Jump to content

need immediate help


cd12
 Share

Recommended Posts

here's a log from roguekiller, i need to know, do i need to fix the first two entries immediately? please help, my computer is randomly shutting down and sometimes does not start up at all

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User : CD [Admin rights]

Mode : Scan -- Date : 09/26/2012 17:45:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\27627803 (system32\drivers\99551209.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\27627803 (system32\drivers\99551209.sys) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 practivate.adobe

127.0.0.1 practivate.adobe.com

127.0.0.1 practivate.adobe.newoa

127.0.0.1 practivate.adobe.ntp

127.0.0.1 practivate.adobe.ipp

127.0.0.1 adobeereg.com

127.0.0.1 activate.wip1.adobe.com

127.0.0.1 activate.wip2.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 activate.wip4.adobe.com

127.0.0.1 www.adobeereg.com

127.0.0.1 hl2rcv.adobe.com

127.0.0.1 wip.adobe.com

127.0.0.1 wip1.aobe.com

127.0.0.1 wip1.adobe.com

127.0.0.1 wip2.adobe.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ +++++

--- User ---

[MBR] dab16e94473c76b8b1bb89e067538023

[bSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 976756236 | Size: 6 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt</dot></at>

what is 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net and [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND?

oh yeah and tdss killer didnt find anything >_<

sorry there's no edit button xP

my step dad says it might be our nVidia GeForce card because they were updated, i mentioned this in my other thread but i didnt think much of that back then. We are gonna run hardware tests now so I guess you could delete this thread if there was nothing wrong with that log I posted

Link to post
Share on other sites

  • 2 weeks later...

Ok, sorry for the late reply. I hope you're still interested in helping me, because my browser and programs are always crashing >_< If I can't fix it then I have to buy a new pc for my uni studies bleh xPP

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.02.11

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Chantelle :: CHPC [administrator]

10/10/2012 1:26:28 AM

mbam-log-2012-10-10 (01-26-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208251

Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and dds log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.4.1

Run by Chantelle at 1:32:18 on 2012-10-10

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.934 [GMT 10:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Antivirus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mDefault_Page_URL = hxxp://au.yahoo.com

mStart Page = hxxp://au.yahoo.com

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DB65EA1-BD60-4828-87F7-7694878DE3E5} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{75334D8B-C951-4107-853A-CC17B8B18EE2} : DhcpNameServer = 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chantelle\application data\mozilla\firefox\profiles\b5bw4ja8.default\

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\webzen\browserextension\NPWZCmnCtrl.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-6-26 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-15 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-15 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-15 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-15 44808]

S0 27627803;27627803;c:\windows\system32\drivers\99551209.sys --> c:\windows\system32\drivers\99551209.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-10-25 80392]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-6-11 14416]

S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]

S3 xspirit;xspirit;\??\c:\windows\xspirit.sys --> c:\windows\xspirit.sys [?]

.

=============== Created Last 30 ================

.

2012-10-08 18:29:45 -------- d-----w- C:\Riot Games

2012-10-08 16:45:24 -------- d-----w- c:\windows\ServicePackFiles

2012-10-08 16:34:07 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2012-10-08 16:33:39 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2012-10-08 16:33:38 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-10-08 16:33:38 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2012-10-08 16:33:37 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2012-10-08 16:19:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2012-10-08 16:19:43 272128 ------w- c:\windows\system32\drivers\bthport.sys

2012-09-26 08:10:27 -------- d-----w- c:\program files\CPUID

2012-09-25 19:09:51 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-09-25 19:09:51 -------- d-----w- c:\windows\system32\wbem\Repository

2012-09-25 16:32:46 86016 ----a-w- c:\windows\system32\SET1A.tmp

2012-09-25 16:32:45 425984 ----a-w- c:\windows\system32\SETE.tmp

2012-09-25 16:32:44 6108928 ----a-w- c:\windows\system32\SET6.tmp

2012-09-25 16:32:44 159812 ----a-w- c:\windows\system32\SET9.tmp

2012-09-23 15:27:54 -------- d-----w- C:\temp

.

==================== Find3M ====================

.

2012-10-09 14:31:04 16608 ----a-w- c:\windows\gdrv.sys

2012-09-25 16:33:28 1095400 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-09-25 16:33:28 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-09-25 16:33:21 1095400 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-09-20 10:05:41 666720 ----a-w- c:\windows\system32\xsherlock.xem

2012-08-30 19:10:00 4494208 ----a-w- c:\windows\system32\nv4_disp(5).dll

2012-08-30 19:10:00 4494208 ----a-w- c:\windows\system32\nv4_disp(2).dll

2012-08-30 19:10:00 2376704 ----a-w- c:\windows\system32\nvapi(5).dll

2012-08-30 19:10:00 2376704 ----a-w- c:\windows\system32\nvapi(3).dll

2012-08-30 16:43:36 164200 ----a-w- c:\windows\system32\nvsvc32(3).exe

2012-08-30 16:43:36 164200 ----a-w- c:\windows\system32\nvsvc32(2).exe

2012-08-30 16:43:34 108392 ----a-w- c:\windows\system32\nvmctray(3).dll

2012-08-30 16:43:34 108392 ----a-w- c:\windows\system32\nvmctray(2).dll

2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr

2012-08-20 16:36:03 67952 ----a-w- c:\windows\system32\ptdllrun1.exe

.

============= FINISH: 1:33:31.15 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.