Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Possible Virus

This is a discussion on Possible Virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I have a few problems. Recently my pc has siezed up and I had to do a hard shutdown. I


Closed Thread
 
Thread Tools Search this Thread
Old 11-21-2015, 01:24 PM   #1
TSF Enthusiast
 
BrentC's Avatar
 
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium



I have a few problems. Recently my pc has siezed up and I had to do a hard shutdown. I got a square green icon on my taskbar which claims to be a Windows Installer Repair. I uninstalled it but then noticed that the icon what still on the taskbar. also, I recieved an email which may have indicated that the virus may have obtained one of my passwords. These issues happened since I downloaded Firefox.

I have had a problem for a long time now in that Windows Installer doesn't work. Also, I have a problem editing with my host's editor. This happens with all my browsers.

Here is the info you want. Thank you.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16717
Run by Brent at 13:10:24 on 2015-11-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.903 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - c:\program files\netscape accelerator\components\NOWImaging.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [Application Restart #3] c:\windows\system32\conime.exe c:\windows\system32\conime.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [20150107] c:\program files\avast software\avast\setup\emupdate\6b83e08b-aca2-4f19-a222-c931e52e76d4.exe /check
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.86\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-6 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-6 208664]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-8-17 95112]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-3-6 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-3-6 435464]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-16 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-6 76000]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-6 146600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-5-26 21504]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-4-10 220752]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-8-17 161472]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-4-10 3218624]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2015-3-31 373312]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2014-12-16 265808]
S3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200vista.sys [2014-1-15 1073216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-3-31 119512]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
2015-11-21 10:25:58 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d35ead6-8481-419c-8285-b18a5396d35a}\offreg.6116.dll
2015-11-20 13:52:15 8991856 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d35ead6-8481-419c-8285-b18a5396d35a}\mpengine.dll
2015-11-16 01:02:56 -------- d-----w- C:\wamp
2015-11-13 00:32:17 -------- d-----w- c:\programdata\TweakBit
2015-11-11 11:43:00 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 1133 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 1133 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 1119 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 11:05:19 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-11-11 11:05:19 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 11:05:18 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 11:04:39 940032 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-11-11 11:04:38 985600 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-11-11 11:04:38 967680 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-11-11 11:04:38 1220608 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-11-11 11:03:49 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 11:01:38 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 11:01:33 281600 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 11:01:32 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-11 11:01:32 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-10-29 22:31:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2015-11-11 04:42:18 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-11 04:42:18 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-06 15:39:03 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-31 18:38:21 367616 ----a-w- c:\windows\system32\html.iec
2015-10-31 18:37:41 1830912 ----a-w- c:\windows\system32\jscript9.dll
2015-10-31 18:36:55 1436160 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-31 18:36:50 1088512 ----a-w- c:\windows\system32\wininet.dll
2015-10-31 18:36:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-31 18:36:35 412672 ----a-w- c:\windows\system32\vbscript.dll
2015-10-31 18:36:33 11776 ----a-w- c:\windows\system32\mshta.exe
2015-10-31 18:36:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-02 21:26:55 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 21:26:55 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 21:26:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 19:54:25 297472 ----a-w- c:\windows\system32\atmfd.dll
2012-08-13 08:58:22 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
============= FINISH: 13:11:33.65 ===============
Attached Files
File Type: txt Attach.txt (3.7 KB, 19 views)
BrentC is offline  
Sponsored Links
Advertisement
 
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:04 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts