Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

am i infected?


  • This topic is locked This topic is locked
8 replies to this topic

#1 david teachman

david teachman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ontario canada
  • Local time:12:58 PM

Posted 25 August 2014 - 04:11 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.65.2
Run by David at 17:03:33 on 2014-08-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1271.421 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343325346761
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343325616875
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{128C6524-7793-489F-89EB-B448AACD8E90} : DHCPNameServer = 64.71.255.204 64.71.255.198
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - LocalServer32 - <no file>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\1raxkq95.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-25 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-25 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-8-25 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-25 414520]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-11 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2012-7-11 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-25 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-25 50344]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2010-6-3 139264]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
R3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [2013-8-21 90845]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-08-25 11:14:40    --------    d-----w-    c:\windows\jumpshot.com
2014-08-25 11:07:06    43152    ----a-w-    c:\windows\avastSS.scr
2014-08-25 11:06:15    --------    d-----w-    c:\documents and settings\david\application data\DropboxMaster
2014-08-25 11:05:44    --------    d-----w-    c:\program files\Dropbox
2014-08-25 11:03:20    --------    d-----w-    c:\documents and settings\david\application data\Dropbox
2014-08-25 10:59:53    --------    d-----w-    c:\documents and settings\david\application data\AVAST Software
2014-08-25 10:58:09    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-08-25 10:58:09    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-08-25 10:58:08    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 10:58:07    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 10:58:07    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-08-25 10:57:16    --------    d-----w-    c:\program files\AVAST Software
2014-08-25 07:16:42    --------    d-----w-    c:\program files\SpywareBlaster
2014-08-25 07:06:42    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-08-25 06:37:01    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 06:36:40    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-25 06:36:40    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-08-25 06:36:38    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-08-21 07:44:26    --------    d-----w-    c:\documents and settings\david\local settings\application data\Sun
2014-08-21 07:35:35    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-21 07:35:35    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-21 06:21:20    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-08-21 06:20:52    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-19 06:36:42    0    ----a-w-    c:\documents and settings\david\application data\419.tmp.exe
2014-08-19 06:36:41    0    ----a-w-    c:\documents and settings\david\application data\419.tmp
2014-08-17 23:46:44    0    ----a-w-    c:\documents and settings\david\application data\B5.tmp.exe
2014-08-17 23:46:44    0    ----a-w-    c:\documents and settings\david\application data\B5.tmp
2014-08-17 23:18:48    0    ----a-w-    c:\documents and settings\david\application data\2F.tmp.exe
2014-08-17 23:18:48    0    ----a-w-    c:\documents and settings\david\application data\2F.tmp
2014-08-03 09:53:47    188304    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-25 10:57:59    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1408964334234
2014-08-25 10:57:59    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1408964334234
2014-08-25 10:57:58    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1408964334234
2014-07-14 10:26:14    36152    ----a-w-    c:\windows\system32\TURegOpt.exe
2014-07-14 10:26:06    35640    ----a-w-    c:\windows\system32\uxtuneup.dll
2014-06-15 06:28:19    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1402813768531
2014-06-15 06:28:19    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1402813768531
.
============= FINISH: 17:03:50.81 ===============



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 PM

Posted 27 August 2014 - 07:38 AM

:welcome:

Hello david teachman,

my name is Jo and I will help you with your computer problems.


Why do you think your pc is infected?

Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 david teachman

david teachman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ontario canada
  • Local time:12:58 PM

Posted 28 August 2014 - 06:06 PM

it's going to take me awhile to get an ext. thanks all



#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 PM

Posted 31 August 2014 - 02:23 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 david teachman

david teachman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ontario canada
  • Local time:12:58 PM

Posted 31 August 2014 - 04:04 PM

yes but i dont have an external drive to back up  everything



#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 PM

Posted 31 August 2014 - 04:52 PM

It would be enough, if you backup only important private data on DVD or usb-stick.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 PM

Posted 05 September 2014 - 03:41 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.         


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 david teachman

david teachman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ontario canada
  • Local time:12:58 PM

Posted 05 September 2014 - 09:55 AM

again when i can back up my comp i will do it thanks



#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 PM

Posted 16 September 2014 - 02:48 AM

Due to inactivity this topic will be closed...

If you still need help, please open a new topic, thanks.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users