Results 1 to 2 of 2

Thread: Am I infected?

  1. #1
    Member
    Join Date
    Jun 2008
    Location
    UK
    Posts
    68

    Default Am I infected?

    .
    DDS (Ver_2011-06-02.03) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
    Run by Brian at 1:59:38 on 2011-06-03
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\dgdersvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Defender\MpCmdRun.exe
    C:\Documents and Settings\Brian\Desktop\dds.scr
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Live Update 5] c:\program files\msi\live update 5\LU5.exe /reminder
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: &Save Flash In This Page by Flash Saver - f:\tools\images\flashs~2\flashs~1\save.htm
    IE: &Search - ?p=ZRman000
    IE: E&xport to Microsoft Excel
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {09EA1F80-F40A-11D1-B792-444553540001} - f:\tools\images\flashs~2\flashs~1\save.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{47371CEE-7FF1-4E40-82F9-75F5A4352924} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
    Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\progra~1\common~1\micros~1\refere~1\msref.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\n55x4jkd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={AB66B291-417B-A73D-7536-7A4F777D7159}&q=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: f:\program files\divx\divx player\npDivxPlayerPlugin.dll
    FF - plugin: f:\program files\divx\divx web player\npdivx32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? DNINDIS5;DNINDIS5 NDIS Protocol Driver
    R? grmn0200;grmn0200.Sys Garmin USB DCP driver (install)
    R? grmn1200;grmn0200.Sys Garmin USB DCP driver
    R? gupdate1c9ac95939633ae;Google Update Service (gupdate1c9ac95939633ae)
    R? gupdatem;Google Update Service (gupdatem)
    R? MHIKEY10;MHIKEY10
    R? Secunia Update Agent;Secunia Update Agent
    R? ss_bbus;SAMSUNG USB Mobile Device (WDM)
    R? ss_bmdfl;SAMSUNG USB Mobile Modem (Filter)
    R? ss_bmdm;SAMSUNG USB Mobile Modem
    R? ss_bserd;SAMSUNG USB Mobile Logging Driver
    R? WEBNTACCESS;WEBNTACCESS
    S? aswFsBlk;aswFsBlk
    S? aswSP;avast! Self Protection
    S? ATMhelpr;ATMhelpr
    S? avast! Antivirus;avast! Antivirus
    S? avast! Mail Scanner;avast! Mail Scanner
    S? avast! Web Scanner;avast! Web Scanner
    S? dgderdrv;dgderdrv
    S? dgdersvc;Device Error Recovery Service
    S? FsUsbExDisk;FsUsbExDisk
    S? FsUsbExService;FsUsbExService
    S? Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine
    S? MSI_MSIBIOS_010507;MSI_MSIBIOS_010507
    S? msikbd2k;Multimedia Keyboard Filter Driver
    S? nhksrv;Netropa NHK Server
    S? NTIOLib_1_0_4;NTIOLib_1_0_4
    S? PSI;PSI
    S? Secunia PSI Agent;Secunia PSI Agent
    S? TuneUp.UtilitiesSvc;TuneUp Utilities Service
    S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
    S? WinDefend;Windows Defender
    .
    =============== Created Last 30 ================
    .
    2011-06-03 00:54:53 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{95cf61d8-39e4-4af5-a09a-08750fa03809}\mpengine.dll
    2011-06-03 00:25:16 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2011-06-03 00:24:33 -------- d-----w- c:\program files\LogMeIn Hamachi
    2011-06-03 00:19:58 3143146 ----a-w- c:\documents and settings\brian\LiveUpdate.exe
    2011-05-29 13:12:01 6962000 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{342f5aa8-1a73-41eb-a429-0ac4653635d9}\mpengine.dll
    2011-05-24 17:17:30 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
    2011-05-24 17:17:30 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
    2011-05-24 16:02:50 -------- d-----w- c:\documents and settings\brian\local settings\application data\Samsung
    2011-05-24 15:56:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-05-24 15:55:46 632144 ----a-w- c:\windows\system32\dgderapi.dll
    2011-05-24 15:55:46 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
    2011-05-24 15:55:46 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    2011-05-24 15:52:30 -------- d-----w- c:\documents and settings\brian\local settings\application data\Downloaded Installations
    2011-05-24 15:30:04 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2011-05-24 15:29:22 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
    2011-05-24 15:29:22 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
    2011-05-24 15:29:22 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
    2011-05-24 15:27:29 -------- d-----w- c:\program files\PC Connectivity Solution
    2011-05-24 15:25:55 -------- d-----w- c:\program files\MarkAny
    2011-05-24 15:25:53 -------- d-----w- c:\documents and settings\all users\application data\Samsung
    2011-05-24 15:25:04 -------- d-----w- c:\program files\Samsung
    2011-05-24 15:24:30 -------- d-----w- c:\program files\common files\Samsung
    2011-05-07 20:54:10 -------- d-----w- c:\documents and settings\brian\local settings\application data\LogMeIn Hamachi
    .
    ==================== Find3M ====================
    .
    2011-04-27 13:19:32 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-04-27 13:19:32 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-04-27 13:19:32 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-04-27 13:19:30 143360 ----a-w- c:\windows\system32\3DAudio.ax
    2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
    .
    ============= FINISH: 2:02:27.76 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi sufferinginsilence,

    Your post is a few days old. If you still need help simply post back.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •