Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internetport3.exe shows up in processes after startup


  • This topic is locked This topic is locked
2 replies to this topic

#1 hoescj01

hoescj01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 July 2014 - 04:55 PM

I ran RougeKiller, AdwCleaner, and ComboFix but internetport3.exe has still shown up in the processes box upon startup.  I have been told that it is a bad file or process but the above programs did not eliminate it.  When I start up the computer, sometimes a small black screen opens up titled windows\system32\cmd.exe  Sometimes it closes on its own and others it will not allow my browser to open unless I shut off the computer and turn it back on.

 

I have followed steps 6 - 8 as advised.  Below are the dds log and ComboFix log.

 

Thank you in advance for any help you can offer.  This is not an emergency, just want to clear up things so it will notget worse.

 

Thanks

Jason

 

dds log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.60.2
Run by Jason at 15:09:03 on 2014-07-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3583.1864 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Real\RealPlayer\update\realsched.exe
F:\Program Files\AVAST Software\Avast\AvastUI.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\WINDOWS\system32\RunDLL32.exe
F:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\a\internetport3.exe
F:\Program Files\SUPERAntiSpyware\SASCORE.EXE
F:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\WINDOWS\system32\wbem\unsecapp.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
F:\Program Files\Java\jre7\bin\jqs.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\WINDOWS\system32\svchost.exe -k DcomLaunch
F:\WINDOWS\system32\svchost.exe -k rpcss
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k NetworkService
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\svchost.exe -k netsvcs
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:8877;https=127.0.0.1:8877;
uProxyOverride = <-loopback>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - f:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - f:\program files\java\jre7\bin\jp2ssv.dll
uRun: [cdloader] "f:\documents and settings\jason\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "f:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [AvastUI.exe] "f:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [HPDJ Taskbar Utility] f:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [autoauto] 1974284.bat
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvBackend] "f:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe"
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1376102259140
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{DB3035DA-08B3-440B-A2B7-0C106FFC0A6B} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - f:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\jason\application data\mozilla\firefox\profiles\4iswsyn0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - v9
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.type - 4
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: f:\documents and settings\jason\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: f:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: f:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: f:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: f:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: f:\windows\npMSDM.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;f:\windows\system32\drivers\aswRvrt.sys [2013-8-11 49944]
R0 aswVmm;avast! VM Monitor;f:\windows\system32\drivers\aswVmm.sys [2013-8-11 180632]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswsnx.sys [2013-8-11 777488]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswsp.sys [2013-8-11 411680]
R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;f:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswHwid;avast! HardwareID;f:\windows\system32\drivers\aswHwid.sys [2014-5-23 24184]
R2 aswMonFlt;aswMonFlt;f:\windows\system32\drivers\aswmonflt.sys [2013-8-11 67824]
R2 avast! Antivirus;avast! Antivirus;f:\program files\avast software\avast\AvastSvc.exe [2013-8-11 50344]
R2 NvNetworkService;NVIDIA Network Service;f:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-7-5 1617696]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;f:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;f:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-9-13 26032]
S3 esgiguard;esgiguard;\??\f:\program files\enigma software group\spyhunter\esgiguard.sys --> f:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-07-08 06:32:04    71344    ----a-w-    f:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 06:32:04    699056    ----a-w-    f:\windows\system32\FlashPlayerApp.exe
2014-07-08 06:29:09    145408    ----a-w-    f:\windows\system32\javacpl.cpl
2014-07-08 06:29:01    96680    ----a-w-    f:\windows\system32\WindowsAccessBridge.dll
2014-07-08 04:29:17    --------    d-sha-r-    F:\cmdcons
2014-07-08 04:26:15    98816    ----a-w-    f:\windows\sed.exe
2014-07-08 04:26:15    256000    ----a-w-    f:\windows\PEV.exe
2014-07-08 04:26:15    208896    ----a-w-    f:\windows\MBR.exe
2014-07-08 04:00:05    536576    ----a-w-    f:\windows\system32\sqlite3.dll
2014-07-08 03:57:01    --------    d-----w-    F:\AdwCleaner
2014-07-08 03:36:34    29696    ----a-w-    f:\windows\system32\drivers\TrueSight.sys
2014-07-08 03:36:34    --------    d-----w-    F:\Documents
2014-07-08 03:36:33    --------    d-----w-    f:\documents and settings\all users\application data\RogueKiller
2014-07-07 07:18:08    --------    d-----w-    f:\documents and settings\jason\local settings\application data\Valassis
2014-07-07 07:18:04    --------    d-----w-    f:\program files\Valassis
2014-07-06 04:48:59    3774821    ----a-w-    f:\windows\system32\nvcoproc.bin
2014-07-06 04:46:44    908744    ----a-w-    f:\windows\system32\nvdispgenco32.dll
2014-07-06 04:46:44    1056200    ----a-w-    f:\windows\system32\nvdispco32.dll
2014-07-05 18:10:51    --------    d-----w-    f:\documents and settings\all users\application data\RegRun
2014-07-05 17:58:30    2    --shatr-    f:\windows\winstart.bat
2014-07-05 17:58:10    --------    d-----w-    f:\program files\UnHackMe
2014-06-30 11:10:05    110296    ----a-w-    f:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-30 11:09:43    53208    ----a-w-    f:\windows\system32\drivers\mbamchameleon.sys
2014-06-30 11:09:42    --------    d-----w-    f:\program files\Malwarebytes Anti-Malware
2014-06-17 00:05:41    --------    d-----w-    f:\documents and settings\jason\application data\30709
.
==================== Find3M  ====================
.
2014-07-06 04:48:33    1154808    ----a-w-    f:\windows\system32\nvdrsdb0.bin
2014-07-06 04:48:33    1    ----a-w-    f:\windows\system32\nvdrssel.bin
2014-07-06 04:48:30    1154792    ----a-w-    f:\windows\system32\nvdrsdb1.bin
2014-06-11 08:34:12    895264    ----a-w-    f:\windows\system32\nvhdagenco3220103.dll
2014-06-11 08:34:12    28448    ----a-w-    f:\windows\system32\nvhdap32.dll
2014-06-11 08:34:12    129312    ----a-w-    f:\windows\system32\drivers\nvhda32.sys
2014-05-23 23:37:07    777488    ----a-w-    f:\windows\system32\drivers\aswsnx.sys
2014-05-23 23:36:40    67824    ----a-w-    f:\windows\system32\drivers\aswmonflt.sys
2014-05-23 23:36:40    49944    ----a-w-    f:\windows\system32\drivers\aswRvrt.sys
2014-05-23 23:36:40    43152    ----a-w-    f:\windows\avastSS.scr
2014-05-23 23:36:40    24184    ----a-w-    f:\windows\system32\drivers\aswHwid.sys
2014-05-23 23:36:40    180632    ----a-w-    f:\windows\system32\drivers\aswVmm.sys
2014-05-20 02:32:37    9715712    ----a-w-    f:\windows\system32\nvcuda.dll
2014-05-20 02:32:37    9682944    ----a-w-    f:\windows\system32\nvopencl.dll
2014-05-20 02:32:37    4141312    ----a-w-    f:\windows\system32\nv4_disp.dll
2014-05-20 02:32:37    2957088    ----a-w-    f:\windows\system32\nvcuvid.dll
2014-05-20 02:32:37    2667008    ----a-w-    f:\windows\system32\nvapi.dll
2014-05-20 02:32:37    2412376    ----a-w-    f:\windows\system32\nvcuvenc.dll
2014-05-20 02:32:37    23343104    ----a-w-    f:\windows\system32\nvoglnt.dll
2014-05-20 02:32:37    17551360    ----a-w-    f:\windows\system32\nvcompiler.dll
2014-05-20 02:32:37    12692296    ----a-w-    f:\windows\system32\drivers\nv4_mini.sys
2014-05-20 00:38:21    54272    ----a-w-    f:\windows\system32\nvwddi.dll
2014-05-20 00:38:21    158152    ----a-w-    f:\windows\system32\nvsvc32.exe
2014-05-20 00:38:21    15717664    ----a-w-    f:\windows\system32\nvcpl.dll
2014-05-20 00:38:20    377288    ----a-w-    f:\windows\system32\nvmctray.dll
2014-05-20 00:38:20    143192    ----a-w-    f:\windows\system32\nvcolor.exe
2014-05-12 12:25:54    23256    ----a-w-    f:\windows\system32\drivers\mbam.sys
2014-04-17 11:32:18    19    ----a-w-    f:\windows\system32\1974284.bat
2006-02-28 12:00:00    94784    --sh--w-    f:\windows\twain.dll
2008-04-14 10:42:08    50688    --sh--w-    f:\windows\twain_32.dll
2011-02-08 13:33:55    978944    --sh--w-    f:\windows\system32\mfc42.dll
2008-04-14 10:42:02    57344    --sh--w-    f:\windows\system32\msvcirt.dll
2008-04-14 10:42:02    413696    --sh--w-    f:\windows\system32\msvcp60.dll
2013-01-26 03:55:44    552448    --sh--w-    f:\windows\system32\oleaut32.dll
2008-04-14 10:42:34    11776    --sh--w-    f:\windows\system32\regsvr32.exe
.
============= FINISH: 15:09:23.25 ===============
 

 

ComboFix log

 

ComboFix 14-07-08.01 - Jason 07/08/2014  15:20:37.2.6 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3583.2798 [GMT -5:00]
Running from: f:\documents and settings\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\program files\Java\jre7\bin\jp2ssv.dll
.
Infected copy of f:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - f:\windows\erdnt\cache\kernel32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-08 to 2014-07-08  )))))))))))))))))))))))))))))))
.
.
2014-07-08 06:32 . 2014-07-08 06:32    71344    ----a-w-    f:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 06:32 . 2014-07-08 06:32    699056    ----a-w-    f:\windows\system32\FlashPlayerApp.exe
2014-07-08 06:29 . 2014-07-08 06:29    --------    d-----w-    f:\program files\Common Files\Java
2014-07-08 06:29 . 2014-07-08 06:28    145408    ----a-w-    f:\windows\system32\javacpl.cpl
2014-07-08 06:29 . 2014-07-08 06:28    96680    ----a-w-    f:\windows\system32\WindowsAccessBridge.dll
2014-07-08 06:28 . 2014-07-08 06:28    --------    d-----w-    f:\program files\Java
2014-07-08 04:00 . 2010-08-30 13:34    536576    ----a-w-    f:\windows\system32\sqlite3.dll
2014-07-08 03:57 . 2014-07-08 04:08    --------    d-----w-    F:\AdwCleaner
2014-07-08 03:36 . 2014-07-08 03:49    29696    ----a-w-    f:\windows\system32\drivers\TrueSight.sys
2014-07-08 03:36 . 2014-07-08 03:36    --------    d-----w-    F:\Documents
2014-07-08 03:36 . 2014-07-08 03:36    --------    d-----w-    f:\documents and settings\All Users\Application Data\RogueKiller
2014-07-07 07:18 . 2014-07-07 07:18    --------    d-----w-    f:\documents and settings\Jason\Local Settings\Application Data\Valassis
2014-07-07 07:18 . 2014-07-07 07:18    --------    d-----w-    f:\program files\Valassis
2014-07-06 08:59 . 2014-07-06 09:00    --------    d-----w-    f:\documents and settings\John Cochran HUD System\Wordpress
2014-07-06 04:49 . 2014-07-06 04:49    --------    d-----w-    f:\program files\AGEIA Technologies
2014-07-06 04:48 . 2014-05-13 19:18    3774821    ----a-w-    f:\windows\system32\nvcoproc.bin
2014-07-06 04:46 . 2014-05-20 02:32    908744    ----a-w-    f:\windows\system32\nvdispgenco32.dll
2014-07-06 04:46 . 2014-05-20 02:32    1056200    ----a-w-    f:\windows\system32\nvdispco32.dll
2014-07-06 04:33 . 2014-07-06 04:33    --------    d-----w-    f:\documents and settings\Jason\Application Data\Oracle
2014-07-05 18:10 . 2014-07-05 18:10    --------    d-----w-    f:\documents and settings\All Users\Application Data\RegRun
2014-07-05 17:58 . 2014-07-05 17:58    2    --shatr-    f:\windows\winstart.bat
2014-07-05 17:58 . 2014-07-05 18:36    --------    d-----w-    f:\program files\UnHackMe
2014-06-30 11:10 . 2014-07-04 20:33    110296    ----a-w-    f:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-30 11:09 . 2014-05-12 12:26    53208    ----a-w-    f:\windows\system32\drivers\mbamchameleon.sys
2014-06-30 11:09 . 2014-06-30 11:09    --------    d-----w-    f:\program files\Malwarebytes Anti-Malware
2014-06-20 04:45 . 2014-06-20 05:19    --------    d-----w-    f:\documents and settings\MGC Mortgage
2014-06-17 00:05 . 2014-07-03 19:33    --------    d-----w-    f:\documents and settings\Jason\Application Data\30709
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 08:34 . 2013-08-10 05:52    895264    ----a-w-    f:\windows\system32\nvhdagenco3220103.dll
2014-06-11 08:34 . 2013-08-10 05:52    28448    ----a-w-    f:\windows\system32\nvhdap32.dll
2014-06-11 08:34 . 2013-08-10 05:52    129312    ----a-w-    f:\windows\system32\drivers\nvhda32.sys
2014-05-23 23:37 . 2013-08-11 17:31    411680    ----a-w-    f:\windows\system32\drivers\aswsp.sys
2014-05-23 23:37 . 2013-08-11 17:31    54832    ----a-w-    f:\windows\system32\drivers\aswrdr.sys
2014-05-23 23:37 . 2013-08-11 17:31    777488    ----a-w-    f:\windows\system32\drivers\aswsnx.sys
2014-05-23 23:36 . 2013-08-11 17:31    57672    ----a-w-    f:\windows\system32\drivers\aswTdi.sys
2014-05-23 23:36 . 2014-05-23 23:36    24184    ----a-w-    f:\windows\system32\drivers\aswHwid.sys
2014-05-23 23:36 . 2014-05-23 23:36    43152    ----a-w-    f:\windows\avastSS.scr
2014-05-23 23:36 . 2013-08-11 17:31    180632    ----a-w-    f:\windows\system32\drivers\aswVmm.sys
2014-05-23 23:36 . 2013-08-11 17:31    49944    ----a-w-    f:\windows\system32\drivers\aswRvrt.sys
2014-05-23 23:36 . 2013-08-11 17:31    67824    ----a-w-    f:\windows\system32\drivers\aswmonflt.sys
2014-05-23 23:36 . 2013-08-11 17:31    271264    ----a-w-    f:\windows\system32\aswBoot.exe
2014-05-20 02:32 . 2013-08-10 05:52    9682944    ----a-w-    f:\windows\system32\nvopencl.dll
2014-05-20 02:32 . 2013-08-10 03:17    9715712    ----a-w-    f:\windows\system32\nvcuda.dll
2014-05-20 02:32 . 2013-08-10 03:17    4141312    ----a-w-    f:\windows\system32\nv4_disp.dll
2014-05-20 02:32 . 2013-08-10 03:17    2957088    ----a-w-    f:\windows\system32\nvcuvid.dll
2014-05-20 02:32 . 2013-08-10 03:17    2667008    ----a-w-    f:\windows\system32\nvapi.dll
2014-05-20 02:32 . 2013-08-10 03:17    2412376    ----a-w-    f:\windows\system32\nvcuvenc.dll
2014-05-20 02:32 . 2013-08-10 03:17    23343104    ----a-w-    f:\windows\system32\nvoglnt.dll
2014-05-20 02:32 . 2013-08-10 03:17    17551360    ----a-w-    f:\windows\system32\nvcompiler.dll
2014-05-20 02:32 . 2013-08-10 03:17    12692296    ----a-w-    f:\windows\system32\drivers\nv4_mini.sys
2014-05-20 00:38 . 2013-08-10 03:17    158152    ----a-w-    f:\windows\system32\nvsvc32.exe
2014-05-20 00:38 . 2013-08-10 03:17    15717664    ----a-w-    f:\windows\system32\nvcpl.dll
2014-05-20 00:38 . 2013-08-10 03:17    54272    ----a-w-    f:\windows\system32\nvwddi.dll
2014-05-20 00:38 . 2013-08-10 03:17    377288    ----a-w-    f:\windows\system32\nvmctray.dll
2014-05-20 00:38 . 2013-08-10 03:17    143192    ----a-w-    f:\windows\system32\nvcolor.exe
2014-05-12 12:25 . 2013-08-11 03:16    23256    ----a-w-    f:\windows\system32\drivers\mbam.sys
2014-04-17 11:32 . 2014-04-17 11:32    19    ----a-w-    f:\windows\system32\1974284.bat
2006-02-28 12:00    94784    --sh--w-    f:\windows\twain.dll
2008-04-14 10:42    50688    --sh--w-    f:\windows\twain_32.dll
2011-02-08 13:33    978944    --sh--w-    f:\windows\system32\mfc42.dll
2008-04-14 10:42    57344    --sh--w-    f:\windows\system32\msvcirt.dll
2008-04-14 10:42    413696    --sh--w-    f:\windows\system32\msvcp60.dll
2013-01-26 03:55    552448    --sh--w-    f:\windows\system32\oleaut32.dll
2008-04-14 10:42    11776    --sh--w-    f:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-23 23:36    260976    ----a-w-    f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="f:\documents and settings\Jason\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="f:\program files\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]
"AvastUI.exe"="f:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"HPDJ Taskbar Utility"="f:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 196608]
"autoauto"="1974284.bat" [2014-04-17 19]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2014-05-20 15717664]
"NvMediaCenter"="NvMCTray.dll" [2014-05-20 377288]
"NvBackend"="f:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Documents and Settings\\Jason\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\a\\internetport3.exe"=
"f:\\Documents and Settings\\Jason\\Application Data\\mjusbsp\\magicJack.exe"=
"f:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
.
R0 aswRvrt;avast! Revert;f:\windows\system32\drivers\aswRvrt.sys [8/11/2013 12:31 PM 49944]
R0 aswVmm;avast! VM Monitor;f:\windows\system32\drivers\aswVmm.sys [8/11/2013 12:31 PM 180632]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswsnx.sys [8/11/2013 12:31 PM 777488]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswsp.sys [8/11/2013 12:31 PM 411680]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 3:11 PM 119056]
R2 aswHwid;avast! HardwareID;f:\windows\system32\drivers\aswHwid.sys [5/23/2014 6:36 PM 24184]
R2 aswMonFlt;aswMonFlt;f:\windows\system32\drivers\aswmonflt.sys [8/11/2013 12:31 PM 67824]
R2 NvNetworkService;NVIDIA Network Service;f:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [7/5/2014 11:49 PM 1617696]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;f:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;f:\windows\system32\drivers\Apowersoft_AudioDevice.sys [9/13/2013 9:55 PM 26032]
S3 esgiguard;esgiguard;\??\f:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> f:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15 06:32]
.
2014-07-08 f:\windows\Tasks\avast! Emergency Update.job
- f:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23 23:36]
.
2014-07-08 f:\windows\Tasks\G2MUpdateTask-S-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-20 09:45]
.
2014-07-08 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-07-08 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-06-30 f:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19]
.
2014-07-08 f:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2014-07-02 f:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2014-07-08 f:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-07-08 f:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1770027372-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877;
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - f:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\4iswsyn0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - v9
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-08 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ca,82,b8,55,d4,04,b5,cf,cc,5b,24,97
"LastWPAEventLogged"=hex:dd,07,0b,00,05,00,08,00,14,00,32,00,34,00,22,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2796)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\AVAST Software\Avast\AvastSvc.exe
f:\program files\Java\jre7\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\pctspk.exe
f:\windows\system32\RunDLL32.exe
c:\a\internetport3.exe
f:\windows\system32\wbem\unsecapp.exe
f:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-07-08  15:29:09 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-08 20:29
ComboFix2.txt  2014-07-08 04:38
.
Pre-Run: 630,020,419,584 bytes free
Post-Run: 630,093,082,624 bytes free
.
- - End Of File - - 4D53467977F486FC0833F3539DF43D88
8F558EB6672622401DA993E1E865C861
 



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 09 July 2014 - 07:24 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 PM

Posted 03 September 2014 - 06:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users