Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OS failure, or rootkit problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 cookiel

cookiel

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 12 October 2009 - 08:28 AM

My computer gets this random freezes all the time so I have to manually shut it off with my FINGAH!

Would really like some help with my problem.

Thanks in advance . Cookie

DDS (Ver_09-10-12.01) - NTFSx86
Run by J›rgen at 15:23:13,30 on 12.10.2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3070.2056 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jørgen\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jrgen~1\appdata\roaming\mozilla\firefox\profiles\ygtk58j1.default\
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\users\jã¸rgen\appdata\roaming\mozilla\firefox\profiles\ygtk58j1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-19 108552]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-19 297752]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-4-8 101904]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-3 66056]

=============== Created Last 30 ================

2009-10-12 15:17 <DIR> --d----- c:\program files\Trend Micro
2009-10-09 17:10 <DIR> --d----- C:\Warcraft III 1.21
2009-10-06 16:33 <DIR> --d----- C:\Gmer
2009-10-04 21:58 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-10-04 21:58 499,712 a------- c:\windows\system32\kerberos.dll
2009-10-04 21:58 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-04 21:58 270,848 a------- c:\windows\system32\schannel.dll
2009-10-04 21:58 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-04 21:58 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-04 21:58 72,704 a------- c:\windows\system32\secur32.dll
2009-10-04 21:58 9,728 a------- c:\windows\system32\lsass.exe
2009-10-03 14:37 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-03 14:37 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-03 14:37 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-03 14:37 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-02 18:54 45 a------- c:\users\jørgen\jagex_runescape_preferences2.dat
2009-10-02 18:53 38 a------- c:\users\jørgen\jagex_runescape_preferences.dat
2009-10-02 18:53 <DIR> --d----- C:\.jagex_cache_32
2009-10-02 18:20 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-01 23:47 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 23:47 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-01 23:47 <DIR> --d----- C:\Malwarebytes' Anti-Malware
2009-09-29 22:53 <DIR> --d----- c:\users\jrgen~1\appdata\roaming\Malwarebytes
2009-09-29 22:53 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-29 22:53 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-29 21:45 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-29 21:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-29 21:45 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-24 16:18 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-09-24 16:18 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-09-19 00:42 <DIR> --d----- C:\starcraft
2009-09-18 20:34 <DIR> --d----- C:\Warcraft III

==================== Find3M ====================

2009-10-12 15:23 2,621,440 a--sh--- c:\users\jørgen\NTUSER.DAT
2009-10-09 17:12 452,096 a------- c:\windows\system32\perfh014.dat
2009-10-09 17:12 76,272 a------- c:\windows\system32\perfc014.dat
2009-08-28 14:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 14:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 14:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 14:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 14:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 12:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-15 13:22 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 13:22 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-14 19:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 18:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 18:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 16:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 16:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 16:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 16:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 16:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 16:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 16:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 18:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 18:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 11:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 16:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-13 23:23 56 a---h--- c:\programdata\ezsidmv.dat
2009-07-13 23:23 56 a---h--- c:\progra~2\ezsidmv.dat
2009-05-23 12:24 174 a--sh--- c:\program files\desktop.ini
2009-05-23 12:23 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-23 12:23 51,200 a------- c:\windows\inf\infpub.dat
2009-05-23 12:22 86,016 a------- c:\windows\inf\infstor.dat
2009-05-23 03:01 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-21 07:12 294,254 a------- c:\windows\inf\perflib\0414\perfi.dat
2006-11-21 07:12 294,254 a------- c:\windows\inf\perflib\0414\perfh.dat
2006-11-21 07:12 35,166 a------- c:\windows\inf\perflib\0414\perfd.dat
2006-11-21 07:12 35,166 a------- c:\windows\inf\perflib\0414\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:24:06,03 ===============

Edited by cookiel, 12 October 2009 - 08:34 AM.


BC AdBot (Login to Remove)

 


#2 cookiel

cookiel
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 October 2009 - 09:16 AM

Replaced some devices and cleaned the harddisk. Close this topic ^^

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 17 October 2009 - 09:19 AM

Thanks for letting us know cookiel. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users