Possible Malware Infection

View previous topic View next topic Go down

Solved Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 9:02 pm

My computer sometimes randomly freezes and I'll have to restart it, and even after I restart it, it won't start up right and I'll have to do a system restore. I just recently got an error message that told me the computer had to shut down to prevent further damage and to search my computer for viruses.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:45 PM, on 1/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7357 bytes

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Belahzur on 25th January 2009, 9:21 pm

Hello.
HJT log looks fine, do an MBAM scan and report back with the log.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 9:35 pm

Malwarebytes' Anti-Malware 1.33
Database version: 1693
Windows 6.0.6001 Service Pack 1

1/25/2009 4:34:30 PM
mbam-log-2009-01-25 (16-34-30).txt

Scan type: Quick Scan
Objects scanned: 47921
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hmm, it may not be virus related. I've noticed that this problem only happens when I'm playing games.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Belahzur on 25th January 2009, 9:38 pm

Ah.
Then there really isn't much we can do.

If your current graphics card isn't powerful enough to handle whatever games you playing, then the only option is to get a better graphics card.

I would recommend the GT9800 512/1GB RAM graphics card.

What are your current specs?


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 9:42 pm

I have a GeForce 8500 GT 256MB

It used to play games fine, but starting a few months ago, it'll play them for about 5 seconds - 1 minutes depending on the game, then freeze.

And it just keeps getting worse. It's gotten to the point now where I can't even play runescape without it freezing.

I've tried every possible solution, but I guess my only choice is to get a new video card.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 9:48 pm

I'm thinking that this line in the HJT log:

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

May have something to do with it.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Belahzur on 25th January 2009, 9:52 pm

Maybe not a new video card, maybe a drivers update.

That HJT line is legit, killing that file may have unknown effects, so don't touch it.

Moving this to hardware now, since it's not malware.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 9:55 pm

I've tried updating it too, didn't work.

I've even tried completely uninstalling my driver and reinstalling the latest one and it still doesn't work. Maybe the video card is just fried.

Are you familiar with this error?


This is the error I get whenever it freezes.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Belahzur on 25th January 2009, 10:10 pm

Thanks for the screenshot, because we have the driver name now.
I'm not genius with hardware, that's why I specialize in malware removal. LMBO or ROFL

If you can wait for Doctor to get online (should be about 4hrs-ish from now) he might be able to tell us more, I know next to nothing about hardware mixed with software, I'm more likely to kill something than fix it.
LMBO or ROFL


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 25th January 2009, 10:12 pm

Haha, no problem. Thanks Smile

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Doctor Inferno on 26th January 2009, 3:27 am

Hello I have 3 solutions to your problem.

First, I don't think it has anything to do with the driver, so let's update your nVidia ForceWare. Make sure you uninstall any old versiosn of the ForceWare if you have any installed. Download it from here. Install it. Problem should be solved now.

If it doesn't help, download this reliability update patch by Microsoft from here and run it.

If it still doesn't work, open the nVidia Control Panel >> Select Advanced 3D Settings >> Search for the game you have >> Select (where possible) application controlled.

If it still doesn't solve your problem, I have some more solutions for your problem.


Please be a GeekPolice fan on Facebook!



Have we helped you? Help us! | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 27th January 2009, 11:50 pm

For the first solution you stated, I get the following error when I attempt to install it:



For the second solution, I get this error:



And the third solution doesn't work either. I still get the same error.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 28th January 2009, 5:12 am

Also note that the game's graphics flicker and begin to pixelate before it freezes and gives me the display driver failure error. This dispends on the game, though.

For instance, on games with good graphics such as World of Warcraft or Guild Wars, it will flicker, pixelate then freeze.

On games that have lesser graphics such as Warcraft 3 or Runescape, the graphics will just flicker then freeze.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Doctor Inferno on 28th January 2009, 9:25 am

The driver doesn't seem to recognise your system. Did this computer come with Vista or XP?


Please be a GeekPolice fan on Facebook!



Have we helped you? Help us! | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 28th January 2009, 12:33 pm

It came with Vista.

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Doctor Inferno on 28th January 2009, 1:07 pm

I did a search and found that this is nvidia's fault. It has been happening with the graphic card series which is the same as yours. Nothing much I can do about this.

I suggest you contact nvidia and see what they can do.

http://www.nvidia.com/object/support_aic.html


Please be a GeekPolice fan on Facebook!



Have we helped you? Help us! | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Possible Malware Infection

Post by Astrobiologist on 28th January 2009, 4:47 pm

Ahh, thanks. I appreciate the help. Smile

Astrobiologist
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-01-01
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum