Jump to content

Kenny95

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Or log, rather. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2 Run by Kenny at 13:19:44 on 2013-06-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1536 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Steam\steam.exe C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\tixati\tixati.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file> uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [steelSeries Engine] c:\program files\steelseries\steelseries engine\SteelSeriesEngine.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} - <orphaned> IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - <orphaned> IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{DADAD87D-2C9F-4B08-A890-50B42E0465E1} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - LocalServer32 - <no file> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\kenny\application data\mozilla\firefox\profiles\0cwuph3m.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2013-05-22 14:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\kenny\application data\mozilla\firefox\profiles\0cwuph3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . ============= SERVICES / DRIVERS =============== . R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-5-29 242240] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2013-2-21 54760] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-24 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-24 701512] R3 busenum;SteelBusSvc;c:\windows\system32\drivers\SteelBus.sys [2012-5-22 113664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-24 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-20 40776] R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\drivers\SAlpham.sys [2012-5-21 34304] S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\smr311.sys --> c:\windows\system32\drivers\SMR311.SYS [?] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 AVGIDSAgent;AVGIDSAgent; [x] S4 avgwd;AVG WatchDog; [x] S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; [x] . =============== Created Last 30 ================ . 2013-06-20 04:55:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-06-20 04:02:38 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1486261c-844b-4ca7-bcdd-6eacbdb44f7f}\mpengine.dll 2013-06-18 19:54:39 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-06-10 15:08:58 -------- d-----w- c:\program files\Bethesda Softworks 2013-06-10 14:51:57 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll 2013-06-10 14:51:56 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll 2013-06-10 14:51:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe 2013-06-10 14:51:56 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll 2013-06-10 14:51:55 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll 2013-06-10 14:51:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll 2013-06-10 14:51:53 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll 2013-06-10 14:51:51 -------- d-----w- c:\documents and settings\kenny\local settings\application data\Oblivion 2013-06-10 11:53:51 18096 ----a-w- c:\windows\system32\roboot.exe 2013-06-10 11:51:27 -------- d-----w- c:\program files\Conduit 2013-06-10 11:51:13 -------- d-----w- c:\documents and settings\kenny\local settings\application data\Conduit 2013-06-10 11:47:05 -------- d-----w- c:\program files\Reincubate 2013-06-09 18:49:27 -------- d-----w- c:\documents and settings\kenny\local settings\application data\Skyrim 2013-06-05 01:33:02 -------- d-----w- c:\documents and settings\all users\application data\ProcessLasso 2013-06-05 01:32:26 -------- d-----w- c:\documents and settings\kenny\application data\ProcessLasso 2013-06-05 01:32:25 -------- d-----w- c:\program files\Process Lasso 2013-06-01 20:46:52 -------- d-----w- c:\program files\PR Mumble 2013-06-01 20:27:58 -------- d-----w- c:\documents and settings\kenny\application data\Mumble 2013-06-01 20:21:07 -------- d-----w- c:\program files\Mumble 2013-06-01 19:29:12 -------- d-----w- c:\program files\AutoHotkey 2013-06-01 19:05:18 -------- d-----w- c:\documents and settings\kenny\application data\Mumble(PR Edition) 2013-06-01 19:03:17 -------- d-----w- c:\program files\Mumble(PR Edition) 2013-06-01 16:54:17 -------- d-----w- c:\documents and settings\kenny\local settings\application data\PunkBuster 2013-05-29 17:57:44 -------- d-----w- c:\program files\common files\DirectX 2013-05-29 17:44:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-05-29 17:43:46 -------- d-----w- c:\documents and settings\kenny\application data\DAEMON Tools Lite 2013-05-29 17:43:34 -------- d-----w- c:\program files\DAEMON Tools Lite 2013-05-29 17:42:52 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite 2013-05-22 21:19:40 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll . ==================== Find3M ==================== . 2013-06-18 06:15:00 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-06-18 06:14:41 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr 2013-06-18 06:14:41 281768 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-06-18 05:19:38 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0 2013-06-11 21:59:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 21:59:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-01 19:06:40 139152 ----a-w- c:\documents and settings\kenny\application data\PnkBstrK.sys 2013-06-01 19:06:19 794408 ----a-w- c:\windows\system32\pbsvc.exe 2013-05-16 02:48:39 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2013-05-09 20:28:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-09 20:28:21 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-05-09 20:28:20 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-09 20:28:20 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll 2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec 2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 13:00:18 113664 ----a-w- c:\windows\system32\drivers\SteelBus.sys 2013-04-26 13:00:12 34304 ----a-w- c:\windows\system32\drivers\SAlpham.sys 2013-04-15 09:50:32 113608 ----a-w- c:\windows\system32\drivers\scdemu.sys 2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 13:20:13.09 ===============
  2. I have Malwarbytes Pro and I'm infected, apparently being attacked, by a virus labeled PUP.InstallBrain. I'm not sure if that's the only thing I'm infected with, but with every scan three PUP.InstallBrain viruses are quaranteened. They come back pretty quickly, and Malwarebytes keeps notifying me that I'm being accessed by an IP in either Russia or the Ukraine about every ten minutes. I'll post the logs as requested...
  3. This happens regularly on my Dell Inspiron 1720, Windows Explorer starts running poorly and then starts to freeze. Then other programs slowly start to malfunction. Now, my computer freezes once it is on for ten seconds if not in safe mode, doesn't have connection to the internet in safe mode, and freezes when I defrag or virus scan, with either Hitman Demo or Malwarebytes Pro. Specs -Dell Insprion 1720 Revision 6 or 7 -Windows Vista Home Premium -Malwarebytes -Vuze -Firefox This happens to every hard drive after a few years, I've had two and restored three times. I was also under Norton for the previous 2 years, and the exact same thing happened. No viruses were identified other than a trojan that we deleted, and some spyware. What do you think is wrong? CI fix it within my dysfunctional computer? If not, should I take it to a specialist? Why doest this keep recurring? Thanks, Ken
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.