TechSpot

Freezing computer

By Peoplezz
Aug 15, 2011
  1. mozilla firefox keep freezing on me and wont restart
    something is not right (again)

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7474

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    17/08/2011 03:21:15
    mbam-log-2011-08-17 (03-21-15).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 224243
    Time elapsed: 56 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ------
     
  2. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    am waiting for gmer to run and its been a wjhile, any chance my computer could been attacked when i didnt have any firewall or AV enabled?
     
  3. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-17 03:49:29
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
    Running: 7ridfuwc.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 86E535B0 ZwAlertResumeThread
    SSDT 86E53690 ZwAlertThread
    SSDT 86E53F80 ZwAllocateVirtualMemory
    SSDT 8660F2E0 ZwAlpcConnectPort
    SSDT 86F10D40 ZwAssignProcessToJobObject
    SSDT 86E53300 ZwCreateMutant
    SSDT 86F10A60 ZwCreateSymbolicLinkObject
    SSDT 86761480 ZwCreateThread
    SSDT 86F10E20 ZwDebugActiveProcess
    SSDT 86761188 ZwDuplicateObject
    SSDT 86E53DC0 ZwFreeVirtualMemory
    SSDT 86E533F0 ZwImpersonateAnonymousToken
    SSDT 86E534D0 ZwImpersonateThread
    SSDT 865F24D0 ZwLoadDriver
    SSDT 86E53CC0 ZwMapViewOfSection
    SSDT 86E53220 ZwOpenEvent
    SSDT 86761368 ZwOpenProcess
    SSDT 867610A8 ZwOpenProcessToken
    SSDT 86E53060 ZwOpenSection
    SSDT 86761278 ZwOpenThread
    SSDT 86F10C50 ZwProtectVirtualMemory
    SSDT 86E53770 ZwResumeThread
    SSDT 86E53A10 ZwSetContextThread
    SSDT 86E53AF0 ZwSetInformationProcess
    SSDT 86F10F00 ZwSetSystemInformation
    SSDT 86E53140 ZwSuspendProcess
    SSDT 86E53850 ZwSuspendThread
    SSDT 86761560 ZwTerminateProcess
    SSDT 86E53930 ZwTerminateThread
    SSDT 86E53BE0 ZwUnmapViewOfSection
    SSDT 86E53EB0 ZwWriteVirtualMemory
    SSDT 86F10B50 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 81AFE8A0 8 Bytes [B0, 35, E5, 86, 90, 36, E5, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 81AFE8B4 4 Bytes [80, 3F, E5, 86]
    .text ntkrnlpa.exe!KeSetEvent + 13D 81AFE8C0 4 Bytes [E0, F2, 60, 86]
    .text ntkrnlpa.exe!KeSetEvent + 191 81AFE914 4 Bytes [40, 0D, F1, 86]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 81AFE978 4 Bytes [00, 33, E5, 86] {ADD [EBX], DH; IN EAX, 0x86}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\real\realplayer\Update\realsched.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 76CCA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2120] ntdll.dll!LdrLoadDll 772193A8 5 Bytes JMP 00D91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!SetWindowLongA 75D8E7CD 5 Bytes JMP 6E40F0D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!SetWindowLongW 75D913B4 5 Bytes JMP 6E40F069 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!GetWindowInfo 75D9428E 5 Bytes JMP 6E2256CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!TrackPopupMenu 75DA14F3 5 Bytes JMP 6E225CE7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  4. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
    Run by Chris at 3:50:17 on 2011-08-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1485 [GMT 1:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\wsqmcons.exe
    C:\PROGRA~1\Java\jre7\bin\jp2launcher.exe
    C:\Program Files\Java\jre7\bin\java.exe
    C:\Users\Chris\Downloads\7ridfuwc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.visagecomputers.co.uk/
    uStart Page = hxxp://www.visagecomputers.co.uk/
    uWindow Title = Visage Computers
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
    TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\3jxbff1v.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-17 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-17 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-17 815736]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110812.030\IDSvix86.sys [2011-8-12 367736]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-17 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-8-17 331384]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-8-17 130008]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-17 105592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-17 00:00:41 -------- d-----w- c:\program files\common files\xing shared
    2011-08-16 23:46:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-16 23:42:49 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
    2011-08-16 23:42:43 -------- d-----w- c:\program files\Secunia
    2011-08-16 23:42:37 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
    2011-08-16 23:42:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 23:42:23 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 23:42:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-16 23:42:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 23:26:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-08-16 23:24:37 -------- d-----w- c:\users\chris\appdata\local\Adobe
    2011-08-16 23:22:26 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-16 23:18:32 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
    2011-08-16 23:18:32 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
    2011-08-16 23:18:31 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
    2011-08-16 23:18:31 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
    2011-08-16 23:18:31 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
    2011-08-16 23:18:31 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
    2011-08-16 23:18:31 -------- d-----w- c:\program files\FileHippo.com
    2011-08-16 23:18:30 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
    2011-08-16 23:18:10 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
    2011-08-15 23:46:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-08-15 23:45:59 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-08-15 23:45:59 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-08-15 23:45:57 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-08-15 23:45:57 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-15 23:45:57 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-08-15 23:45:54 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-08-15 23:45:51 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-08-15 23:45:51 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-08-15 23:45:47 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-15 23:45:46 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-15 23:45:46 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-15 23:40:40 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-08-15 23:36:55 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-08-15 23:36:55 -------- d-----w- c:\program files\Symantec
    2011-08-15 23:36:55 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-08-15 23:36:16 -------- d-----w- c:\windows\system32\drivers\NIS
    2011-08-15 23:36:14 -------- d-----w- c:\program files\Norton Internet Security
    2011-08-15 23:36:13 -------- d-----w- c:\programdata\Norton
    2011-08-15 23:36:04 -------- d-----w- c:\program files\NortonInstaller
    2011-08-15 23:36:03 -------- d-----w- c:\programdata\NortonInstaller
    .
    ==================== Find3M ====================
    .
    2011-08-17 00:00:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-08-17 00:00:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 3:50:38.55 ===============
     
  5. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/02/2011 10:32:19
    System Uptime: 17/08/2011 02:14:34 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0K216C
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 260.57 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP16: 16/08/2011 00:33:37 - Windows Update
    RP17: 16/08/2011 00:47:13 - Windows Update
    RP18: 17/08/2011 00:09:23 - Windows Update
    RP19: 17/08/2011 00:21:37 - Installed Java(TM) 7
    RP20: 17/08/2011 00:23:53 - Installed Adobe Reader X (10.1.0).
    RP21: 17/08/2011 00:25:56 - Windows Update
    RP22: 17/08/2011 00:40:20 - Windows Update
    RP23: 17/08/2011 00:46:10 - Windows Update
    RP24: 17/08/2011 00:55:51 - Installed Java(TM) 6 Update 26
    RP25: 17/08/2011 01:09:29 - Installed Windows Media Player Firefox Plugin
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    EasyBCD 1.7
    ffdshow [rev 2180] [2008-10-04]
    FileHippo.com Update Checker
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 7
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 5.0.1 (x86 en-GB)
    Nero 7 Lite 7.10.1.2
    Norton Internet Security
    PowerDVD
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Windows Live installer
    Windows Live Messenger
    Windows Media Player Firefox Plugin
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/08/2011 02:15:12, Error: EventLog [6008] - The previous system shutdown at 02:13:55 on 17/08/2011 was unexpected.
    17/08/2011 00:25:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    17/08/2011 00:25:39, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17/08/2011 00:25:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    17/08/2011 00:03:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows Vista (KB2509553).
    16/08/2011 23:58:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2509553 (Security Update) into Resolved(Resolved) state
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Same computer as the one we cleaned 3 weeks ago?

    Is Firefox issue your only problem?
     
  7. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    sadly yes something isnt right
    the computer is slow and unresponsive too
    adobe keeps crashing as well
    my logs ok?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't see anything suspicious so far.

    Let's run one more scan...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    will do downloaded combofix and my virus scanned it and before I had chance to open it and disable my AV, norton told me it was a trojan.adh.2?
     
  10. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    ComboFix 11-08-16.05 - Chris 16/08/2011 23:19:29.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1691 [GMT 1:00]
    Running from: c:\users\Chris\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-17 00:37 . 2011-08-17 00:37 -------- d-----w- c:\users\Chris\AppData\Roaming\CyberLink
    2011-08-17 00:00 . 2011-08-17 00:00 -------- d-----w- c:\program files\Common Files\xing shared
    2011-08-16 23:59 . 2011-08-17 00:00 -------- d-----w- c:\program files\real
    2011-08-16 23:46 . 2011-08-17 00:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\users\Chris\AppData\Local\Secunia PSI
    2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\program files\Secunia
    2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
    2011-08-16 23:42 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 23:42 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-16 23:39 . 2011-08-16 23:39 -------- d-----w- c:\windows\Sun
    2011-08-16 23:26 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-08-16 23:24 . 2011-08-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe
    2011-08-16 23:24 . 2011-08-16 12:33 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
    2011-08-16 23:22 . 2011-08-16 23:22 -------- d-----w- c:\program files\Common Files\Java
    2011-08-16 23:22 . 2011-08-16 23:22 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-16 23:19 . 2011-08-16 23:19 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla
    2011-08-16 23:18 . 2011-08-16 23:18 -------- d-----w- c:\program files\FileHippo.com
    2011-08-16 22:22 . 2011-08-16 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-15 23:46 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-08-15 23:45 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-08-15 23:45 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-08-15 23:45 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-15 23:45 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-08-15 23:45 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-08-15 23:45 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-08-15 23:45 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-08-15 23:45 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-08-15 23:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-15 23:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-15 23:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-15 23:40 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-08-15 23:36 . 2011-08-16 23:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-08-15 23:36 . 2011-08-16 23:18 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-08-15 23:36 . 2011-08-16 23:18 -------- d-----w- c:\program files\Symantec
    2011-08-15 23:36 . 2011-08-16 23:37 -------- d-----w- c:\windows\system32\drivers\NIS
    2011-08-15 23:36 . 2011-08-15 23:36 -------- d-----w- c:\program files\Norton Internet Security
    2011-08-15 23:36 . 2011-08-15 23:37 -------- d-----w- c:\programdata\Norton
    2011-08-15 23:36 . 2011-08-15 23:36 -------- d-----w- c:\program files\NortonInstaller
    2011-08-15 23:35 . 2011-08-15 23:35 -------- d-----w- c:\program files\Microsoft.NET
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-17 00:00 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-08-17 00:00 . 2008-10-23 12:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-08 07:31 . 2011-08-16 23:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-08-17 273544]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-10 43520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-22 815736]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110815.030\IDSvix86.sys [2011-08-12 367736]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-16 105592]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.visagecomputers.co.uk/
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3jxbff1v.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-16 23:24
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-16 23:26:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-16 22:26
    .
    Pre-Run: 273,366,630,400 bytes free
    Post-Run: 273,264,934,912 bytes free
    .
    - - End Of File - - C241156BEE8D296E1B010743AFBAA63F
     
  11. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    is this the right rkill log?

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 16/08/2011 at 23:28:58.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    \\?\C:\Windows\system32\wbem\WMIADAP.EXE


    Rkill completed on 16/08/2011 at 23:29:04.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Nothing there....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  13. Peoplezz

    Peoplezz TS Rookie Topic Starter Posts: 65

    thanks dude
    i`ll try not to bother you again!!

    :)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Not to worry :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...