Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Peerblock alerts me to all kinds of ap2p and botnet ranges coming from my source


  • This topic is locked This topic is locked
20 replies to this topic

#1 evilfix

evilfix

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 19 February 2015 - 04:51 PM

I ran some tests from reading the forums here, located at:

 

http://www.bleepingcomputer.com/forums/t/567542/peerblock-alerting-me-to-several-ap2p-and-botnets/

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by User (administrator) on COMPUTER_1 on 19-02-2015 15:41:57
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available profiles: User & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Wyzo\wyzo.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(UltraVNC) C:\x86\winvnc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(PS3 Media Server) C:\Program Files\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Program Files\PS3 Media Server\jre\bin\javaw.exe
(Radical Software Ltd.) C:\Program Files\Wyzo\wyzo.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PeerBlock.lnk
ShortcutTarget: PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to winvnc.lnk
ShortcutTarget: Shortcut to winvnc.lnk -> C:\x86\winvnc.exe (UltraVNC)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\µTorrent.lnk
ShortcutTarget: µTorrent.lnk -> C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-796845957-220523388-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-796845957-220523388-1417001333-1003 -> DefaultScope {9B42D1C1-75C0-4582-A27F-61F647AAB669} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-796845957-220523388-1417001333-1003 -> {9B42D1C1-75C0-4582-A27F-61F647AAB669} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} http://76.125.129.86/webviewer.cab
DPF: {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} http://76.125.129.86/GVersionMan.cab
DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://76.125.126.59/cgi-bin/design/html_template/WebACS.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1B43DDCC-513A-4266-BD8B-1C121F44E69A}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xlrkmst5.default
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-796845957-220523388-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npupd62.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\upd62i9x.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\upd62int.dll ()
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xlrkmst5.default\Extensions\artur.dubovoy@gmail.com [2015-02-14]
FF Extension: MEGA - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xlrkmst5.default\Extensions\firefox@mega.co.nz.xpi [2014-11-28]
FF Extension: Boomerang for GMail - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xlrkmst5.default\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2014-10-18]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xlrkmst5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-10]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-10]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-05-03] () [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-11] (Oracle Corporation)
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2014-11-26] ()
S3 SDScannerService; "F:\Tools\Spybot\SDFSSvc.exe" [X]
S3 SDUpdateService; "F:\Tools\Spybot\SDUpdSvc.exe" [X]
S2 SDWSCService; "F:\Tools\Spybot\SDWSCSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R3 HssDrv; C:\WINDOWS\System32\DRIVERS\HssDrv.sys [43720 2014-05-16] (AnchorFree Inc.)
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-14] ()
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed]
R2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [76288 2004-05-14] (Rainbow Technologies, Inc.) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S0 5ef85e9ab958160e; \SystemRoot\System32\Drivers\5ef85e9ab958160e.sys [X]
S3 ATICDSDr; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ATICDSDr.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S3 SMCWGU(SMC); system32\DRIVERS\SMCWGU.sys [X]
U1 WS2IFSL; No ImagePath
S3 WUSB54GSCV2; system32\DRIVERS\WUSB54GSCV2.sys [X]
S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 15:40 - 2015-02-19 15:42 - 00000000 ____D () C:\FRST
2015-02-19 15:23 - 2015-02-19 15:28 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2015-02-18 17:21 - 2015-02-18 17:25 - 00004729 _____ () C:\Documents and Settings\User\Desktop\aswMBR.txt
2015-02-18 17:21 - 2015-02-18 17:25 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2015-02-18 16:37 - 2015-02-18 16:37 - 01290240 _____ () C:\Documents and Settings\User\Desktop\Scrap.shs
2015-02-18 01:19 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2015-02-18 01:19 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2015-02-18 01:17 - 2015-02-18 04:04 - 00000000 ____D () C:\VIPRERESCUE
2015-02-18 01:12 - 2015-02-18 01:12 - 00028949 _____ () C:\Documents and Settings\User\Desktop\bookmarks-2015-02-18.json
2015-02-18 01:09 - 2015-02-18 01:09 - 00001976 _____ () C:\Documents and Settings\User\Desktop\windows legit copy.txt
2015-02-17 23:12 - 2015-02-18 00:25 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Panda Security
2015-02-17 23:11 - 2015-02-18 15:32 - 00065536 _____ () C:\WINDOWS\system32\config\Nano.evt
2015-02-17 23:10 - 2015-02-18 15:34 - 00000000 ____D () C:\Program Files\Panda Security
2015-02-17 23:07 - 2015-02-18 00:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
2015-02-17 21:26 - 2015-02-17 21:26 - 00000665 _____ () C:\Documents and Settings\User\Desktop\FreeSSHd.lnk
2015-02-17 21:25 - 2015-02-17 21:26 - 00000000 ____D () C:\Program Files\freeSSHd
2015-02-17 21:25 - 2015-02-17 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\freeSSHd
2015-02-12 02:10 - 2015-02-12 02:10 - 00000000 ____D () C:\Program Files\Hotspot Shield
2015-02-12 02:10 - 2014-05-16 20:33 - 00043720 _____ (AnchorFree Inc.) C:\WINDOWS\system32\Drivers\HssDrv.sys
2015-02-11 18:24 - 2015-02-11 18:24 - 00000000 ____D () C:\Documents and Settings\User\Airstream
2015-02-11 18:23 - 2015-02-12 02:11 - 00000000 ____D () C:\Program Files\AirStream-Suite
2015-02-11 18:04 - 2015-02-11 18:04 - 00000000 ____D () C:\Documents and Settings\User\My Documents\AirOfflineConvert
2015-02-11 18:03 - 2015-02-11 18:04 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Digiarty
2015-02-11 18:03 - 2015-02-11 18:03 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-11 18:03 - 2015-02-11 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2015-02-11 15:52 - 2015-02-11 15:52 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Radical Software Ltd
2015-02-11 15:52 - 2015-02-11 15:52 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Radical Software Ltd
2015-02-11 15:51 - 2015-02-11 15:51 - 00001488 _____ () C:\Documents and Settings\User\Desktop\Wyzo.lnk
2015-02-11 15:51 - 2015-02-11 15:51 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Wyzo
2015-02-11 15:50 - 2015-02-18 16:19 - 00000000 ____D () C:\Program Files\Wyzo
2015-02-05 22:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-02-05 22:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-02-05 22:11 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-02-05 22:11 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-02-05 22:11 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-02-05 22:11 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2015-02-05 22:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2015-02-05 22:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2015-02-05 22:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2015-02-05 22:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2015-02-05 22:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2015-02-05 22:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-02-05 22:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2015-02-05 22:11 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2015-02-05 22:11 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2015-02-05 22:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2015-02-05 22:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2015-02-05 22:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2015-02-05 22:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2015-02-05 22:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2015-02-05 22:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-02-05 22:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-02-05 22:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-02-05 22:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-02-05 22:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-02-05 22:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-02-05 22:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-02-05 22:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-02-05 22:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-02-05 22:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-02-05 22:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-02-05 22:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-02-05 22:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-02-05 22:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2015-02-05 22:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2015-02-05 22:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2015-02-05 22:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2015-02-05 22:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2015-02-05 22:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2015-02-05 22:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2015-02-05 22:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2015-02-05 22:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2015-02-05 22:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2015-02-05 22:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2015-02-05 22:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2015-02-05 22:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2015-02-05 22:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2015-02-05 22:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2015-02-05 22:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2015-02-05 22:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2015-02-05 22:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2015-02-05 22:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2015-02-05 22:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2015-02-05 22:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2015-02-05 22:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2015-02-05 22:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2015-02-05 22:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2015-02-05 22:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2015-02-05 22:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2015-02-05 22:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2015-02-05 22:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2015-02-05 22:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2015-02-05 22:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2015-02-05 22:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2015-02-05 22:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2015-02-05 22:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2015-02-05 22:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-02-05 22:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-02-05 22:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2015-02-05 22:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2015-02-05 22:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2015-02-05 22:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-02-05 22:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-02-05 22:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-02-05 22:09 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-02-05 22:09 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-02-05 22:09 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-02-05 22:09 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-02-05 22:09 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-02-05 22:09 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll
2015-02-05 22:09 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-02-05 22:09 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-02-05 22:09 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-02-05 22:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-02-05 22:02 - 2015-02-05 22:02 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Gameforge Live
2015-02-05 18:43 - 2015-02-05 18:43 - 00000000 ____D () C:\Program Files\Realtek AC97
2015-02-05 18:35 - 2015-02-18 00:47 - 00000060 _____ () C:\WINDOWS\setupact.log
2015-02-05 18:35 - 2015-02-18 00:25 - 00066755 _____ () C:\WINDOWS\setupapi.log
2015-02-05 18:35 - 2015-02-05 18:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-05 16:58 - 2015-02-18 23:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-04 12:24 - 2015-02-04 12:24 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\LogMeIn
2015-02-04 12:24 - 2015-02-04 12:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-01-31 16:26 - 2015-01-31 16:27 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2015-01-26 19:10 - 2015-01-26 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 15:43 - 2010-08-24 01:29 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2015-02-19 15:38 - 2014-05-12 17:51 - 00000000 ____D () C:\Documents and Settings\User\Application Data\uTorrent
2015-02-19 15:30 - 2014-05-12 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\PMS
2015-02-19 15:29 - 2015-01-08 22:20 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-19 15:29 - 2014-11-28 15:40 - 00294399 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-19 15:28 - 2014-11-29 01:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-19 15:28 - 2014-11-29 01:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-19 15:28 - 2010-08-24 01:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-19 00:06 - 2010-08-24 01:29 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2015-02-19 00:06 - 2010-08-24 01:28 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-18 20:24 - 2014-05-17 16:43 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2015-02-18 16:21 - 2014-05-10 23:30 - 00000600 _____ () C:\Documents and Settings\User\Local Settings\Application Data\PUTTY.RND
2015-02-18 15:34 - 2010-08-23 18:02 - 00321136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-18 00:27 - 2012-03-08 21:48 - 00095440 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-17 23:59 - 2010-08-23 18:01 - 00000239 ___SH () C:\boot.ini
2015-02-17 23:59 - 2001-08-23 05:00 - 00000552 _____ () C:\WINDOWS\win.ini
2015-02-17 23:59 - 2001-08-23 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-17 21:28 - 2014-07-13 23:42 - 00000000 ____D () C:\Program Files\Ncrack
2015-02-16 16:28 - 2001-08-23 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-12 21:31 - 2014-05-20 13:41 - 00035328 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 13:08 - 2014-05-20 13:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\vlc
2015-02-07 13:29 - 2010-08-23 17:57 - 00000000 ____D () C:\WINDOWS\Driver Cache
2015-02-06 16:40 - 2015-01-09 22:07 - 00003438 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2015-02-06 16:37 - 2014-08-07 20:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:11 - 2010-08-24 01:16 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-02-05 22:09 - 2010-12-16 10:12 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-05 18:26 - 2014-06-17 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-02-05 18:26 - 2014-05-10 11:56 - 00000000 ____D () C:\Program Files\Steam
2015-02-05 16:58 - 2014-05-10 11:40 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 16:58 - 2014-05-10 11:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 00:00 - 2010-08-24 01:15 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-04 20:18 - 2010-08-23 18:04 - 00594062 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 19:15 - 2014-06-11 01:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-21 12:50 - 2010-12-12 22:03 - 00002515 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Office Word 2007.lnk
2015-01-21 12:03 - 2015-01-05 19:47 - 00000000 ____D () C:\TRK-INFECTED
2015-01-21 11:21 - 2015-01-05 15:55 - 00026918 _____ () C:\clamscan-hda1.log

==================== Files in the root of some directories =======

2014-11-03 16:02 - 2014-11-03 16:02 - 0138056 _____ () C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2015-01-09 22:47 - 2015-01-09 22:47 - 0000600 _____ () C:\Documents and Settings\User\Application Data\winscp.rnd
2014-05-20 13:41 - 2015-02-12 21:31 - 0035328 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 17:16 - 2014-08-03 17:16 - 0000036 _____ () C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
2014-05-10 23:30 - 2015-02-18 16:21 - 0000600 _____ () C:\Documents and Settings\User\Local Settings\Application Data\PUTTY.RND

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\jna3095871865133021131.dll
C:\Documents and Settings\User\Local Settings\Temp\jna6964007344998545322.dll
C:\Documents and Settings\User\Local Settings\Temp\setup.exe
C:\Documents and Settings\User\Local Settings\Temp\wodCmdTerm.exe
C:\Documents and Settings\User\Local Settings\Temp\{F3DD3CA0-C039-4BC0-876F-B5E4A836E815}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 24 February 2015 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
FF DefaultSearchEngine: DuckDuckGo
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-12]
S3 SDScannerService; "F:\Tools\Spybot\SDFSSvc.exe" [X]
S3 SDUpdateService; "F:\Tools\Spybot\SDUpdSvc.exe" [X]
S2 SDWSCService; "F:\Tools\Spybot\SDWSCSvc.exe" [X]
S0 5ef85e9ab958160e; \SystemRoot\System32\Drivers\5ef85e9ab958160e.sys [X]
S3 ATICDSDr; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ATICDSDr.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S3 SMCWGU(SMC); system32\DRIVERS\SMCWGU.sys [X]
U1 WS2IFSL; No ImagePath
S3 WUSB54GSCV2; system32\DRIVERS\WUSB54GSCV2.sys [X]
S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
C:\Documents and Settings\User\Local Settings\Temp\jna3095871865133021131.dll
C:\Documents and Settings\User\Local Settings\Temp\jna6964007344998545322.dll
C:\Documents and Settings\User\Local Settings\Temp\setup.exe
C:\Documents and Settings\User\Local Settings\Temp\wodCmdTerm.exe
C:\Documents and Settings\User\Local Settings\Temp\{F3DD3CA0-C039-4BC0-876F-B5E4A836E815}.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 02 March 2015 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:08 PM

Posted 04 March 2015 - 12:42 AM

Topic reopened at member's request.

~ OB :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 March 2015 - 12:45 AM

sorry about the delay, i was in the hospital and the thread closed. here is the requested info below:

 

 

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2015
Ran by User at 2015-03-03 19:41:00 Run:1
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available profiles: User & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
FF DefaultSearchEngine: DuckDuckGo
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-12]
S3 SDScannerService; "F:\Tools\Spybot\SDFSSvc.exe" [X]
S3 SDUpdateService; "F:\Tools\Spybot\SDUpdSvc.exe" [X]
S2 SDWSCService; "F:\Tools\Spybot\SDWSCSvc.exe" [X]
S0 5ef85e9ab958160e; \SystemRoot\System32\Drivers\5ef85e9ab958160e.sys [X]
S3 ATICDSDr; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ATICDSDr.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S3 SMCWGU(SMC); system32\DRIVERS\SMCWGU.sys [X]
U1 WS2IFSL; No ImagePath
S3 WUSB54GSCV2; system32\DRIVERS\WUSB54GSCV2.sys [X]
S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
C:\Documents and Settings\User\Local Settings\Temp\jna3095871865133021131.dll
C:\Documents and Settings\User\Local Settings\Temp\jna6964007344998545322.dll
C:\Documents and Settings\User\Local Settings\Temp\setup.exe
C:\Documents and Settings\User\Local Settings\Temp\wodCmdTerm.exe
C:\Documents and Settings\User\Local Settings\Temp\{F3DD3CA0-C039-4BC0-876F-B5E4A836E815}.exe

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com => Moved successfully.
SDScannerService => Service deleted successfully.
SDUpdateService => Service deleted successfully.
SDWSCService => Service deleted successfully.
5ef85e9ab958160e => Service deleted successfully.
ATICDSDr => Service deleted successfully.
cpuz134 => Service deleted successfully.
IntelIde => Service deleted successfully.
SMCWGU(SMC) => Service deleted successfully.
WS2IFSL => Service deleted successfully.
WUSB54GSCV2 => Service deleted successfully.
ZDPSp50 => Service deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\jna3095871865133021131.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jna6964007344998545322.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\setup.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\wodCmdTerm.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\{F3DD3CA0-C039-4BC0-876F-B5E4A836E815}.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog 19:41:02 ====

 

 

 

 

AdwCleaner[Sn].txt

 

 

# AdwCleaner v4.111 - Logfile created 03/03/2015 at 21:52:09
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : User - COMPUTER_1
# Running from : C:\Documents and Settings\User\My Documents\Downloads\adwcleaner_4.111(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Zugo
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v36.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1144 bytes] - [03/03/2015 18:40:12]
AdwCleaner[R1].txt - [1206 bytes] - [03/03/2015 20:57:29]
AdwCleaner[S0].txt - [1141 bytes] - [03/03/2015 21:52:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1200  bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 04 March 2015 - 07:47 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 March 2015 - 02:42 PM

running the above program now. Peerblock is still flooded with all kinds of ap2p, some chinese botnets etc. i dont understand cuz i have a software firewall and a hardware firewall with virus protection. i went to school for IT so i know not to click random links and download random attachments. not sure whats going on here. also appreciate everything bleeping computer does as well.

 

results for security check:

 

 Results of screen317's Security Check version 0.99.97  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Please wait while WMIC is being installed.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java 7 Update 71  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Mozilla Firefox (36.0)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

 

 

 

also, mbam finished saying "Scan Finished, No malware found."


Edited by evilfix, 04 March 2015 - 02:46 PM.


#8 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 March 2015 - 02:52 PM

here is a screen cap of my peer block:

 

1qS51ub.png



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 05 March 2015 - 08:12 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 05 March 2015 - 08:20 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#11 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 05 March 2015 - 02:53 PM

i dont know what the deal is. i clicked your DL links and downloaded it but it wont run.

went to authors page and downloaded again, it wont run/open at all.



#12 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 06 March 2015 - 04:50 AM

i asked a friend of mine to try and run it and it ran fine. i wonder what dependencies it requires?

ive updated flash, java, and .net and still no go.


Edited by evilfix, 06 March 2015 - 05:14 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 06 March 2015 - 09:08 AM

In what folder did you save and run the file.

On your desktop should normally work.

#14 evilfix

evilfix
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 06 March 2015 - 10:15 AM

i ran it in my downloads folder, it created a shortcut on my desktop but it still will not open. no idea why. i see it pop up in proc manager for 1 second then disappears.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,255 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 06 March 2015 - 01:52 PM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users