Jump to content

I'm Infected, Help please!

roboma562
 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello roboma562 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

What exactly is your problem?

Link to post
Share on other sites
roboma562

roboma562

Posted
  • Author
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/9/2013 4:46:16 PM

System Uptime: 5/10/2013 12:10:03 PM (2 hours ago)

.

Motherboard: Intel Corporation | | DP43TF

Processor: Intel Pentium III Xeon processor | LGA775 | 2659/333mhz

Processor: Intel Pentium III Xeon processor | LGA775 | 2660/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 38 GiB total, 32.883 GiB free.

Z: is FIXED (NTFS) - 298 GiB total, 275.293 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Audio Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0001

Manufacturer:

Name: Audio Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0001

Service:

.

Class GUID:

Description: Audio Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0101

Manufacturer:

Name: Audio Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0101

Service:

.

Class GUID:

Description: Audio Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0201

Manufacturer:

Name: Audio Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0201

Service:

.

Class GUID:

Description: Audio Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0301

Manufacturer:

Name: Audio Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0016&SUBSYS_10DE0101&REV_1001\5&15D0CC32&0&0301

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_00248086&REV_00\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_00248086&REV_00\3&11583659&0&FB

Service:

.

==== System Restore Points ===================

.

RP1: 5/9/2013 4:49:41 PM - System Checkpoint

RP2: 5/9/2013 5:24:48 PM - Installed VC90_CRT_x86.

RP3: 5/9/2013 5:24:52 PM - Installed Intel® Network Connections.

RP4: 5/9/2013 5:50:40 PM - avast! Free Antivirus Setup

RP5: 5/9/2013 5:59:39 PM - Installed Realtek High Definition Audio Driver

RP6: 5/9/2013 6:11:32 PM - Removed Intel® Network Connections.

RP7: 5/9/2013 6:11:48 PM - Intel® Network Connections

RP8: 5/9/2013 6:12:08 PM - Installed Intel® Network Connections.

RP9: 5/9/2013 6:19:14 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP10: 5/9/2013 6:19:26 PM - Installed League of Legends

RP11: 5/9/2013 6:19:33 PM - Installed DirectX

RP12: 5/9/2013 6:35:11 PM - Installed Realtek High Definition Audio Driver

RP13: 5/9/2013 6:35:31 PM - Installed Windows XP KB888111WXPSP2.

RP14: 5/9/2013 7:34:59 PM - Installed Steam

RP15: 5/9/2013 8:20:26 PM - Removed DriverUpdate

.

==== Installed Programs ======================

.

avast! Free Antivirus

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Intel® Management Engine Interface

Intel® Network Connections 18.2.57.0

League of Legends

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA nView 136.53

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.12.12

NVIDIA Update Components

Pando Media Booster

Realtek High Definition Audio Driver

Skype™ 6.3

Star Wars - Battlefront II

Steam

Team Fortress 2

Update for Windows XP (KB911164)

VC_CRT_x86

WebFldrs XP

.

==== Event Viewer Messages From Past Week ========

.

5/9/2013 8:20:35 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

5/9/2013 7:20:05 PM, error: atapi [9] - The device, \Device\Ide\IdePort5, did not respond within the timeout period.

5/9/2013 7:20:05 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort5.

.

==== End Of File ===========================

Link to post
Share on other sites
roboma562

roboma562

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 6.0.2900.2180

Run by Tyler Computer at 14:38:27 on 2013-05-10

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3580.1770 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

Z:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IProsetMonitor.exe

Z:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

Z:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

Z:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RunDLL32.exe

Z:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\wpabaln.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

Z:\Program Files\Steam\Steam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Skype\Phone\Skype.exe

Z:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

Z:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe

Z:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uRun: [steam] "z:\program files\steam\Steam.exe" -silent

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [avast] "z:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [RTHDCPL] RTHDCPL.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368141429703

TCP: NameServer = 192.168.1.1 209.18.47.62

TCP: Interfaces\{2F474662-AC1A-40C5-8595-2C68D61A72B4} : DHCPNameServer = 192.168.1.1 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-9 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-9 174664]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-9 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-9 368944]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-9 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-9 66336]

R2 avast! Antivirus;avast! Antivirus;z:\program files\avast software\avast\AvastSvc.exe [2013-5-9 46808]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2013-2-23 121088]

R2 MBAMScheduler;MBAMScheduler;z:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-10 418376]

R2 MBAMService;MBAMService;z:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-10 701512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-4-7 250584]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-10 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-5-9 1691480]

.

=============== Created Last 30 ================

.

2013-05-10 07:07:18 -------- d-----w- c:\documents and settings\tyler computer\application data\Malwarebytes

2013-05-10 07:06:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-05-10 07:06:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-10 05:59:57 40832 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-05-10 05:59:55 981528 ----a-w- c:\windows\system32\heciudlg.exe

2013-05-10 05:59:55 319456 ----a-w- c:\windows\system32\difxapi.dll

2013-05-10 05:59:51 -------- d-----w- C:\Intel

2013-05-10 01:49:40 -------- d-----r- c:\program files\Skype

2013-05-10 01:14:05 -------- d-----w- c:\documents and settings\tyler computer\application data\LolClient

2013-05-10 00:35:05 -------- d-----w- c:\program files\common files\Steam

2013-05-09 23:38:04 -------- d-----w- c:\windows\system32\Lang

2013-05-09 23:36:03 -------- d-----w- c:\windows\system32\RTCOM

2013-05-09 23:19:36 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2013-05-09 23:19:36 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2013-05-09 23:19:36 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2013-05-09 23:19:36 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2013-05-09 23:19:34 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2013-05-09 23:19:31 -------- d-----w- c:\windows\Logs

2013-05-09 23:19:30 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-05-09 23:19:05 -------- d-----w- c:\documents and settings\tyler computer\local settings\application data\PMB Files

2013-05-09 23:19:01 -------- d-----w- c:\documents and settings\all users\application data\PMB Files

2013-05-09 23:18:53 -------- d-----w- c:\program files\Pando Networks

2013-05-09 23:18:17 -------- d-----w- c:\documents and settings\tyler computer\application data\Riot Games

2013-05-09 23:16:53 -------- d-s---w- c:\documents and settings\tyler computer\UserData

2013-05-09 23:11:55 -------- d-----w- c:\windows\system32\ReinstallBackups

2013-05-09 23:04:21 -------- d-----w- c:\documents and settings\tyler computer\local settings\application data\SlimWare Utilities Inc

2013-05-09 22:59:39 -------- d-----w- c:\program files\Realtek

2013-05-09 22:59:34 2079816 ----a-w- c:\windows\RtlExUpd.dll

2013-05-09 22:59:33 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2013-05-09 22:59:33 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2013-05-09 22:59:32 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2013-05-09 22:59:32 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2013-05-09 22:59:32 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2013-05-09 22:59:32 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2013-05-09 22:59:31 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2013-05-09 22:59:30 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2013-05-09 22:51:21 -------- d-----w- c:\documents and settings\tyler computer\local settings\application data\Google

2013-05-09 22:51:16 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-09 22:51:15 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 22:51:15 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-09 22:51:13 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 22:50:54 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 22:49:40 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2013-05-09 22:39:19 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2013-05-09 22:39:08 223008 ----a-w- c:\windows\system32\nvmctray.dll

2013-05-09 22:39:08 156960 ----a-w- c:\windows\system32\nvsvc32.exe

2013-05-09 22:39:08 15668512 ----a-w- c:\windows\system32\nvcpl.dll

2013-05-09 22:39:08 144160 ----a-w- c:\windows\system32\nvcolor.exe

2013-05-09 22:39:07 54272 ----a-w- c:\windows\system32\nvwddi.dll

2013-05-09 22:37:35 -------- d-----w- c:\program files\NVIDIA Corporation

2013-05-09 22:37:19 -------- d-----w- C:\NVIDIA

2013-05-09 22:24:43 302392 ----a-w- c:\windows\system32\PROUnstl.exe

.

==================== Find3M ====================

.

2013-05-09 22:38:51 1083296 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-05-09 22:38:51 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-05-09 22:38:48 1083296 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-03-30 02:42:40 5444680 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2013-03-27 21:57:08 79432 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll

2013-03-18 21:27:30 644824 ----a-w- c:\windows\system32\ncs2dmix.dll

2013-03-18 21:27:28 552664 ----a-w- c:\windows\system32\accesor.dll

2013-03-18 21:21:42 164568 ----a-w- c:\windows\system32\ncs2instutility.dll

2013-03-18 21:20:00 2551000 ----a-w- c:\windows\system32\ncscolib.dll

2013-03-15 05:47:17 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll

2013-03-15 05:47:17 7745536 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:47:17 65536 ----a-w- c:\windows\system32\OpenCL.dll

2013-03-15 05:47:17 6074368 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:47:17 4079104 ----a-w- c:\windows\system32\nv4_disp.dll

2013-03-15 05:47:17 2733344 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:47:17 2490368 ----a-w- c:\windows\system32\nvapi.dll

2013-03-15 05:47:17 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:47:17 19689472 ----a-w- c:\windows\system32\nvoglnt.dll

2013-03-15 05:47:17 17551360 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:47:17 10713024 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2013-03-15 05:47:17 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll

2013-03-12 19:58:34 20143688 ----a-w- c:\windows\RTHDCPL.EXE

2013-03-05 20:37:20 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL

2013-02-23 10:00:22 187392 ----a-w- c:\windows\system32\Ncs2Setp.dll

2013-02-23 09:44:30 121088 ----a-w- c:\windows\system32\IPROSetMonitor.exe

2013-02-21 13:18:48 31048 ----a-w- c:\windows\system32\drivers\iqvw32.sys

.

============= FINISH: 14:38:56.92 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • RogueKiller log

Link to post
Share on other sites
roboma562

roboma562

Posted
  • Author
Posted

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.10.09

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Tyler Computer :: TYLER [administrator]

Protection: Enabled

5/10/2013 2:59:03 PM

mbam-log-2013-05-10 (14-59-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211530

Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User : Tyler Computer [Admin rights]

Mode : Scan -- Date : 05/10/2013 15:08:44

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++

--- User ---

[MBR] 84e7f7987e0591ad78e9d10ecb487f6e

[bSP] dda3c196df0daa6530ef506af0487a59 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39197 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00G3A0 +++++

--- User ---

[MBR] 4cb32b8c918e83bbd7f6e7b51837e1fb

[bSP] c41298e3eeb0309ddfd70bf1ed9615b9 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 305235 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05102013_02d1508.txt >>

RKreport[1]_S_05102013_02d1508.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites
roboma562

roboma562

Posted
  • Author
Posted

There wasn't any option to "List Threats". It did say that No Threats were found though and It just had a "Finish" button, which closed ESET.

The RogueKiller found something however from the previous step, not sure what you wanted me to do with that

"¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND" (pasted from the LOG in RogueKiller)

Would you like me to click delete on that?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
Would you like me to click delete on that?

No, I wouldn't. This is legitimate entrie. Just follow my instructions.

And please, do not bump your thread. As soon as I'm here will check the progress and answer.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
roboma562

roboma562

Posted
  • Author
Posted

ComboFix 13-05-11.01 - Tyler Computer 05/11/2013 23:53:33.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3580.2090 [GMT -5:00]

Running from: c:\documents and settings\Tyler Computer\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-12 to 2013-05-12 )))))))))))))))))))))))))))))))

.

.

2013-05-10 05:59 . 2013-05-10 05:59 -------- d-----w- C:\Intel

2013-05-09 22:37 . 2013-05-09 22:37 -------- d-----w- C:\NVIDIA

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-18 21:27 . 2013-03-18 21:27 644824 ----a-w- c:\windows\system32\ncs2dmix.dll

2013-03-18 21:27 . 2013-03-18 21:27 552664 ----a-w- c:\windows\system32\accesor.dll

2013-03-18 21:21 . 2013-03-18 21:21 164568 ----a-w- c:\windows\system32\ncs2instutility.dll

2013-03-18 21:20 . 2013-03-18 21:20 2551000 ----a-w- c:\windows\system32\ncscolib.dll

2013-02-23 10:00 . 2013-02-23 10:00 187392 ----a-w- c:\windows\system32\Ncs2Setp.dll

2013-02-23 09:44 . 2013-02-23 09:44 121088 ----a-w- c:\windows\system32\IPROSetMonitor.exe

2013-02-21 13:18 . 2013-02-21 13:18 31048 ----a-w- c:\windows\system32\drivers\iqvw32.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- z:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="z:\program files\Steam\Steam.exe" [2013-05-03 1635752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]

"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]

"avast"="z:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"z:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"z:\\Program Files\\Steam\\SteamApps\\common\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=

"z:\\Program Files\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"z:\\Program Files\\Steam\\SteamApps\\common\\Counter-Strike Source\\hl2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56682:TCP"= 56682:TCP:Pando Media Booster

"56682:UDP"= 56682:UDP:Pando Media Booster

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5/9/2013 5:51 PM 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5/9/2013 5:51 PM 174664]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/9/2013 5:51 PM 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/9/2013 5:51 PM 368944]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/9/2013 5:51 PM 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/9/2013 5:51 PM 66336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2/23/2013 4:44 AM 121088]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/7/2010 4:06 PM 250584]

S2 MBAMScheduler;MBAMScheduler;z:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/10/2013 2:06 AM 418376]

S2 MBAMService;MBAMService;z:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/10/2013 2:06 AM 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/9/2013 6:35 PM 1691480]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/10/2013 2:06 AM 22856]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-09 22:52 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-11 c:\windows\Tasks\avast! Emergency Update.job

- z:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09 08:58]

.

2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-09 22:51]

.

2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-09 22:51]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1 209.18.47.62

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-11 23:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2013-05-11 23:58:14

ComboFix-quarantined-files.txt 2013-05-12 04:58

.

Pre-Run: 31,539,142,656 bytes free

Post-Run: 31,864,217,600 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 31E00D66030FD1A6C0DBC52C879CCD63

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.