Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Computer Infected?

  • Please log in to reply
2 replies to this topic

#1 Ninamarie719


  • Members
  • 5 posts
  • Local time:02:12 PM

Posted 22 February 2013 - 09:40 AM

 Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/481166/computer-infected-with-malware/#entry2984728 - Hamluis.



Results of screen317's Security Check version 0.99.59  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version  
 Adobe Reader 10.1.2 Adobe Reader out of Date!  
 Mozilla Firefox 18.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Edited by hamluis, 22 February 2013 - 09:45 AM.
PM sent new OP - Hamluis.

BC AdBot (Login to Remove)


#2 Ninamarie719

  • Topic Starter

  • Members
  • 5 posts
  • Local time:02:12 PM

Posted 22 February 2013 - 09:41 AM

Farbar Service Scanner Version: 20-02-2013
Ran by NJ (administrator) on 22-02-2013 at 09:41:08
Running from "D:\Users\NJ\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal

Internet Services:

Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Security Center:

Windows Update:

Windows Autoupdate Disabled Policy:

File Check:
D:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
D:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
D:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
D:\WINDOWS\system32\netman.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
D:\WINDOWS\system32\srsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
D:\WINDOWS\system32\wscsvc.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
[2011-01-06 04:34] - [2007-03-10 23:13] - 0018392 ____A (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E

D:\WINDOWS\system32\qmgr.dll => MD5 is legit
D:\WINDOWS\system32\es.dll => MD5 is legit
D:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
D:\WINDOWS\system32\svchost.exe => MD5 is legit
D:\WINDOWS\system32\rpcss.dll => MD5 is legit
[2004-08-03 20:07] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
IpSec Tag value is correct.

**** End of log ****

#3 narenxp


  • BC Advisor
  • 16,371 posts
  • Gender:Male
  • Location:India
  • Local time:02:12 PM

Posted 22 February 2013 - 09:56 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply




  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


ESET Online Scanner


I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users