Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can view my important files on my flash drive


  • This topic is locked This topic is locked
2 replies to this topic

#1 zlickangel

zlickangel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 March 2013 - 04:42 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.2180
Run by Xtreme Server at 17:32:41 on 2013-03-21
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2015.990 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\CAFEMA~1\CafeManila.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGI.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Xtreme Server\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Xtreme Server\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Xtreme Server\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^PH&p2=^AHP^YYYYYY^YY^PH&tpid=SGT-SAT&apn_dbr=cr_0.0.0.0&apn_uid=59CB682A-B103-4858-A4FD-6E62534AC33C&itbv=11.6.0.1000&doi=2013-01-28
uProxyServer = 10.0.0.1:5555
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON TX121 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiggi.exe /fu "c:\windows\temp\E_S4A.tmp" /EF "HKCU"
uRun: [Facebook Update] "c:\documents and settings\xtreme server\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CafeManila] c:\progra~1\cafema~1\CafeManila.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
dRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
dRunOnce: [nlsf] cmd.exe /C move /Y "c:\windows\system32\syssetub.dll" "c:\windows\system32\syssetup.dll"
dRunOnce: [nlhr] RunDll32.exe c:\windows\system32\advpack.dll,launchinfsection c:\windows\inf\nlite.inf,C
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: RestrictRun = dword:0
uPolicies-Explorer: AutoUpdate = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoAutoUpdate = dword:0
uPolicies-Explorer: NoSMConfigurePrograms = dword:0
uPolicies-Explorer: NoToolbarsCustomize = dword:0
uPolicies-Explorer: DisallowRun = dword:0
uPolicies-Explorer: NoPrinters = dword:0
uPolicies-Explorer: HideDesktop = dword:0
uPolicies-Explorer: NoWorkgroupContents = dword:0
uPolicies-Explorer: ClearDocsOnExit = dword:0
uPolicies-Explorer: NoExpandedNewMenu = dword:0
uPolicies-Explorer: NoCommonGroups = dword:0
uPolicies-DisallowRun: iexplore.exe = iexplore.exe Remove
uPolicies-DisallowRun: setup.exe = setup.exe Remove
uPolicies-DisallowRun: winword.exe = winword.exe Remove
uPolicies-DisallowRun: notepad.exe = notepad.exe Remove
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
uPolicies-System: NoSecCPL = dword:0
uPolicies-System: NoAdminPage = dword:0
uPolicies-System: NoConfigPage = dword:0
uPolicies-System: NoDevMgrPage = dword:0
uPolicies-System: NoFileSysPage = dword:0
uPolicies-System: NoVirtMemPage = dword:0
uPolicies-System: NoPwdPage = dword:0
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: DisableCAD = dword:1
mPolicies-Explorer: RestrictRun = dword:0
mPolicies-Explorer: NoPrinters = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: HideDesktop = dword:0
mPolicies-Explorer: NoWorkgroupContents = dword:0
mPolicies-Explorer: ClearDocsOnExit = dword:0
mPolicies-Explorer: NoExpandedNewMenu = dword:0
mPolicies-Explorer: NoCommonGroups = dword:0
mPolicies-System: legalnoticecaption = 0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: NoSecCPL = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: NoAdminPage = dword:0
mPolicies-System: NoConfigPage = dword:0
mPolicies-System: NoDevMgrPage = dword:0
mPolicies-System: NoFileSysPage = dword:0
mPolicies-System: NoVirtMemPage = dword:0
mPolicies-System: NoPwdPage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMHelp = dword:1
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ONE_LINK
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
TCP: Interfaces\{8F5329CB-ECB2-40E3-8270-1353539EBBBC} : NameServer = 192.168.254.254,192.168.254.255
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\xtreme server\application data\mozilla\firefox\profiles\6tj5z2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\xtreme server\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-02-23 15:08; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\xtreme server\application data\idm\idmmzcc5
FF - ExtSQL: 2013-03-12 18:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2013-2-21 112480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2013-1-15 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2013-1-15 121856]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2013-1-28 794272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S3 amsint32;amsint32;\??\c:\windows\system32\drivers\hrhmqf.sys --> c:\windows\system32\drivers\hrhmqf.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.313\McCHSvc.exe [2012-10-27 234776]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD2.EXE %1
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD2.EXE %1
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD2.EXE %1
.
=============== Created Last 30 ================
.
2013-03-20 13:19:40 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-03-20 13:19:40 -------- d-----w- c:\documents and settings\xtreme server\local settings\application data\MFAData
2013-03-20 13:19:40 -------- d-----w- c:\documents and settings\xtreme server\local settings\application data\Avg2013
2013-03-20 13:19:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-03-19 06:12:44 -------- d-----w- c:\documents and settings\xtreme server\application data\{F26A87B3-562E-4A3F-8F78-2C31557FA0F2}
2013-03-19 06:12:31 -------- d-----w- c:\documents and settings\xtreme server\application data\{D3735205-6509-4D20-AFC7-B1FCB0FD2C21}
2013-03-19 00:56:58 -------- d-----w- c:\program files\common files\Symantec Shared
2013-03-19 00:56:50 -------- d-----w- c:\windows\system32\drivers\nss\0400000.02E
2013-03-19 00:56:50 -------- d-----w- c:\windows\system32\drivers\NSS
2013-03-19 00:56:50 -------- d-----w- c:\program files\Norton Security Scan
2013-03-19 00:56:49 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-03-19 00:56:47 -------- d-----w- c:\program files\NortonInstaller
2013-03-19 00:56:47 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-03-15 11:45:50 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
2013-03-13 15:20:01 -------- d-----w- C:\Temp
2013-03-12 10:47:15 -------- d-----r- c:\program files\Skype
2013-03-11 13:07:43 -------- d-----w- c:\documents and settings\xtreme server\application data\4shared Desktop
2013-03-11 13:07:40 -------- d-----w- c:\documents and settings\all users\application data\4shared Desktop
2013-03-11 13:07:36 -------- d-----w- c:\program files\4shared Desktop
2013-03-10 10:58:58 -------- d-----w- c:\documents and settings\xtreme server\application data\NCH Software
2013-03-10 10:58:11 -------- d-----w- c:\program files\NCH Software
2013-03-10 10:05:22 -------- d-----w- c:\windows\system32\NtmsData
2013-03-10 02:11:49 -------- d-----w- c:\documents and settings\xtreme server\local settings\application data\Thunderbird
2013-03-08 11:50:05 -------- d--h--w- c:\windows\PIF
2013-03-06 16:37:59 -------- d-----w- c:\program files\Pando Networks
2013-03-05 17:17:55 -------- d-----w- c:\windows\system32\Adobe
2013-02-23 07:08:30 -------- d-----w- c:\documents and settings\xtreme server\application data\IDM
2013-02-23 07:08:30 -------- d-----w- c:\documents and settings\xtreme server\application data\DMCache
2013-02-23 07:08:30 -------- d-----w- c:\documents and settings\all users\application data\IDM
2013-02-23 07:08:25 -------- d-----w- c:\program files\Internet Download Manager
2013-02-21 07:36:00 112480 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
==================== Find3M  ====================
.
2013-03-18 15:25:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-18 15:25:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-25 14:15:10 0 ----a-w- C:\4.tmp
2013-01-15 02:56:50 315392 ----a-w- c:\windows\HideWin.exe
2013-01-15 02:41:51 107132 ----a-w- c:\windows\UninstallFirefox.exe
2013-01-15 02:41:16 107132 ----a-w- c:\windows\UninstallThunderbird.exe
.
============= FINISH: 17:32:56.00 ===============
 
 
 
help me please


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 AM

Posted 22 March 2013 - 04:00 PM

Good evening. :)

can view my important files on my flash drive

I'm afraid that the title of this thread doesn't make any sense to me - will you explain what exactly your problem is.


So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 AM

Posted 27 March 2013 - 06:21 PM

Helpers are limited in the number of logs they can take by the time they have available and having threads sit idle means that somebody else who could be being helped has to wait. Given that there has been no response for five days, and I have no way of knowing when there will be one, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users