computer freezes up frequently

View previous topic View next topic Go down

computer freezes up frequently

Post by aginewyork on 27th July 2009, 5:18 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:42 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_13\bin\jucheck.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark Yakubov\Desktop\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 4316 bytes

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 27th July 2009, 9:08 pm


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 3rd August 2009, 6:39 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Alpha Card 4.1
Ambush DVR Client
Dell Resource CD
Digital Line Detect
FXCM Trading Station II
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Java 2 Runtime Environment, SE v1.4.2_13
Macromedia Fireworks MX
Microsoft Office Professional Edition 2003
PowerDVD
RapNet 06
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Spybot - Search & Destroy
TomTom HOME 2.5.2.60
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC_MergeModuleToMSI
Windows Installer 3.1 (KB893803)

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 3rd August 2009, 6:40 pm

and everytime i run spybot it freezes in the middle and i have to unplug the computer from the back i even did a system restore back to April and still the same problem please help me

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 3rd August 2009, 7:44 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment, SE v1.4.2_13

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 3rd August 2009, 8:09 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/3/2009 4:09:23 PM
mbam-log-2009-08-03 (16-09-23).txt

Scan type: Quick Scan
Objects scanned: 125097
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mark Yakubov\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\MSIVXeeptcqwbwempqxbkwpdqomqxylkrdivj.sys (Trojan.Agent) -> Quarantined and deleted successfully.

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 3rd August 2009, 8:33 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 4th August 2009, 10:42 pm

ComboFix 09-08-04.02 - Mark Yakubov 08/04/2009 18:38.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3061.2620 [GMT -4:00]
Running from: c:\documents and settings\Mark Yakubov\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3524161867-3082224382-1529402777-1005
c:\recycler\S-1-5-21-3524161867-3082224382-1529402777-500
c:\windows\Installer\1a543.msi

.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 20:30 . 2009-08-03 20:30 -------- d-sh--w- c:\documents and settings\Mark Yakubov\IECompatCache
2009-08-03 20:20 . 2009-07-19 22:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-03 20:20 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-03 20:20 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-03 20:20 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-03 20:20 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-03 20:20 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-03 20:20 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-03 20:04 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:04 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 17:19 . 2009-07-27 17:19 -------- d-----w- c:\documents and settings\Mark Yakubov\Local Settings\Application Data\Downloaded Installations
2009-07-27 17:10 . 2009-07-27 17:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-27 17:05 . 2009-07-27 17:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-23 14:44 . 2009-07-23 14:44 -------- d-sh--w- c:\documents and settings\Mark Yakubov\PrivacIE
2009-07-23 14:43 . 2009-07-23 14:43 -------- d-sh--w- c:\documents and settings\Mark Yakubov\IETldCache
2009-07-23 14:06 . 2009-07-23 14:07 -------- d-----w- c:\windows\ie8updates
2009-07-23 14:06 . 2009-07-27 18:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-23 14:06 . 2009-07-27 17:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-23 14:05 . 2009-08-03 20:19 -------- dc-h--w- c:\windows\ie8
2009-07-15 18:29 . 2009-07-15 18:29 -------- d-----w- c:\windows\system32\scripting
2009-07-15 18:29 . 2009-07-15 18:29 -------- d-----w- c:\windows\l2schemas
2009-07-15 18:27 . 2009-07-15 18:27 -------- d-----w- c:\windows\ServicePackFiles
2009-07-15 18:19 . 2009-07-15 18:19 -------- d-----w- c:\program files\MSECache
2009-07-14 20:25 . 2009-07-14 20:25 152576 ----a-w- c:\documents and settings\Mark Yakubov\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-14 20:20 . 2009-07-14 20:20 -------- d-----w- c:\documents and settings\Mark Yakubov\Application Data\Malwarebytes
2009-07-14 20:20 . 2009-08-03 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:20 . 2009-07-14 20:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 22:02 . 2008-07-21 18:23 -------- d-----w- c:\program files\RapNet 06
2009-08-03 20:03 . 2008-05-15 23:11 -------- d-----w- c:\program files\Java
2009-08-03 18:37 . 2008-08-26 17:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-28 14:21 . 2008-08-26 18:07 64952 ----a-w- c:\documents and settings\Mark Yakubov\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 17:10 . 2009-05-05 22:30 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-27 17:09 . 2009-06-30 16:25 -------- d-----w- c:\program files\Ultra Electronics Ltd
2009-07-15 18:30 . 2008-08-26 16:48 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-06 20:29 . 2008-05-15 23:22 -------- d-----w- c:\program files\Citrix
2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 16:31 . 2009-06-30 16:31 -------- d-----w- c:\program files\Alpha Card Systems
2009-06-16 14:55 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Ambush Technologies\\Ambush DVR Client\\HKDVRClient.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-04 18:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-04 18:42
ComboFix-quarantined-files.txt 2009-08-04 22:42
ComboFix2.txt 2009-07-23 14:15
ComboFix3.txt 2009-07-14 20:10
ComboFix4.txt 2009-07-14 20:02
ComboFix5.txt 2009-08-04 22:37

Pre-Run: 293,911,457,792 bytes free
Post-Run: 294,070,980,608 bytes free

103 --- E O F --- 2009-08-03 20:21

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 5th August 2009, 5:47 pm

Post a new Hijack This log now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 5th August 2009, 9:54 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:51 PM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Ambush Technologies\Ambush DVR Client\HKDVRClient.exe
C:\Documents and Settings\Mark Yakubov\Local Settings\Temporary Internet Files\Content.IE5\I8KMU3SI\winlogon[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 3900 bytes

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 6th August 2009, 3:28 pm

Hello.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


  • Press "Fix Checked"
  • Close Hijack This.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 6th August 2009, 7:42 pm

Avira AntiVir Personal
Report file date: Thursday, August 06, 2009 13:42

Scanning for 1616128 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : AGI

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 8/3/2009 17:40:40
ANTIVIR3.VDF : 7.1.5.81 395776 Bytes 8/6/2009 17:40:45
Engineversion : 8.2.0.240
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 8/6/2009 17:40:59
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 8/6/2009 17:40:56
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 14:59:39
AEGEN.DLL : 8.1.1.54 356723 Bytes 8/6/2009 17:40:47
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Thursday, August 06, 2009 13:42

Starting search for hidden objects.
'52286' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
24 processes with 24 modules were scanned

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 6th August 2009, 7:42 pm

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Sinowal.E boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/Sinowal.E boot sector virus
[NOTE] The boot sector was not written!

Starting to scan executable files (registry).

The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\Program Files\Antivirus Agent Pro\aap.exe.vir
[DETECTION] Contains recognition pattern of the SPR/Fraud.AntivirAg program
C:\Qoobox\Quarantine\C\WINDOWS\system32\brastia.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXkcknlvaftixuweshtfmgkobrcyargbjc.dll.vir
[DETECTION] Is the TR/TDss.yuz Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXvsbrrnsfvxthcxrloyoxnteppbnmpcwd.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\MSIVXeeptcqwbwempqxbkwpdqomqxylkrdivj.sys.vir
[DETECTION] Is the TR/CryptRedol.73216.1 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir
[DETECTION] Is the TR/Dldr.Bredol.AA.2 Trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP65\A0002889.dll
[DETECTION] Is the TR/Monder.gky Trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP65\A0002905.dll
[DETECTION] Is the TR/Monder.glx Trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0002970.cpl
[DETECTION] Is the TR/FakeAV.BB Trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0002978.exe
[DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.BN phishing file/email
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0003074.exe
[DETECTION] Is the TR/Starter.FF Trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0003075.exe
[DETECTION] Is the TR/Starter.FF Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008214.sys
[DETECTION] Is the TR/CryptRedol.73216.1 Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008215.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008216.dll
[DETECTION] Is the TR/TDss.yuz Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008374.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008397.exe
[DETECTION] Is the TR/Dldr.Agent.czz Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008420.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008421.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008422.exe
[DETECTION] Is the TR/Dldr.Bredol.AA.2 Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008509.exe
[DETECTION] Is the TR/TDss.aisc Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008573.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP342\A0042180.exe
[DETECTION] Is the TR/Dldr.Agent.czz Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044185.exe
[DETECTION] Is the TR/TDss.aisc Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044186.dll
[DETECTION] Is the TR/TDss.yuz Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044187.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP352\A0075162.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP352\A0075163.sys
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\Program Files\Antivirus Agent Pro\aap.exe.vir
[DETECTION] Contains recognition pattern of the SPR/Fraud.AntivirAg program
[NOTE] The file was moved to '4aeb24c9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\brastia.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4adc24da.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXkcknlvaftixuweshtfmgkobrcyargbjc.dll.vir
[DETECTION] Is the TR/TDss.yuz Trojan
[NOTE] The file was moved to '4ac424bb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXvsbrrnsfvxthcxrloyoxnteppbnmpcwd.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4bb58b94.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ae024ce.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\MSIVXeeptcqwbwempqxbkwpdqomqxylkrdivj.sys.vir
[DETECTION] Is the TR/CryptRedol.73216.1 Trojan
[NOTE] The file was moved to '4ac424bc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir
[DETECTION] Is the TR/Dldr.Bredol.AA.2 Trojan
[NOTE] The file was moved to '4aea24db.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP65\A0002889.dll
[DETECTION] Is the TR/Monder.gky Trojan
[NOTE] The file was moved to '4aab2499.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP65\A0002905.dll
[DETECTION] Is the TR/Monder.glx Trojan
[NOTE] The file was moved to '4b2a958a.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0002970.cpl
[DETECTION] Is the TR/FakeAV.BB Trojan
[NOTE] The file was moved to '49d72d0a.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0002978.exe
[DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.BN phishing file/email
[NOTE] The file was moved to '4bd6b56a.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0003074.exe
[DETECTION] Is the TR/Starter.FF Trojan
[NOTE] The file was moved to '492a14e2.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP67\A0003075.exe
[DETECTION] Is the TR/Starter.FF Trojan
[NOTE] The file was moved to '49291cda.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008214.sys
[DETECTION] Is the TR/CryptRedol.73216.1 Trojan
[NOTE] The file was moved to '49286492.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008215.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '492b0c2a.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP325\A0008216.dll
[DETECTION] Is the TR/TDss.yuz Trojan
[NOTE] The file was moved to '492e6b02.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008374.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '492d73fa.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008397.exe
[DETECTION] Is the TR/Dldr.Agent.czz Trojan
[NOTE] The file was moved to '492f634a.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008420.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4921521a.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008421.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '492c7bb2.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008422.exe
[DETECTION] Is the TR/Dldr.Bredol.AA.2 Trojan
[NOTE] The file was moved to '49224a22.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008509.exe
[DETECTION] Is the TR/TDss.aisc Trojan
[NOTE] The file was moved to '49205ad2.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP326\A0008573.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4927a28a.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP342\A0042180.exe
[DETECTION] Is the TR/Dldr.Agent.czz Trojan
[NOTE] The file was moved to '4926a942.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044185.exe
[DETECTION] Is the TR/TDss.aisc Trojan
[NOTE] The file was moved to '493b81aa.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044186.dll
[DETECTION] Is the TR/TDss.yuz Trojan
[NOTE] The file was moved to '4924b9f2.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP343\A0044187.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4aab249a.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP352\A0075162.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4923426b.qua'!
C:\System Volume Information\_restore{D8825469-C56A-4D51-8B19-568AE5D68A4D}\RP352\A0075163.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4939905b.qua'!


End of the scan: Thursday, August 06, 2009 14:43
Used time: 39:02 Minute(s)

The scan has been done completely.

7872 Scanned directories
451349 Files were scanned
31 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
29 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
451319 Files not concerned
4991 Archives were scanned
2 Warnings
31 Notes
52286 Objects were scanned with rootkit scan
0 Hidden objects were found

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Origin on 6th August 2009, 8:03 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 7th August 2009, 2:42 pm

GMER 1.0.15.15020 [wx9311gr.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-07 10:39:34
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT BA6DB7DE ZwCreateKey
SSDT BA6DB7D4 ZwCreateThread
SSDT BA6DB7E3 ZwDeleteKey
SSDT BA6DB7ED ZwDeleteValueKey
SSDT BA6DB7F2 ZwLoadKey
SSDT BA6DB7C0 ZwOpenProcess
SSDT BA6DB7C5 ZwOpenThread
SSDT BA6DB7FC ZwReplaceKey
SSDT BA6DB7F7 ZwRestoreKey
SSDT BA6DB7E8 ZwSetValueKey
SSDT BA6DB7CF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FA0 8050483C 4 Bytes CALL 750AB5F8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00CB2B80
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00CB2B3D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00CB2B01
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CB2AE6
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CB2972
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CB2A64
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CB29AA
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CB29E2
.text C:\Program Files\Messenger\msmsgs.exe[160] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00F02B80
.text C:\Program Files\Messenger\msmsgs.exe[160] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00F02B3D
.text C:\Program Files\Messenger\msmsgs.exe[160] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00F02B01
.text C:\Program Files\Messenger\msmsgs.exe[160] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F02AE6
.text C:\Program Files\Messenger\msmsgs.exe[160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F02972
.text C:\Program Files\Messenger\msmsgs.exe[160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F02A64
.text C:\Program Files\Messenger\msmsgs.exe[160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F029AA
.text C:\Program Files\Messenger\msmsgs.exe[160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F029E2
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01BA2B80
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01BA2B3D
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01BA2B01
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01BA2AE6
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01BA2972
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01BA2A64
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01BA29AA
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1184] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01BA29E2
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 014C2B80
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 014C2B3D
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 014C2B01
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014C2AE6
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014C2972
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014C2A64
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014C29AA
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014C29E2
.text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 027A2B80
.text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 027A2B3D
.text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 027A2B01
.text C:\WINDOWS\Explorer.EXE[1896] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 027A2AE6
.text C:\WINDOWS\Explorer.EXE[1896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 027A2972
.text C:\WINDOWS\Explorer.EXE[1896] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 027A2A64
.text C:\WINDOWS\Explorer.EXE[1896] WS2_32.dll!recv 71AB676F 5 Bytes JMP 027A29AA
.text C:\WINDOWS\Explorer.EXE[1896] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 027A29E2
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00F82B80
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00F82B3D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00F82B01
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F82AE6
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F82972
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F82A64
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F829AA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2496] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F829E2
.text C:\WINDOWS\System32\alg.exe[2800] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00B52B80
.text C:\WINDOWS\System32\alg.exe[2800] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00B52B3D
.text C:\WINDOWS\System32\alg.exe[2800] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00B52B01
.text C:\WINDOWS\System32\alg.exe[2800] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B52AE6
.text C:\WINDOWS\System32\alg.exe[2800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B52972
.text C:\WINDOWS\System32\alg.exe[2800] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B52A64
.text C:\WINDOWS\System32\alg.exe[2800] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B529AA
.text C:\WINDOWS\System32\alg.exe[2800] WS2_32.dll!WSASend

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 7th August 2009, 2:42 pm

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\00000040 8A21A250
Device \Driver\ACPI \Device\00000042 8A21A250
Device \Driver\ACPI \Device\00000043 8A21A250
Device \Driver\ACPI \Device\00000044 8A21A250
Device \Driver\ACPI \Device\00000045 8A21A250
Device \Driver\ACPI \Device\00000039 8A21A250
Device \Driver\ACPI \Device\00000046 8A21A250
Device \Driver\ACPI \Device\00000047 8A21A250
Device \Driver\ACPI \Device\00000061 8A21A250
Device \Driver\ACPI \Device\00000048 8A21A250
Device \Driver\ACPI \Device\00000062 8A21A250
Device \Driver\ACPI \Device\00000056 8A21A250
Device \Driver\ACPI \Device\00000049 8A21A250
Device \Driver\ACPI \Device\00000059 8A21A250
Device \Driver\ACPI \Device\0000003c 8A21A250
Device \Driver\ACPI \Device\0000003d 8A21A250
Device \Driver\ACPI \Device\0000004a 8A21A250
Device \Driver\ACPI \Device\0000003e 8A21A250
Device \Driver\ACPI \Device\0000004b 8A21A250
Device \Driver\ACPI \Device\0000005c 8A21A250
Device \Driver\ACPI \Device\0000004f 8A21A250
Device \Driver\ACPI \Device\0000005d 8A21A250
Device \Driver\ACPI \Device\0000005e 8A21A250

---- Threads - GMER 1.0.15 ----

Thread System [4:1092] 8A250260
Thread System [4:1096] 8A23B05F
Thread System [4:1100] 8A26E5D7
Thread System [4:1104] 8A23DCD1

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Usage@OutlookMAPI2 990314679

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 7th August 2009, 6:19 pm

Please download [You must be registered and logged in to see this link.] to your desktop.
Double click on the MBR.exe to run it. A log will be produced, named MBR.log.
Please open this log in Notepad and post it's contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 7th August 2009, 6:27 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8a21a250
NDIS: Intel(R) 82562V-2 10/100 Network Connection -> SendCompleteHandler -> 0x8a253f30
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x024D8F111
malicious code @ sector 0x024D8F114 !
PE file found in sector at 0x024D8F12A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 7th August 2009, 11:43 pm

Hello.
I need you to move mbr.exe to your system32, right click mbr.exe and select copy.
Now using Windows Explorer (Windows key + E), navigate to C:\Windows\system32, go inside system32 and paste mbr.exe in there.

Now go to Start > Run. In the Run box, copy/paste in the following.

mbr.exe -f

Hit enter.
Let it run and a new log will pop open.
Copy and paste the new log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by aginewyork on 10th August 2009, 4:48 pm

i run it a new window pops ups and then it goes away is it running or not? cuz nothing pops up after that

aginewyork
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-10
OS OS : Windows XP
Points Points : 27114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer freezes up frequently

Post by Belahzur on 10th August 2009, 6:32 pm

Can you run it again without the command switch please, it may still have worked.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum