Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freeze up


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lexsan

Lexsan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 31 October 2009 - 08:19 AM

Main symptom: after about 1 hour or so (i don't know if it's periodical or random), during whick I watch a media file for example, I lose control: i can not start new processes, can not open taskmanager,browser..., can not RESTART by start menu, only by reset button.Other symptoms: i can not access microsoft,bitdefender,kaspersky,malwarebytes and other websites WITHOUT proxy; often during a PC session my audio device slips(no audio mixer detected, and i restart service); automatic updates is always off even though I turn it on; I can NOT view hidden folders with explorer(I tick show hidden but option remains unticked after OK ). This is the second time I formated C: after the problem showed up. It has about 3 weeks since it first manifested.I want to know if i can neutralize it or do i have to FULLY FORMAT (2 harddisks -> 600+ GB media files ).


DDS (Ver_09-10-26.01) - NTFSx86
Run by Lex at 15:00:38.81 on Sat 10/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.495 [GMT 2:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Lex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cool-digitv.net/
uSearch Page = hxxp://www.google.ro
uSearch Bar = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
uInternet Connection Wizard,ShellNext = hxxp://login.yahoo.com/config/reset_cookies_token?.token=jIhsCVLyjMn3vVmqtBbsPMySMWMS5MR8FPGNtMQm1TXZuy8JLh1NJSd5tegP7CGuAgZWRDxkPXGYPqM4NMyK2gOkrCuFQgIjhlI0LD514MzXNaipBX7nfYivFYaPCir2BYAvTfqdULUhvVBGyq8Hk7YkOyZUcNH0RwzCa4O5jj9vd_51mT1RmTPgEixXGr6xTi0oolgxBHmYz_0Y3zvz2kvxWLYYiNYNK_dS.6nQCe5Iwqb1nvGAa8s5XlxUvNL0zk9kXo7Q3NyhP51fO1tzerHVZIIozsgVfPYqFCCiwerRi.Av7V082Glc1..brycNP2jhVOthm.0vpIUnag5X7EgW1etfO3cIaywOqEL9GZGT7oxasdQIvJyt_KanGp3vEDDdd6mpDmLJiL_n0BSsMSVPuuyQRdnrsx3NPFiAvC2uyXK01N08re7qSD5m&.done=http%3A%2F%2Fus%2Erd%2Eyahoo%2Ecom%2Fmessenger%2Fclient%2F%3Fhttp%3A%2F%2Fmail%2Eyahoo%2Ecom%2F
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [iKeyWorks] c:\progra~1\a4tech\keyboard\Ikeymain.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
StartupFolder: c:\docume~1\lex\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\messenger\YahooMessenger.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lex\applic~1\mozilla\firefox\profiles\itgg1b67.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com/webhp
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
S2 zsepfpccx;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-10-24 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-10-24 3072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-10-30 16:40:10 0 d-----w- c:\program files\Trend Micro
2009-10-27 18:08:49 0 d-----w- c:\windows\system32\cache
2009-10-27 18:08:24 0 d-----w- c:\windows\system32\skin
2009-10-27 18:08:24 0 d-----w- c:\windows\system32\languages
2009-10-27 18:08:24 0 d-----w- c:\windows\system32\adv
2009-10-27 11:52:47 20432 ----a-w- c:\windows\system32\oodbs.lor
2009-10-26 17:46:39 0 d-----w- c:\program files\Microsoft
2009-10-26 16:46:22 0 d-----w- c:\windows\system32\oodag
2009-10-26 16:41:49 0 d-----w- c:\program files\OO Software
2009-10-26 15:01:59 0 d-----w- c:\program files\Microsoft Help
2009-10-26 14:59:26 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-26 14:59:13 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-26 14:58:00 0 d-----w- c:\windows\system32\RsFx
2009-10-26 14:41:59 0 d-----w- c:\program files\Microsoft Visual Studio 10.0
2009-10-26 12:51:51 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-25 19:11:58 0 d-----w- c:\docume~1\lex\applic~1\Xilisoft Corporation
2009-10-25 19:11:37 0 d-----w- c:\program files\Xilisoft
2009-10-25 18:44:29 0 d-----w- c:\program files\Windows Media Connect 2
2009-10-25 18:43:32 0 d-----w- c:\windows\system32\LogFiles
2009-10-25 13:00:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 13:00:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-25 11:22:37 0 d-----w- c:\program files\Microsoft SQL Server
2009-10-25 11:22:25 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-10-25 11:22:25 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-25 11:18:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-25 11:17:15 0 d-----r- c:\program files\Skype
2009-10-25 11:09:16 0 d-----w- c:\program files\PowerISO
2009-10-25 10:38:34 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2009-10-25 10:38:25 0 d-----w- c:\program files\Pando Networks
2009-10-25 10:37:10 0 d-----w- c:\docume~1\lex\applic~1\Free Download Manager
2009-10-25 10:37:09 0 d-----w- c:\program files\Free Download Manager
2009-10-24 20:30:14 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-24 20:30:14 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-24 18:52:05 0 d-----w- c:\docume~1\lex\applic~1\InfraRecorder
2009-10-24 18:51:55 0 d-----w- c:\program files\Firegraphic 10
2009-10-24 18:50:51 0 d-----w- c:\program files\A4Tech
2009-10-24 18:06:52 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-24 18:06:51 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-10-24 18:06:51 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-24 18:06:51 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-10-24 18:06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-24 18:06:51 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-10-24 18:06:51 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-24 18:06:51 129536 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
2009-10-24 18:06:51 129536 ----a-w- c:\windows\system32\ksproxy.ax
2009-10-24 18:06:36 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-10-24 18:05:53 74240 ----a-w- c:\windows\system32\usbui.dll
2009-10-24 18:05:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-10-24 18:04:39 0 d-----w- c:\program files\common files\ODBC
2009-10-24 18:04:35 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-24 18:04:01 0 d-----r- c:\documents and settings\all users\Documents
2009-10-24 18:03:58 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2009-10-24 18:02:39 689 ----a-w- c:\windows\system32\$winnt$.inf
2009-10-24 17:15:04 0 d-----w- c:\program files\EASEUS
2009-10-24 16:39:33 0 d-----w- c:\program files\Haali
2009-10-24 16:38:40 0 d-----w- c:\program files\CoreCodec
2009-10-24 16:37:12 0 d-----w- c:\program files\DCoder Image Source
2009-10-24 16:37:10 0 d-----w- c:\program files\SHOUTcast Source
2009-10-24 16:37:07 0 d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2009-10-24 16:37:06 0 d-----w- c:\program files\CD Audio Reader Filter
2009-10-24 16:37:02 0 d-----w- c:\program files\Gabest MPEG Splitter
2009-10-24 16:37:00 0 d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-10-24 16:36:50 0 d-----w- c:\program files\RealMedia
2009-10-24 16:36:30 0 d-----w- c:\program files\DScaler5
2009-10-24 16:36:18 0 d-----w- c:\program files\AC3Filter
2009-10-24 16:36:05 0 d-----w- c:\program files\Bass Audio Decoder
2009-10-24 16:35:33 0 d-----w- c:\program files\Zoom Player
2009-10-24 16:35:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Zoom Player
2009-10-24 16:34:19 0 d-----w- c:\program files\Combined Community Codec Pack
2009-10-24 16:23:56 0 d-----w- c:\program files\Realtek
2009-10-24 15:44:11 0 d-----w- c:\program files\VideoLAN
2009-10-24 15:43:59 0 d-----w- c:\program files\Unlocker
2009-10-24 15:41:54 0 d-----w- c:\program files\DAMN NFO Viewer
2009-10-24 15:37:07 0 d-----w- c:\program files\uTorrent
2009-10-24 15:37:03 0 d-----w- c:\docume~1\lex\applic~1\uTorrent
2009-10-24 15:32:26 0 d-----w- c:\program files\ATI Technologies
2009-10-24 15:29:42 0 d-----w- c:\program files\Yahoo!
2009-10-24 15:27:21 0 d-----w- c:\program files\Marvell
2009-10-24 15:21:41 0 d-----w- c:\docume~1\lex\applic~1\Bitdefender
2009-10-24 15:18:29 0 d-----w- c:\program files\Softwin
2009-10-24 15:18:29 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-24 15:18:15 0 d-----w- c:\program files\common files\Softwin
2009-10-24 15:12:32 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-24 15:12:13 0 d--h--w- c:\program files\WindowsUpdate
2009-10-24 15:11:28 0 d-----w- c:\program files\common files\MSSoap
2009-10-24 15:09:45 0 d-----w- c:\program files\Online Services
2009-10-24 15:09:39 0 d-----w- c:\program files\Messenger
2009-10-24 15:09:34 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-24 15:08:46 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-10-30 19:12:02 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-24 15:10:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-07 03:31:18 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-10-07 00:44:58 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2009-10-07 00:44:58 70456 ----a-w- c:\windows\system32\dxva2.dll
2009-10-07 00:44:58 486200 ----a-w- c:\windows\system32\evr.dll
2009-10-07 00:17:56 99160 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-07 00:17:56 48960 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-07 00:17:56 297792 ----a-w- c:\windows\system32\mscoree.dll
2009-10-07 00:17:56 295248 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-07 00:17:56 1130816 ----a-w- c:\windows\system32\dfshim.dll
2009-10-06 23:21:54 80704 ----a-w- c:\windows\system32\mfcm100u.dll
2009-10-06 23:21:54 80192 ----a-w- c:\windows\system32\mfcm100.dll
2009-10-06 23:21:54 767296 ----a-w- c:\windows\system32\msvcr100.dll
2009-10-06 23:21:54 4371264 ----a-w- c:\windows\system32\mfc100u.dll
2009-10-06 23:21:54 4344640 ----a-w- c:\windows\system32\mfc100.dll
2009-10-06 23:21:54 424256 ----a-w- c:\windows\system32\msvcp100.dll
2009-10-06 23:21:54 138048 ----a-w- c:\windows\system32\atl100.dll
2009-09-15 19:35:20 156488 ----a-w- c:\windows\system32\mscorier.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 19:28:04 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2009-09-08 19:23:09 2560 ----a-w- c:\windows\system32\xpsp4res.dll
2009-09-08 19:23:06 90112 ----a-w- c:\windows\system32\wshext.dll
2009-09-08 19:23:06 155648 ----a-w- c:\windows\system32\wscript.exe
2009-09-08 19:20:33 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-09-08 19:20:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-09-08 19:20:33 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-09-08 19:20:32 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 03:57:16 234328 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 15:01:02.73 ===============

Attached Files


Edited by Lexsan, 31 October 2009 - 08:20 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:14 PM

Posted 06 November 2009 - 06:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:14 PM

Posted 09 November 2009 - 02:47 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users