Jump to content

pc infected with something I think


Recommended Posts

Ok so for the past month or so my PC would freeze up at random times while I was playing any game like wow or quakelive. Today it froze again only this time I couldnt get into windows vista. I got to the windows loading screen but then it would go black and I couldn't get to the login screen. I have a dual boot incase I ever got a virus but my other windows boot had the same problem.

I was able to get on in safe mode and i noticed that my antivir wasn't on and it wouldnt let me update it. (when I tried to update I got a warning that contained chinese text)

So I ran malwarebytes quick scan which didnt find anything so I found this forum and ran DDS. Here is the text and I have attached the "attach" file. Any ideas?

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.6000.16386

Run by C at 12:21:32 on 2011-12-05

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.963 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

D:\podcasts\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Freecorder FLV Service] "e:\program files\freecorder\FLVSrvc.exe" /run

mRunOnce: [Malwarebytes' Anti-Malware] e:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

TCP: DhcpNameServer = 68.87.72.134 68.87.77.134

TCP: Interfaces\{9D7E07EB-AAD3-45CF-92BD-9672FE1ED870} : DhcpNameServer = 68.87.72.134 68.87.77.134

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\c\appdata\roaming\mozilla\firefox\profiles\xdcy6r5l.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.ftp - 0

FF - prefs.js: network.proxy.http - 0

FF - prefs.js: network.proxy.socks - 0

FF - prefs.js: network.proxy.ssl - 0

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-27 64512]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-24 136360]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-24 269480]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-24 66616]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]

S2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-5 366152]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-2 2214504]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-24 22216]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-8-15 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-8-15 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-8-15 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-8-15 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-8-15 25704]

.

=============== Created Last 30 ================

.

2011-12-02 21:48:38 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-12-02 21:48:34 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-11-29 22:49:38 -------- d-----w- c:\users\c\appdata\roaming\IrfanView

2011-11-11 08:29:19 -------- d-----w- c:\programdata\id Software

.

==================== Find3M ====================

.

2011-10-25 09:06:02 245088 ----a-w- c:\windows\WINSTRUN.EXE

2011-09-27 09:30:40 16432 ----a-w- c:\windows\system32\lsdelete.exe

.

============= FINISH: 12:22:00.41 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.