Results 1 to 4 of 4

Thread: For the Love of Jesus, please respond to this

  1. #1
    Junior Member
    Join Date
    Jul 2010
    Location
    Cali
    Posts
    8

    Exclamation For the Love of Jesus, please respond to this

    This is how it all started:

    Now:

    - Now I have a bunch of weird process autostarting whitch are
    RAB82 Opened 3 times
    wWy47R48 Opened 3 times

    An galaxy.exe and mzrzrii.exe errors about a disk not being in the unit \Device\Harddisk1\DR3

    AND NOW I run DDS and it only creates a DDS log, no attatch

    If it helps for something I have already made that process before I have an ERUNT backup from like 3 days ago, when it all started

  2. #2
    Junior Member
    Join Date
    Jul 2010
    Location
    Cali
    Posts
    8

    Default Oh shit I forgot

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 17:40:18,06 on 19/07/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1983.1445 [GMT -5:00]

    AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\User\Datos de programa\base64.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\ZSSnp211.exe
    C:\WINDOWS\Domino.exe
    C:\Archivos de programa\PowerISO\PWRISOVM.EXE
    C:\Documents and Settings\User\Datos de programa\base64.exe
    C:\Documents and Settings\User\Datos de programa\mzrzrii.exe
    C:\DOCUME~1\User\CONFIG~1\Temp\explorer.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\Documents and Settings\User\Datos de programa\galaxy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Datos de programa\galaxy.exe
    C:\Documents and Settings\User\Datos de programa\mzrzrii.exe
    C:\Documents and Settings\User\Datos de programa\base64.exe
    C:\Archivos de programa\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
    C:\Archivos de programa\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
    C:\Documents and Settings\User\Escritorio\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.hotmail.com/
    uWindow Title = Windows Internet Explorer proporcionado por Windows uE
    uDefault_Page_URL = hxxp://www.busca7.com
    mDefault_Page_URL = hxxp://www.busca7.com
    mStart Page = hxxp://www.busca7.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_01\bin\ssv.dll
    BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [Windows Firewall] c:\documents and settings\user\datos de programa\lsass.exe
    uRun: [base64] c:\documents and settings\user\datos de programa\base64.exe
    uRun: [HKCU] c:\windows\system32\winlog\Winlogon.exe
    uRun: [Developer Operations Network] c:\windows\system32\devon.exe
    uRun: [Center Agent] c:\archivos de programa\kworld multimedia\hypermediacenter\dtvr\Scheduled.exe
    mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [QuickTime Task] "c:\archivos de programa\quicktime alternative\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ZSSnp211] c:\windows\ZSSnp211.exe
    mRun: [Domino] c:\windows\Domino.exe
    mRun: [PWRISOVM.EXE] c:\archivos de programa\poweriso\PWRISOVM.EXE
    mRun: [HKLM] c:\windows\system32\winlog\Winlogon.exe
    mRun: [Developer Operations Network] c:\windows\system32\devon.exe
    mRun: [Microsoft Windows Hosting Service Login] c:\docume~1\user\config~1\temp\explorer.exe
    mRun: [base64] c:\documents and settings\user\datos de programa\base64.exe
    mRun: [Windefender] c:\windows\system32\Windefender.exe
    mRun: [<NO NAME>] c:\documents and settings\user\datos de programa\mzrzrii.exe
    mRun: [Windows Firewall] c:\documents and settings\user\datos de programa\lsass.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [Developer Operations Network] c:\windows\system32\devon.exe
    dRun: [Windows Firewall] c:\documents and settings\user\datos de programa\lsass.exe
    uExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
    mExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
    mExplorerRun: [base64] c:\documents and settings\user\datos de programa\base64.exe
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\actual~1.lnk - c:\archivos de programa\eset\minodlogin\MiNODLogin.exe
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\remote~1.lnk - c:\archivos de programa\kworld multimedia\tv tuner card utilities\HMCP3XCtl.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~4\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\archivos de programa\archivos comunes\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~4\office12\GR99D3~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
    mASetup: {818O5M4S-FU40-1ODP-BW2L-A7BC6U488O2G} - c:\windows\system32\windir\svchost.exe Restart
    mASetup: {F9ED98D6-E7AC-7CA6-FA0D-07FFAF8EE36D} - c:\documents and settings\user\datos de programa\base64.exe
    mASetup: {XQ881J2H-07YA-WRBN-4P25-XN85W68VYEVT} - c:\windows\system32\winlog\Winlogon.exe
    uASetup: {F9ED98D6-E7AC-7CA6-FA0D-07FFAF8EE36D} - c:\documents and settings\user\datos de programa\base64.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
    R2 ekrn;ESET Service;c:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2010-6-10 674048]
    R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2010-6-15 480128]
    R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-6-15 1472000]

    =============== Created Last 30 ================

    2010-07-19 22:08:54 61440 ----a-w- c:\documents and settings\user\ModdedWinSock.exe
    2010-07-19 22:06:51 61440 ----a-w- c:\docume~1\user\datosd~1\ModdedWinSock.exe
    2010-07-19 22:06:46 61440 --sh--r- c:\docume~1\user\datosd~1\lsass.exe
    2010-07-19 22:06:44 102400 --sh--r- c:\docume~1\user\datosd~1\galaxy.exe
    2010-07-19 22:06:33 61440 ----a-w- c:\windows\system32\ModdedWinSock.exe
    2010-07-19 22:06:11 102400 ----a-w- c:\docume~1\user\datosd~1\mzrzrii.exe
    2010-07-19 21:56:33 535040 ----a-w- c:\windows\system32\Windefender.exe
    2010-07-19 21:02:35 1303 ----a-w- c:\docume~1\user\datosd~1\data.dat
    2010-07-19 21:01:57 458752 ----a-w- c:\docume~1\user\datosd~1\base64.exe
    2010-07-19 20:41:47 3584 ----a-w- c:\docume~1\user\datosd~1\Application Updater.exe
    2010-07-19 20:41:45 347144 ---h--w- c:\docume~1\user\datosd~1\1279572044.exe
    2010-07-19 16:20:55 262144 ----a-w- c:\docume~1\user\datosd~1\llhcmyv.exe
    2010-07-19 16:10:29 262144 ----a-w- c:\windows\system32\devon.exe
    2010-07-18 02:25:42 0 d-----w- c:\archivos de programa\Cheating-Death
    2010-07-18 02:23:32 0 d-----w- c:\archivos de programa\Counter-Strike 1.6
    2010-07-18 02:20:48 0 d-----w- c:\docume~1\user\datosd~1\Xfire
    2010-07-18 02:20:44 0 d-----w- c:\archivos de programa\Xfire
    2010-07-15 22:38:14 0 d-----w- c:\archivos de programa\Safer Networking
    2010-07-15 22:05:21 0 d-----w- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
    2010-07-15 22:05:21 0 d-----w- c:\archivos de programa\Spybot - Search & Destroy
    2010-07-15 21:55:47 117760 --sh--r- C:\biriprg.exe
    2010-07-14 23:09:09 333288 ----a-w- c:\docume~1\user\datosd~1\SQLite3.dll
    2010-07-13 15:08:45 116224 --sh--r- C:\i8gcgmg.exe
    2010-07-12 17:50:14 116736 --sh--r- C:\r3x0k.exe
    2010-07-10 03:32:51 0 d-----w- c:\docume~1\user\datosd~1\BitTorrent
    2010-07-10 03:32:47 0 d-----w- c:\archivos de programa\BitTorrent
    2010-07-09 19:00:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-07-09 14:17:10 116224 --sh--r- C:\ggb6w.exe
    2010-07-06 15:16:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-06 15:09:51 117248 --sh--r- C:\x3xh.exe
    2010-07-03 17:34:49 0 d-----w- c:\archivos de programa\PowerISO
    2010-07-03 17:24:01 0 d-----w- c:\archivos de programa\Tansee iPod Transfer
    2010-07-03 13:25:57 117248 --sh--r- C:\g6jk.exe
    2010-07-03 03:41:10 0 d-----w- c:\archivos de programa\SystemRequirementsLab
    2010-07-03 03:14:28 0 d-----w- c:\archivos de programa\Steam
    2010-06-24 21:44:04 0 d-----w- c:\archivos de programa\Bandoo
    2010-06-23 16:13:41 117248 --sh--r- C:\eyruu.exe

    ==================== Find3M ====================

    2010-07-19 22:39:43 1166557 ---ha-w- c:\docume~1\user\datosd~1\logs.dat
    2010-07-19 22:28:37 7399 ---ha-w- c:\docume~1\user\datosd~1\Userlog.dat
    2010-06-22 15:41:48 117248 --sh--r- C:\09lf.exe
    2010-06-18 03:47:40 77520 ----a-w- c:\windows\system32\perfc00A.dat
    2010-06-18 03:47:40 456588 ----a-w- c:\windows\system32\perfh00A.dat
    2010-06-17 20:50:22 115712 --sh--r- C:\1gkbvsni.exe
    2010-06-16 20:24:11 116224 --sh--r- C:\xcr.exe
    2010-06-16 01:52:32 114688 --sh--r- C:\krwyrv0d.exe
    2010-06-10 18:33:07 315392 ----a-w- c:\windows\HideWin.exe
    2010-06-10 13:36:12 64695 ----a-w- c:\windows\BricoPackUninst.cmd
    2010-06-10 13:36:12 5997 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
    2010-06-10 13:36:12 220160 ----a-w- c:\windows\system32\uxtheme.dll
    2010-06-10 04:12:40 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-10 04:12:40 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-10 04:12:40 29480 ----a-w- c:\windows\system32\msxml3a.dll
    2010-06-10 03:45:07 21900 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2005-09-20 12:44:14 354429 --sh--r- c:\windows\system32\winlog\Winlogon.exe

    ============= FINISH: 17:40:34,56 ===============

    NO ATTATCH

  3. #3
    Junior Member
    Join Date
    Jul 2010
    Location
    Cali
    Posts
    8

    Default THis is How it all started

    SORRY FOR THE TRIPLE POST
    :( seriusly
    I though i had pasted the link

    This how it all started: http://forums.spybot.info/showthread.php?t=58579

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,667

    Default

    Hello ChrisLey,

    Open topic: http://forums.spybot.info/showthread.php?t=58579

    Please do not start more than one topic for the same computer, during the same period. It will either be removed, closed or merged with your original thread.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    A newer infection is taking longer to analyze and remove, add that equation to this forum having received a high volume of requests for assistance, well you get the picture.

    Waiting for help in the Malware Forum FOUR days or longer?

    Please don't post there until four days have passed.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •