\windows\system32\drivers\ql12160.sys
011 C:\windows\system32\drivers\ql1240.sys
011 C:\windows\system32\drivers\ql1280.sys
011 C:\windows\system32\drivers\Simbad.sys
011 C:\windows\system32\drivers\Sparrow.sys
011 C:\windows\system32\drivers\sym_hi.sys
011 C:\windows\system32\drivers\sym_u3.sys
011 C:\windows\system32\drivers\symc810.sys
011 C:\windows\system32\drivers\symc8xx.sys
011 C:\windows\system32\drivers\TosIde.sys
011 C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys
011 C:\windows\system32\drivers\ultra.sys
011 C:\windows\system32\drivers\ViaIde.sys
011 C:\windows\system32\drivers\WDICA.sys
035 C:\windows\system32\sys_31.exe



thank you very much for your help. i really appreciated your time spent on help me to work out on this issue. :thumbsup:


Ups, i am sorry, i just realize that i posted on wrong sub forum, i don't know how to remove the post, once again, i am really sorry.

Edited by Rekhyt, 06 November 2009 - 07:47 AM.

BC AdBot (Login to Remove)

 

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
    •  
  • Location:Cleveland, Ohio
  • Local time:07:39 AM

Posted 07 November 2009 - 09:37 PM

c:\windows\system32\drivers\mksmwqdsidewxewm.sys

You have a rootkit infection
Please follow these instructions

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

There will also be instructions to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·