Results 1 to 10 of 30

Thread: Possible Virus Please Help

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2014-04-21, 17:27 #1
    danib
    danib is offline
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hello.

    My dad's PC will no update or keep the correct time along with a host of other problems. At first I did not think the issue could be a virus so I set the PC back to factory settings, but nothing has changed as non of the security certificates for websites are correct/ accepted, windows update will still not work and the date and time just will not set.

    Thank you, for your help.

    Below is the DDS.log and the aswMBR log is underneath.

    ___________________________________________________________

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.16575
    Run by Alan at 15:40:01 on 2013-08-12
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1322 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRunOnce: [PCDrProfiler] <no file>
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3} : DHCPNameServer = 192.168.0.1
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-27 1245064]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-27 180272]
    .
    =============== Created Last 30 ================
    .
    2013-08-12 14:07:20 -------- d-----w- c:\users\alan\appdata\local\ATI
    2013-08-12 14:07:14 -------- d-----w- c:\users\alan\appdata\roaming\Symantec
    2013-08-12 14:06:48 -------- d-----w- c:\users\alan\appdata\local\VirtualStore
    2013-08-12 13:54:08 -------- d-sh--we C:\Documents and Settings
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:40:18.56 ===============

    AND HERE IS THE aswMBR LOG

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-12 16:07:19
    -----------------------------
    16:07:19.095 OS Version: Windows 6.0.6000
    16:07:19.095 Number of processors: 2 586 0x6B02
    16:07:19.095 ComputerName: ALAN-PC UserName: Alan
    16:07:19.657 Initialize success
    16:07:42.854 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-12 16:11:43
    -----------------------------
    16:11:43.622 OS Version: Windows 6.0.6000
    16:11:43.622 Number of processors: 2 586 0x6B02
    16:11:43.637 ComputerName: ALAN-PC UserName: Alan
    16:11:44.339 Initialize success
    16:14:31.158 AVAST engine defs: 14042100
    16:18:04.922 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
    16:18:04.937 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
    16:18:05.093 Disk 0 MBR read successfully
    16:18:05.093 Disk 0 MBR scan
    16:18:05.125 Disk 0 unknown MBR code
    16:18:05.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 332744 MB offset 63
    16:18:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 681461235
    16:18:05.203 Disk 0 scanning sectors +703277505
    16:18:05.359 Disk 0 scanning C:\Windows\system32\drivers
    16:18:16.294 Service scanning
    16:18:43.318 Modules scanning
    16:18:47.861 Disk 0 trace - called modules:
    16:18:47.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys USBPORT.SYS usbehci.sys netr73.sys usbhub.sys dxgkrnl.sys atikmdag.sys tcpip.sys NETIO.SYS i8042prt.sys mouclass.sys watchdog.sys
    16:18:47.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c22ad8]
    16:18:47.891 3 ntkrnlpa.exe[81cb07ee] -> nt!IofCallDriver -> [0x8486d710]
    16:18:47.891 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000057[0x83a82910]
    16:18:47.892 7 netr73.sys[8bf24f60] -> nt!IofCallDriver -> \Device\USBPDO-2[0x864c7030]
    16:18:47.892 9 usbhub.sys[8b2ffe61] -> nt!IofCallDriver -> \Device\USBPDO-1[0x85587028]
    16:18:49.219 AVAST engine scan C:\Windows
    16:18:51.052 AVAST engine scan C:\Windows\system32
    16:21:58.324 AVAST engine scan C:\Windows\system32\drivers
    16:22:15.188 AVAST engine scan C:\Users\Alan
    16:22:25.936 File: C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe **INFECTED** Win32:Malware-gen
    16:22:39.539 AVAST engine scan C:\ProgramData
    16:23:31.347 Scan finished successfully
    16:24:32.400 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Documents\MBR.dat"
    16:24:32.415 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"
    Attached Files Attached Files
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules