PDA

View Full Version : Help needed :S


mejenifer07
2010-05-23, 21:55
DDS:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 15:52:37.67 on 23/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.494 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: abfccdaabacbaebae - c:\windows\system32\abfccdaabacbaebae.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: dbdaebfaabd - c:\windows\system32\dbdaebfaabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 abee;abee;c:\windows\system32\abee.sys [2010-2-24 74752]
S0 9dd87ff1c0a00cd33ae794ef189c9bd5;9dd87ff1c0a00cd33ae794ef189c9bd5;c:\windows\system32\9dd87ff1c0a00cd33ae794ef189c9bd5.sys [2009-11-25 39936]
S2 cceedecbdba;a0ae1af08bb7d89f925e787e628942d9;c:\windows\cceedecbdba.exe /s --> c:\windows\cceedecbdba.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-22 38224]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2010-05-23 19:40:17 161808 ----a-w- c:\windows\system32\58243ceb0184d508b2328945ba6b0f72.exe
2010-05-23 19:40:17 161744 ----a-w- c:\windows\system32\ea36be3b4f3b46f422268d6a454ab996.exe
2010-05-23 18:56:16 161808 ----a-w- c:\windows\system32\7564a094846de6fe45f0768be42da50e.exe
2010-05-23 18:56:16 161744 ----a-w- c:\windows\system32\1c074fc28b7667728df9e75c90df6563.exe
2010-05-23 01:03:45 161808 ----a-w- c:\windows\system32\cdac5f7957a277a41918fdd6c4f4438b.exe
2010-05-23 01:03:45 161744 ----a-w- c:\windows\system32\be4be0bbd46d12153649e812b2964087.exe
2010-05-23 00:57:29 161808 ----a-w- c:\windows\system32\9a672b226b99be88d3bc7cda6da7b2f1.exe
2010-05-23 00:57:29 161744 ----a-w- c:\windows\system32\f4bc36c833e0c544203358cb56a52c40.exe
2010-05-22 23:45:33 161744 ----a-w- c:\windows\system32\e7786f1d2127a6fdc826138885bbe947.exe
2010-05-22 23:45:32 161808 ----a-w- c:\windows\system32\79495ec1930d692a6cbe98be3894cf93.exe
2010-05-22 23:31:36 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-05-22 23:31:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 23:31:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 23:31:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 23:27:06 0 d-----w- c:\windows\pss
2010-05-22 22:50:25 161744 ----a-w- c:\windows\system32\76fb8d4847103823f01429e172149467.exe
2010-05-22 22:50:24 161808 ----a-w- c:\windows\system32\4c15822b8f9602a056771e943746b62f.exe
2010-05-22 21:54:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 00:29:21 25 ----a-w- c:\windows\herjek.config
2010-05-19 14:55:23 161744 ----a-w- c:\windows\system32\44243da1fa630b169a3c532cc313352d.exe
2010-05-19 14:55:22 161808 ----a-w- c:\windows\system32\d6400322cf2cc1255822b542edf9cb4d.exe
2010-05-15 15:31:31 0 d-----w- c:\program files\iPod
2010-05-15 15:31:13 0 d-----w- c:\program files\iTunes
2010-05-15 15:26:48 0 d-----w- c:\program files\Bonjour
2010-05-01 18:40:26 161808 ----a-w- c:\windows\system32\50347c3b96d63f7e91b3931f39a2cfb4.exe
2010-05-01 18:40:26 161744 ----a-w- c:\windows\system32\1f5369b1835d69cb60276eed846cc3ab.exe
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-04-18 18:26:49 165392 ----a-w- c:\windows\system32\8b73afdb2670a80242e2704b253d9b43.exe
2010-04-14 14:39:47 165392 ----a-w- c:\windows\system32\9aa868fa4c3bde6cbe07ea1dd74f9064.exe
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 13:23:52 56136 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-01 11:53:09 165392 ----a-w- c:\windows\system32\4d239df07d2150b42ab341bf009eb57d.exe
2010-03-31 01:58:04 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-29 20:44:36 165392 ----a-w- c:\windows\system32\04c377564875df4391f7804c8d25abe2.exe
2010-03-18 01:48:56 165392 ----a-w- c:\windows\system32\523c6f8ae049f0b8acd521b254b829ad.exe
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-03 12:47:58 207888 ----a-w- c:\windows\system32\ef6742b929d2cec91376e1a4483cb2e4.exe
2010-03-03 12:47:57 282640 ----a-w- c:\windows\system32\18951487bcec6f277b19e7f8b2e3c155.exe
2010-03-03 12:47:57 124448 ----a-w- c:\windows\system32\7a171785566ada3f279e3e29d8ecdaed.exe
2010-02-24 14:15:48 74752 ------w- c:\windows\system32\abee.sys

============= FINISH: 15:53:39.50 ===============
Blade81
2010-05-29, 12:41
Hello,

Please run DDS again and post fresh dds.txt & attach.txt logs.

Run also GMER:
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Blade81
2010-06-05, 19:22
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.