Author Topic: computer or vista malware problems (Read 3906 times)

avaricewillkillu · « **on:** September 01, 2009, 09:38:23 PM »

My computer keeps freezing up and sometimes the buttons dont work, and sometimes i need to restart maually, here is the quick report from everest

--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]------------------------------------------------------------

Version EVEREST v2.20.405
Homepage http://www.lavalys.com/
Report Type Quick Report
Computer KYLEPC
Generator Kyle
Operating System Microsoft Windows Vista Home Edition 6.0.6001 (WinVista Beta)
Date 2009-09-01
Time 23:32

--------[ Summary ]-----------------------------------------------------------------------------------------------------

Computer:
Operating System Microsoft Windows Vista Home Edition
OS Service Pack -
DirectX 4.09.00.0904 (DirectX 9.0c)
Computer Name KYLEPC
User Name Kyle

Motherboard:
CPU Type Intel Pentium III Xeon, 2600 MHz
Motherboard Name Unknown
Motherboard Chipset Unknown
System Memory 6133 MB
BIOS Type Unknown

Display:
Video Adapter Intel(R) G33/G31 Express Chipset Family (320 MB)
Monitor HP 2009 Series Wide LCD Monitor [NoDB] (3CQ92210DM)

Multimedia:
Audio Adapter High Definition Audio Controller [NoDB]

Storage:
SCSI/RAID Controller Intel(R) ICH8R/ICH9R/ICH10R/DO SATA RAID Controller
SCSI/RAID Controller Microsoft iSCSI Initiator
Disk Drive SAMSUNG HD642JJ (596 GB, IDE)
Disk Drive Generic- Compact Flash USB Device
Disk Drive Generic- MS/MS-Pro USB Device
Disk Drive Generic- SD/MMC USB Device
Disk Drive Generic- SM/xD-Picture USB Device
Optical Drive HL-DT-ST DVD-RAM GH40L
SMART Hard Disks Status OK

Partitions:
C: (NTFS) 596475 MB (511383 MB free)
D: (NTFS) 14001 MB (1973 MB free)
Total Size 596.2 GB (501.3 GB free)

Input:
Keyboard HID Keyboard Device
Mouse HID-compliant mouse
Game Controller Microsoft PC-joystick driver
Game Controller Microsoft PC-joystick driver

Network:
Network Adapter Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC (134.82.188.242)
Modem Agere Systems PCI-SV92EX Soft Modem

Peripherals:
Printer HP Deskjet F4400 series
Printer Microsoft XPS Document Writer
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2934 [NoDB]
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2935 [NoDB]
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2936 [NoDB]
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2937 [NoDB]
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2938 [NoDB]
USB1 Controller Intel(R) ICH9 Family USB Universal Host Controller - 2939 [NoDB]
USB2 Controller Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A [NoDB]
USB2 Controller Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C [NoDB]
USB Device HP Deskjet F4400 (DOT4USB)
USB Device HP Deskjet F4400
USB Device USB Composite Device
USB Device USB Composite Device
USB Device USB Human Interface Device
USB Device USB Human Interface Device
USB Device USB Human Interface Device
USB Device USB Human Interface Device
USB Device USB Mass Storage Device
USB Device USB Printing Support

Karnac · « **Reply #1 on:** September 02, 2009, 07:40:17 AM »

You'll have to go here....

http://www.computerhope.com/forum/index.php/topic,46313.0.html

If you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.
If you have difficulty, you may have to run them in safe mode, tap F8 at start, .
If you have difficulty, you may have to rename the programs when you save them.
If you get stuck on a step, proceed to the next .

Post the logs for step 3,4 and 6.

avaricewillkillu · « **Reply #2 on:** September 02, 2009, 05:54:45 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2009 at 06:27 PM

Application Version : 4.27.1002

Core Rules Database Version : 4082
Trace Rules Database Version: 2022

Scan type : Complete Scan
Total Scan Time : 01:30:53

Memory items scanned : 744
Memory threats detected : 0
Registry items scanned : 6847
Registry threats detected : 0
File items scanned : 155945
File threats detected : 0

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 6.0.6001 Service Pack 1

9/2/2009 7:42:45 PM
mbam-log-2009-09-02 (19-42-45).txt

Scan type: Quick Scan
Objects scanned: 79301
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:38 PM, on 9/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\PROGRA~2\MICROS~3\WkDStore.exe
C:\PROGRA~2\MICROS~3\wkgdcach.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~2\MICROS~3\WksWP.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HJT\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~2\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: SafeConnect.lnk = ?
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 1244163591SsTR (.1244163591SsTR) - Unknown owner - C:\ProgramData\Webroot\Kyle084408.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dlbk_device - Unknown owner - C:\Windows\system32\dlbkcoms.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

Karnac · « **Reply #3 on:** September 02, 2009, 06:00:56 PM »

Here is the link to the process tool analysis of your HJT log.

http://www.computerhope.com/cgi-bin/process.pl?o=2165857

Follow the directions for cleaning.....

Computer Hope Forum

News:

Author Topic: computer or vista malware problems (Read 3906 times)

avaricewillkillu

computer or vista malware problems

Karnac

Re: computer or vista malware problems

avaricewillkillu

Re: computer or vista malware problems

Karnac

Re: computer or vista malware problems