Thread: Bad case of infection, disables most programs
View Single Post
Old 06-28-2009, 07:20 PM   #2 (permalink)
kielee6166
Registered User
 
Join Date: Jun 2009
Posts: 16
OS: XP


Re: Bad case of infection, disables most programs
DDS worked after the machine rebooted itself. Here are the logs. However, GMER still refuses to run.

DDS (Ver_09-06-26.01) - NTFSx86
Run by haeme at 16:55:13.98 on 06/28/2009 Sun
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
mWinlogon: Taskman=c:\recycler\s-1-5-21-5411729721-4430063652-004700815-6458\wnzip32.exe
uWindows: load=c:\windows\system32\msijmvp.exe
uWindows: run=c:\windows\system32\msxbniqa.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\gsf83iujid.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\gsf83iujid.dll
TB: V3: {9e3849d6-41ef-4b2f-86b7-632ef90758e4} - c:\program files\ahnlab\v3\V3Bar.dll
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [AdobeBridge]
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Twain] c:\documents and settings\haeme\application data\twain\Twain.exe
uRun: [gadcom] "c:\documents and settings\haeme\application data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [12CFG515-K641-55SF-N66P] c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
uRun: [reader_s] c:\documents and settings\haeme\reader_s.exe
uRun: [Windows Network Data Management System Service] "c:\docume~1\haeme\locals~1\temp\298.exe" *
uRun: [A00F52B2E.exe] c:\docume~1\haeme\locals~1\temp\_A00F52B2E.exe
uRun: [<NO NAME>] c:\docume~1\haeme\locals~1\temp\z7kmgg09jc.exe
uRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\docume~1\haeme\locals~1\temp\z7kmgg09jc.exe
uRun: [kell] c:\program files\manson\liser.exe
uRun: [Windows System Recover!] c:\docume~1\haeme\locals~1\temp\winlogon.exe
uRun: [InetChk] c:\docume~1\haeme\locals~1\temp\ms1246234638.exe work
uRun: [A00F46F7F.exe] c:\docume~1\haeme\locals~1\temp\_A00F46F7F.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NaverPCGreen] "c:\program files\naver\naverpcgreen\NPCGreenUpgrader.exe" /reboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [sysldtray] c:\windows\ld09.exe
mRun: [18488594] c:\documents and settings\all users\application data\18488594\18488594.exe
mRun: [98498586] c:\documents and settings\all users\application data\98498586\98498586.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [Windows Network Data Management System Service] "c:\docume~1\haeme\locals~1\temp\298.exe" *
mExplorerRun: [exec] c:\windows\system32\msoywmjq.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} - hxxp://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - hxxp://config.hyosungcdn.com/download/p3xset.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} - hxxp://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E1CE4482-98E9-48F8-8D0D-EF03BC9E26F3} - hxxp://audition.bugs.co.kr/Game/BugsGameStart.cab
Filter: text/html - {8e4eb415-c5cb-43a4-9a48-a05ee546f231} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: __c0099E56 - c:\windows\system32\__c0099E56.dat
AppInit_DLLs: czuzyt.dll ywxbuw.dll vfrsij.dll ysxwqx.dll wjqhpk.dll iztsed.dll,c:\progra~1\manson\liser.dll
SSODL: VKdOqSCxj - {F4C867A1-5E62-CD0B-FE8A-4412C3FA36A2} - c:\windows\system32\sqvhbez.dll
STS: c:\windows\system32\gsf83iujid.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\gsf83iujid.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-28 16:55 28,160 a------- c:\windows\system32\__c008F74.dat
2009-06-28 16:54 282,624 ----h--- c:\windows\system32\msxbniqa.exe
2009-06-28 16:54 282,624 ----h--- c:\windows\system32\msoywmjq.exe
2009-06-28 16:54 282,624 ----h--- c:\windows\system32\msijmvp.exe
2009-06-28 16:54 282,624 ----h--- c:\windows\system32\msbrky.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\mszjm.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\mswftyrk.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\mstubbmc.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\msutephn.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\msqsgqf.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\msjsi.exe
2009-06-28 16:51 282,624 ----h--- c:\windows\system32\msceq.exe
2009-06-28 16:17 <DIR> --d-h--- c:\windows\system32\3361
2009-06-28 16:16 10 a------- c:\windows\system32\kr_done1
2009-06-28 16:14 28,160 a------- c:\windows\system32\__c00EE894.dat
2009-06-28 16:13 52,225 a------- c:\documents and settings\haeme\reader_s.exe
2009-06-28 15:53 <DIR> --d----- c:\windows\DLL
2009-06-28 15:52 124,928 a------- c:\windows\system32\sopidkc.exe
2009-06-28 15:52 65,536 a------- c:\windows\system32\wiawow32.sys
2009-06-28 15:52 8 a------- c:\windows\system32\comsa32.sys
2009-06-28 15:52 155,648 -------- c:\windows\system32\tpsaxyd.exe
2009-06-28 15:52 46 a------- C:\p2hhr.bat
2009-06-28 15:51 96,768 a------- C:\stfqqym.exe
2009-06-28 15:51 28,160 a------- c:\windows\system32\__c0051217.dat
2009-06-28 15:51 216,042 a------- C:\illhtee.exe
2009-06-28 15:51 24,576 a------- C:\scfsiab.exe
2009-06-28 15:51 39,424 a------- C:\mkvknro.exe
2009-06-28 15:51 7,680 a------- C:\ohhvpdqo.exe
2009-06-28 15:50 86,528 -------- c:\windows\system32\bndmss.exe
2009-06-27 11:56 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-06-27 11:55 94,412 a------- c:\windows\system32\drivers\db034d82.sys
2009-06-27 11:55 96,768 a------- C:\rnntnd.exe
2009-06-27 11:55 28,160 a------- c:\windows\system32\__c00B379.dat
2009-06-27 11:55 211,813 a------- C:\ffxvx.exe
2009-06-27 11:55 39,424 a------- C:\cqblhs.exe
2009-06-27 11:55 52,225 a------- c:\windows\system32\reader_s.exe
2009-06-26 09:01 14,976 a------- c:\windows\system32\iehelper.dll
2009-06-24 14:13 2 ----h--- c:\windows\zaponce52689.dat
2009-06-24 14:12 15,872 ----h--- c:\windows\ld09.exe
2009-06-24 14:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\98498586
2009-06-24 14:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\18488594
2009-06-24 14:12 <DIR> --dshr-- c:\program files\Manson
2009-06-24 14:12 168 a------- C:\xcrashdump.dat
2009-06-24 14:11 110,796 a------- c:\windows\system32\drivers\dcfb081a.sys
2009-06-24 14:11 <DIR> --d----- c:\program files\sys
2009-06-24 14:11 96,768 a------- C:\giyghshu.exe
2009-06-24 14:11 211,031 a------- C:\mupwjiav.exe
2009-06-24 14:11 28,160 a------- c:\windows\system32\__c0099E56.dat
2009-06-24 14:10 2 a------- c:\windows\010112010146118114.dat
2009-06-24 14:10 2 a------- C:\-188192864
2009-06-24 14:10 39,424 a------- c:\windows\system32\drivers\smss.exe
2009-06-24 14:10 15,000 a------- c:\windows\system32\gsf83iujid.dll
2009-06-24 14:10 39,424 a------- C:\lrrrcoe.exe
2009-06-24 14:10 304,640 a------- c:\windows\sysguard.exe
2009-06-24 14:10 28,160 ----h--- c:\windows\ld10.exe

==================== Find3M ====================

2009-06-27 11:56 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-02-25 21:34 74,648 a------- c:\docume~1\haeme\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:00:44.26 ===============
Attached Files
File Type: zip Attach.zip (3.5 KB, 5 views)
Last edited by kielee6166; 06-28-2009 at 07:23 PM.
kielee6166 is offline