Jump to content

daninthemoon

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by daninthemoon

  1. daninthemoon
    Thanks for your help. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.13.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 daniel :: RUINPC [administrator] Protection: Enabled 8/13/2012 5:52:13 PM mbam-log-2012-08-13 (17-52-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212611 Time elapsed: 7 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_32 Run by daniel at 18:00:18 on 2012-08-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2336 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287741644333 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{021F82C8-9F77-4554-A999-FF01A0363467} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\daniel\application data\mozilla\firefox\profiles\08jgdekp.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\daniel\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\daniel\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\daniel\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-30 655944] R2 MySQL55;MySQL55;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\all users\application data\mysql\mysql server 5.5\my.ini" mysql55 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-30 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-13 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-5-24 68136] S2 gupdate1ca0256e22e12d6;Google Update Service (gupdate1ca0256e22e12d6);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-24 1262400] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2012-08-13 21:50:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-11 00:19:43 -------- d-----w- c:\documents and settings\daniel\application data\NVIDIA 2012-08-11 00:19:37 -------- d-----w- c:\documents and settings\daniel\application data\MySQL 2012-08-10 22:34:27 -------- d-----w- c:\program files\MySQL 2012-08-10 22:34:22 -------- d-----w- c:\documents and settings\all users\application data\MySQL 2012-08-10 22:01:20 -------- d-----w- c:\program files\Windows Resource Kits 2012-07-30 11:07:58 -------- d-----w- c:\documents and settings\daniel\application data\Malwarebytes 2012-07-30 11:07:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-30 11:07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-30 11:07:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-29 13:00:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-29 12:50:52 -------- d-----w- c:\documents and settings\all users\application data\RegAce 2012-07-29 11:00:07 -------- d-----w- c:\documents and settings\all users\application data\RegRun 2012-07-29 11:00:04 2 --shatr- c:\windows\winstart.bat 2012-07-29 11:00:01 -------- d-----w- c:\program files\UnHackMe 2012-07-28 10:48:42 -------- d-sha-r- C:\cmdcons 2012-07-28 10:45:30 98816 ----a-w- c:\windows\sed.exe 2012-07-28 10:45:30 518144 ----a-w- c:\windows\SWREG.exe 2012-07-28 10:45:30 256000 ----a-w- c:\windows\PEV.exe 2012-07-28 10:45:30 208896 ----a-w- c:\windows\MBR.exe 2012-07-24 23:56:02 -------- d-----w- c:\documents and settings\daniel\local settings\application data\{1FB73823-D5EB-11E1-8270-B8AC6F996F26} . ==================== Find3M ==================== . 2012-08-12 21:44:13 16608 ----a-w- c:\windows\gdrv.sys 2012-08-03 11:08:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-03 11:08:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-24 23:09:03 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-05-24 23:09:03 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-05-24 23:09:00 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin . ============= FINISH: 18:00:32.56 ===============
  2. daninthemoon
    i've tried running malwarebytes but am still having the same problem. here are my logs from dds. Thanks! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.