Jump to content

funny characters for open and explore when right-clicking any hard disk


Recommended Posts

I've had a problem with internet explorer and google chrome opening chinese gaming sites every 15 minutes so I decided to try anti-malware.

After i have installed and ran it, everything went well until I have noticed that I couldn't open my hard disks by double clicking. The system opens a open with function. When I try to right click the hard disks, funny characters are in the place of open and explore.

I am using Windows XP sp3 32-bit. What's funny is that malwarebytes detects nothing wrong with my system but there is something wrong.

I hope you could help me in this problem.

Here is my latest MBAM scan.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

8/1/2011 3:21:56 AM

mbam-log-2011-08-01 (03-21-56).txt

Scan type: Quick scan

Objects scanned: 159875

Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is my DDS..

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 2:51:18 on 2011-08-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2023.1734 [GMT 8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = hxxp://www.jpshortstuff.247fixes.com/Defogger.exe

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

uRunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 124.106.5.2 124.106.4.2

TCP: Interfaces\{D24F30AF-7EFC-4AE1-A2DF-CFD1523E2AAD} : DhcpNameServer = 124.106.5.2 124.106.4.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2011-6-7 14336]

S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-6-15 135168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-24 366640]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-6-15 103424]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-24 22712]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-07-24 08:02:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-24 08:02:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-24 08:02:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-24 08:02:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-24 07:31:12 -------- d-----w- c:\program files\JRE

2011-07-24 07:31:09 -------- d-----w- c:\program files\OpenOffice.org 3

2011-07-10 16:36:46 -------- d-----w- c:\program files\Ultimate Popup Killer

2011-07-10 16:34:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-07 09:37:21 -------- d-----w- c:\windows\pss

2011-07-06 07:56:09 -------- d-----w- C:\ProgramData

2011-07-06 07:55:13 195968 ----a-w- c:\windows\system32\drivers\windrvr6.sys

2011-07-06 07:55:12 143360 ----a-w- c:\windows\system32\wdapi921.dll

2011-07-06 07:55:12 143360 ----a-w- c:\windows\system32\wdapi1011.dll

2011-07-06 07:55:12 143360 ----a-w- c:\windows\system32\wdapi1010.dll

2011-07-06 07:55:12 143360 ----a-w- c:\windows\system32\wdapi1002.dll

2011-07-06 07:55:12 143360 ----a-w- c:\windows\system32\wdapi1001.dll

2011-07-06 07:55:12 102400 ----a-w- c:\windows\system32\wdapi811.dll

2011-07-06 07:55:11 -------- d-----w- c:\program files\Atmel

2011-07-06 07:54:55 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-07-06 07:54:44 -------- d-----w- c:\program files\Microsoft SQL Server

2011-07-06 07:54:38 84192 ----a-w- c:\documents and settings\all users\application data\microsoft\visualstudio\10.0\1033\ResourceCache.dll

2011-07-06 07:53:14 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-07-06 07:53:14 -------- d-----w- c:\program files\common files\Merge Modules

2011-07-03 05:14:52 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-07-03 05:13:30 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-07-03 05:13:21 -------- d-----w- c:\windows\SHELLNEW

.

==================== Find3M ====================

.

2011-06-07 10:41:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-06-07 10:20:43 14336 ----a-w- c:\windows\system32\drivers\Amps2prt.sys

2011-06-07 10:20:33 306176 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys

2011-06-07 10:05:41 89542 ----a-w- c:\windows\AGRSMMSG.exe

2011-06-07 10:05:41 68608 ----a-w- c:\windows\agrsmdel.exe

2011-06-07 10:05:41 1161152 ----a-w- c:\windows\system32\drivers\AGRSM.sys

2011-06-07 08:56:31 315392 ----a-w- c:\windows\HideWin.exe

2011-06-07 08:49:20 132880 ----a-w- c:\windows\system32\MSINET.OCX

2011-06-07 08:49:19 186 ----a-w- c:\windows\system32\c.bat

2011-06-07 08:49:18 9728 ----a-w- c:\windows\system32\shrpub.exe

2011-06-07 08:49:18 45984 ----a-w- c:\windows\system32\cardvr.exe

2011-05-03 20:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 18:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

============= FINISH: 2:51:39.96 ===============

Attached also are GMER and DDS log txt files, and error photos.

Help asap is very much appreciated. Thanks!

attach.zip

post-89644-0-14038700-1312140495.jpg

post-89644-0-14658800-1312140582.jpg

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.