Jump to content

Start menu shortcuts?


Recommended Posts

Help me!!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jarman at 18:54:29 on 2012-03-26

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.182 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\KMService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\RTHDCPL.EXE

svchost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.8.3.0_0\plugin\ClickClean.exe

C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jarman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Windows Live ID Sign-in Helper: {07d57b76-4bc2-6fc6-7aee-54f10ff41c74} - c:\windows\system32\hhsettup.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Codec-C Class: {19480e4e-f264-4dfb-b991-c35664edbe49} - c:\documents and settings\all users\application data\codec-c\bhoclass.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.1.8\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll

TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual

uRun: [Google Update] "c:\documents and settings\jarman\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [<NO NAME>]

mExplorerRun: [<NO NAME>] 1 (0x1)

IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{ECB0DA57-C57D-490B-AEFB-600BCCEB355B} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-14 14776]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306010.008\symds.sys [2012-3-10 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306010.008\symefa.sys [2012-3-10 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-20 820856]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys [2012-3-10 132744]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-1-26 104072]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306010.008\ironx86.sys [2012-3-10 149624]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-14 497496]

R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-7-17 8192]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-13 652872]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.1.8\ccsvchst.exe [2012-3-10 138232]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012-2-10 13880]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-11 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20120323.002\IDSXpx86.sys [2012-3-24 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 20464]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120325.018\NAVENG.SYS [2012-3-26 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120325.018\NAVEX15.SYS [2012-3-26 1576312]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 599936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-30 1691480]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-3-23 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-3-23 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-26 17:38:59 -------- d-----w- c:\documents and settings\all users\application data\Premium

2012-03-26 17:38:59 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-03-26 17:37:34 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU

2012-03-25 18:35:37 -------- d-----w- c:\documents and settings\jarman\local settings\application data\Western Digital

2012-03-24 23:44:20 -------- d-----w- c:\program files\Western Digital Corp

2012-03-24 16:02:35 -------- d-----w- c:\documents and settings\jarman\local settings\application data\Babylon

2012-03-24 16:02:33 -------- d-----w- c:\documents and settings\jarman\application data\Babylon

2012-03-24 16:02:23 -------- d-----w- c:\documents and settings\all users\application data\Codec-C

2012-03-24 16:02:08 -------- d-----w- C:\codec-info

2012-03-24 16:02:00 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2012-03-23 18:51:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2012-03-23 18:51:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys

2012-03-23 18:51:44 2469760 ----a-w- c:\windows\system32\BootMan.exe

2012-03-23 18:51:44 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll

2012-03-23 18:51:44 13192 ----a-w- c:\windows\system32\epmntdrv.sys

2012-03-23 15:24:18 905336 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symefa.sys

2012-03-23 15:24:18 388216 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symtdi.sys

2012-03-23 15:24:18 345208 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symtdiv.sys

2012-03-23 15:24:18 340088 ----a-r- c:\windows\system32\drivers\nis\1306020.00a\symds.sys

2012-03-23 15:24:18 318584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symnets.sys

2012-03-23 15:24:17 574584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtsp.sys

2012-03-23 15:24:17 32888 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtspx.sys

2012-03-23 15:24:17 149624 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys

2012-03-23 15:24:17 132744 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys

2012-03-23 15:23:58 4782 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symvtcer.dat

2012-03-23 15:23:58 -------- d-----w- c:\windows\system32\drivers\nis\1306020.00A

2012-03-17 14:42:50 -------- d-----w- c:\documents and settings\jarman\application data\AVS4YOU

2012-03-17 14:39:32 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll

2012-03-17 14:39:24 -------- d-----w- c:\program files\common files\AVSMedia

2012-03-17 14:39:08 24576 ----a-w- c:\windows\system32\msxml3a.dll

2012-03-17 14:39:08 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2012-03-17 14:39:07 -------- d-----w- c:\program files\AVS4YOU

2012-03-15 17:34:39 -------- d-----w- c:\windows\system32\1040

2012-03-10 08:00:18 345208 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symtdiv.sys

2012-03-10 08:00:17 905336 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symefa.sys

2012-03-10 08:00:17 388216 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symtdi.sys

2012-03-10 08:00:17 340088 ----a-r- c:\windows\system32\drivers\nis\1306010.008\symds.sys

2012-03-10 08:00:17 32888 ----a-w- c:\windows\system32\drivers\nis\1306010.008\srtspx.sys

2012-03-10 08:00:17 318584 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symnets.sys

2012-03-10 08:00:16 574584 ----a-w- c:\windows\system32\drivers\nis\1306010.008\srtsp.sys

2012-03-10 08:00:16 149624 ----a-w- c:\windows\system32\drivers\nis\1306010.008\ironx86.sys

2012-03-10 08:00:16 132744 ----a-w- c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys

2012-03-10 07:59:17 4782 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symvtcer.dat

2012-03-10 07:59:17 -------- d-----w- c:\windows\system32\drivers\nis\1306010.008

2012-02-27 18:11:08 151552 ------w- c:\windows\KMService.exe

.

==================== Find3M ====================

.

2012-03-13 16:45:55 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-03-13 16:45:55 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-02-27 18:10:27 8192 ----a-w- c:\windows\system32\srvany.exe

2012-02-25 15:57:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-27 00:48:06 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

.

============= FINISH: 18:55:25.54 ===============

attach.txt

dds.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.