Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My HJT log


  • This topic is locked This topic is locked
13 replies to this topic

#1 Spectro

Spectro

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 20 April 2009 - 07:37 PM

Could someone take a look at my log?

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 21 April 2009 - 07:04 PM

I don't know how it's first come first serve if threads made today are being replied to and mine isn't. :/

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:34 AM

Posted 04 May 2009 - 08:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 06 May 2009 - 07:21 PM

I'm assuming you want DDS.txt pasted here since it just says "post it to the forums", rather than attach it like it says for Attach.txt.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Kevin at 20:17:25.98 on Wed 05/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.551 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RAM Def XT\ramdef.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Kevin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [filehippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [RAMDef] c:\program files\ram def xt\ramdef.exe -tray
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235801033749
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235953343937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\rrlwa415.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\rrlwa415.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 3\plugins\nppopcaploader.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-3-19 731840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-20 210216]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-3-15 2048]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\kevin\locals~1\temp\pfsvgae.sys --> c:\docume~1\kevin\locals~1\temp\pfsvgae.sys [?]

=============== Created Last 30 ================

2009-05-02 22:15 <DIR> --d----- c:\docume~1\kevin\applic~1\Windows Search
2009-05-02 21:23 <DIR> --dsh--- c:\documents and settings\kevin\IETldCache
2009-05-02 04:58 <DIR> --d----- c:\docume~1\kevin\applic~1\IObit
2009-05-02 04:58 <DIR> --d----- c:\program files\IObit
2009-05-02 04:21 <DIR> --d----- c:\program files\ATI Technologies
2009-05-02 04:21 <DIR> --d----- c:\windows\ie8updates
2009-05-02 04:20 <DIR> --d----- c:\program files\Paint.NET
2009-05-02 04:14 <DIR> -cd-h--- c:\windows\ie8
2009-05-02 04:11 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-02 04:04 <DIR> --d----- c:\program files\filehippo.com
2009-04-29 20:03 <DIR> --d----- c:\program files\Curse
2009-04-23 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2009-04-23 21:11 <DIR> --d----- c:\program files\PopCap Games
2009-04-23 00:09 <DIR> --d----- c:\program files\Microsoft Games
2009-04-22 00:54 <DIR> --d----- c:\program files\RAM Def XT
2009-04-21 17:04 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-04-21 17:03 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-21 13:58 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-21 13:53 <DIR> --d----- c:\windows\Logs
2009-04-20 20:59 <DIR> --d----- c:\program files\Wakoopa
2009-04-20 20:56 <DIR> --d----- c:\docume~1\kevin\applic~1\WhatPulse
2009-04-20 20:54 <DIR> --d----- c:\program files\WhatPulse
2009-04-20 20:52 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-04-20 20:52 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-20 20:51 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-20 20:43 <DIR> --d----- c:\program files\BOINC
2009-04-20 20:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOINC
2009-04-20 20:42 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-20 19:09 <DIR> --d----- c:\program files\Trend Micro
2009-04-20 19:07 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-20 19:06 <DIR> --d----- c:\documents and settings\kevin\.housecall6.6
2009-04-20 18:55 <DIR> --d----- c:\program files\common files\McAfee
2009-04-20 18:54 <DIR> --d----- c:\program files\McAfee
2009-04-20 11:50 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-20 11:50 <DIR> --d----- c:\program files\DivX
2009-04-19 00:44 <DIR> --d----- C:\ATI
2009-04-15 16:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 16:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 16:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 16:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-14 18:42 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 14:17 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-11 15:33 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-04-11 15:33 17,212 a------- c:\windows\system32\SIntf32.dll
2009-04-11 15:33 12,067 a------- c:\windows\system32\SIntf16.dll
2009-04-11 15:18 35,681 a------- c:\windows\DIIUnin.dat
2009-04-11 15:18 94,208 a------- c:\windows\DIIUnin.exe
2009-04-11 15:18 2,829 a------- c:\windows\DIIUnin.pif
2009-04-11 15:01 <DIR> --d----- c:\program files\Diablo II
2009-04-11 12:30 <DIR> --d----- c:\program files\common files\DirectX
2009-04-11 12:28 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-04-11 12:28 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-04-11 12:28 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-04-11 12:28 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-04-11 12:28 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-04-11 12:28 8,192 a------- c:\windows\system32\kbdkor.dll
2009-04-11 12:28 6,144 a------- c:\windows\system32\kbd101c.dll
2009-04-11 12:28 5,632 a------- c:\windows\system32\kbd103.dll
2009-04-11 12:28 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-04-11 12:28 6,144 a------- c:\windows\system32\kbd101b.dll
2009-04-11 12:28 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-04-11 12:28 6,144 a------- c:\windows\system32\kbd106.dll
2009-04-10 12:17 <DIR> --d----- C:\nDoors

==================== Find3M ====================

2009-05-01 11:47 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-15 16:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 16:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 16:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 16:25 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 16:25 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 16:25 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-08 14:29 56,448 a------- c:\windows\system32\drivers\xusb21.sys
2009-03-31 13:24 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-31 13:24 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-03-30 21:15 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-22 00:17 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-22 00:17 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-19 11:45 55,768 a------- c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 33,096 a------- c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:45 131,976 a------- c:\windows\system32\drivers\epfw.sys
2009-03-19 11:44 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 113,960 a------- c:\windows\system32\drivers\eamon.sys
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-12 09:33 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-04 01:28 77,398 a------- c:\windows\War3Unin.dat
2009-03-02 17:34 139,264 a------- c:\windows\War3Unin.exe
2009-03-02 17:34 2,829 a------- c:\windows\War3Unin.pif
2009-03-01 01:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-28 01:27 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-25 17:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 17:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 17:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 17:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 17:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 17:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 17:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 17:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 17:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 17:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 16:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 16:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 16:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 16:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 16:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 16:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 16:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 16:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe

============= FINISH: 20:17:38.34 ===============

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 08 May 2009 - 03:04 PM

Hello.

My name is Extremeboy and I will help you with your log.

What was the purpose of this thread? What symptoms do you still have that you may have an infection? What seems to be the issue right now?

After answering those questions, feel free to run this scanner.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 09 May 2009 - 01:14 AM

I'll run MBAM, but I'm starting to think the slowdown on my computer is some kind of hardware failure rather than any type of malware infection.

Also, I'm currently using ESET Smart Security. What is your opinion of this security suite?

I also just got CA Security Suite 2009 Plus for free after a rebate from Tigerdirect.com after purchasing some new PC parts. Is it better than ESET? I've read some reviews and they've all said that CA is pretty abysmal.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 09 May 2009 - 12:43 PM

Hello.

I'll run MBAM, but I'm starting to think the slowdown on my computer is some kind of hardware failure rather than any type of malware infection.

Could be. I find most slowness is not caused by malware. Yes, malware does cause slowness but if things are clean, then it must be something else.

Also, I'm currently using ESET Smart Security. What is your opinion of this security suite?

ESET is a great anti-virus software, but I personally do not favour security suites as I find them a "resource-hog" and therfore download and install seperate programs. Eg: Anti-virus, Firewall and Anti-spyware.

I think ESET is better than CA but that's just me.

Please DO NOT have more than one anti-virus software or firewall OR security suites installed and running at once. I highly recommend you uninstall one of those now. Having two anti-virus/firewall software causes system failure, crashes, false-positives and also system slow down.

Hope to see the results soon.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 09 May 2009 - 03:39 PM

Yeah, I know. I only have ESET installed. What would you recommend instead of a security suite?

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 09 May 2009 - 04:57 PM

Hello.

Yeah, I know. I only have ESET installed. What would you recommend instead of a security suite?

Well, if you would like to have separate installation for each then, here are some that I personally like from past experience.

Anti-Virus Software:

The three that I really liked were:
AVG 8.5 <- I have used this for several years
Avira AntiVir <- I recently changed to use this Anti-Virus software
Avast <- This one is also fairly good, but I used it before but the scans take too long (may have improved since then but I haven't used it since. You can try it if you wish.)

Firewall Softwares

The two firewall softwares that I really like are:
PCtool Firewall <- Very simple to use for beginners or advanced members
Online-Armor Free <- Also simple to use and have very nice and extra features

If all is fine, then you can let me know and I'll give you some prevention tips so you can start another topic or solve the hardware problem that you may think you have on your own or on another forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 09 May 2009 - 06:07 PM

Yeah, it definitely seems like it's not a malware issue. I'm open to any tips that you have. :thumbup2: I'll probably stick with ESET until the license expires, then I'll look into the others you have suggested. You think AVG + PCtool Firewall would use less resources than ESET or Kaspersky (which I used previously)?

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/
Is that the right forum for hardware failures/issues?

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 09 May 2009 - 06:26 PM

Hello.

You think AVG + PCtool Firewall would use less resources than ESET or Kaspersky (which I used previously)?

I would think so, yes. :)

PCTools is a great light weight firewall software. AVG is also considered a fairly light-weight anti-virus software. If you have any trouble with them, you can always remove them and install a different one :thumbup2:

And yes, that is the correct forum for hardware failures/issues :step4:

Good luck! Any other questions?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Spectro

Spectro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:06:34 AM

Posted 11 May 2009 - 09:20 AM

Nope. Thanks! :D

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 11 May 2009 - 02:29 PM

You're welcome.

Happy surfing and take care.

We're done over here. :thumbup2:

I'll close this topic shortly.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 11 May 2009 - 02:31 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users