Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Virus? Computer constantly asks for Administrator Permissions

  • This topic is locked This topic is locked
8 replies to this topic

#1 v00d00d0ll


  • Members
  • 8 posts
  • Local time:02:49 PM

Posted 09 May 2011 - 11:12 AM

Hello all,

I am new to this site and would really appreciate any helpful information anyone has to offer! My computer started acting up some time last week in that it would not print to PDF from any of my programs. Thinking that there was an error with my Adobe Acrobat, I made the terrible mistake of uninstalling my copy. When I attempted to reinstall the program I was told that my serial was no longer valid so I had to spend the next few days on the phone w/Adobe trying to get my program to work (so that I could do my job) WHILE my computer was lagging like madness from, what I'm assuming, must be a virus. I have run AVG and nothing seems to have been found, but I still have my doubts... Is there anyone who can help me with this? I have followed all of the instructions put forth in posting a problem such as the one I'm having so I will attach my dds log below. Thank you in advance for any responses!

P.S. Also! I feel I should mention that ALL of my programs are having difficulty starting and, most of the time, they stop responding for a few moments before they begin again... further, when I print to PDF it takes forrrrreeeevvvveerrr and it never use to before... if this isn't a virus, I don't know what I'll do lol... I just need to fix this! Quick! Thanks again guys!! *fingers crossed!!!*

DDS (Ver_11-03-05.01) - NTFSx86
Run by Ashley H at 10:55:30.52 on Mon 05/09/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.989.217 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Ashley H\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Users\Ashley H\Desktop\Downloads\dds.scr
============== Pseudo HJT Report ===============
mURLSearchHooks: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro0.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngin0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngin0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\ashley~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ashley h\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ashley~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\ashley~1\appdata\roaming\mozilla\firefox\profiles\1a0b4k60.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\ashley h\appdata\roaming\mozilla\firefox\profiles\1a0b4k60.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ashley h\appdata\roaming\mozilla\firefox\profiles\1a0b4k60.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/29 16:12:13];c:\program files\cyberlink\powerdvd dx\000.fcl [2010-3-29 87536]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-2-3 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-4 47640]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-2-3 27648]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-29 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-2-3 35840]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtVlan60.sys [2010-2-3 19968]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-2-3 35840]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.0);c:\windows\system32\drivers\RtVlan60.sys [2010-2-3 19968]
=============== Created Last 30 ================
2011-05-09 14:31:25 -------- d-----w- c:\progra~2\Skype Extras
2011-05-09 14:06:45 388096 ----a-r- c:\users\ashley~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-09 13:53:28 -------- d-----w- c:\program files\Trend Micro
2011-05-06 19:34:37 -------- d-sh--w- C:\found.000
2011-05-05 21:31:25 -------- d-----w- c:\program files\PC Tools Security
2011-05-05 21:25:52 -------- d-----w- c:\progra~2\PC Tools
2011-05-05 21:23:27 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-05-05 19:23:54 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2011-05-05 16:17:36 -------- dc--a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.....ZZZ.Z..Z
2011-05-05 16:09:30 -------- dc--a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZZZZ.ZZ.Z..Z
2011-05-05 14:31:44 -------- dc-h--w- C:\$AVG
2011-05-05 14:12:11 -------- d-----w- c:\users\ashley~1\appdata\roaming\AVG10
2011-05-05 14:09:30 -------- d--h--w- c:\progra~2\Common Files
2011-05-05 14:07:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-05 14:07:01 -------- d-----w- c:\progra~2\AVG10
2011-05-05 13:42:57 -------- d-----w- c:\progra~2\MFAData
2011-05-04 17:25:30 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-05-04 17:18:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 15:01:34 -------- d-----w- c:\program files\Add Remove Pro
2011-05-04 14:35:48 -------- d-----w- c:\program files\Perfect Uninstaller
2011-05-03 10:07:09 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4660ed89-2373-490c-a5f9-22016d527244}\mpengine.dll
2011-05-02 17:35:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-02 17:35:26 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-02 17:35:26 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-02 17:35:26 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-02 17:35:26 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-02 17:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-02 17:35:26 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-02 17:35:26 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-27 23:04:13 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 23:03:47 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 23:03:47 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 23:03:47 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 23:03:47 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 23:03:47 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 23:03:46 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 23:03:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 23:03:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 23:03:46 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 23:03:15 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 23:02:45 2614784 ----a-w- c:\windows\explorer.exe
2011-04-26 13:54:20 112056 -c--a-w- c:\windows\system32\acaptuser32.dll
2011-04-21 18:54:08 -------- d-----r- c:\users\ashley h\Dropbox
2011-04-21 18:51:43 -------- d-----w- c:\users\ashley~1\appdata\roaming\Dropbox
2011-04-18 15:19:38 -------- d-----w- c:\program files\Evernote
2011-04-15 21:39:20 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-04-15 05:29:55 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 05:29:55 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 05:29:54 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 05:29:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 05:26:46 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 05:26:17 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 05:25:49 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 05:25:21 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 05:24:52 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 05:24:52 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 05:24:24 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 05:24:24 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 05:24:24 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 05:24:24 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 08:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
==================== Find3M ====================
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 10:57:15.64 ===============

Never received help with this problem and I REALLY NEEDED TO WORK so, after speaking with my coworkers, I decided to just go ahead and reformat my computer... -- 10 days later and it's acting up again telling me I don't have any space available on it but I honestly don't think I have THAT much stuff on this computer - I JUST REFORMATTED IT!! What is going on!? -- I plan on asking for help again... hopefully this time I'll receive a response *sigh*...

EDIT: Posts merged ~Budapest

Attached Files

Edited by Budapest, 17 May 2011 - 04:33 PM.

BC AdBot (Login to Remove)


#2 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:08:49 PM

Posted 20 May 2011 - 07:19 PM


Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 v00d00d0ll

  • Topic Starter

  • Members
  • 8 posts
  • Local time:02:49 PM

Posted 23 May 2011 - 01:32 PM

Hello m0le (lol, I like you're slogan! Slick!)

I just wanted to let you know that I received your response late Friday and, as the post states, this was all in regard to my work computer so I wanted to wait til I got back to it before starting any "conversations"! I'm assuming you saw my "response" to myself (lol), so I'm going to go ahead and run everything again (the logs that were originally requested before I reformatted my computer). I really hope you're still okay with helping me, all I'm asking now is that you please take a look at the log files I'm going to provide and just let me know why my computer is running slow (I'm assuming its a RAM issue now since it is still running slow even after reformatting. If that happens to be the case, do you think you could provide this in a written statement so that I can show it to my boss? Lol, this thing is starting to make work a real nightmare!).


P.S. I'll have those updated logs updated to this post asap!! Thanks again!

#4 v00d00d0ll

  • Topic Starter

  • Members
  • 8 posts
  • Local time:02:49 PM

Posted 23 May 2011 - 01:51 PM

Okay! That didn't take nearly as long as I remember it taking the first time lol...
I couldn't run GMER because I am running a 64-bit version of Windows. Attached are the two text files from DDS.

The only real problems I'm having with it now are (1) Adobe takes MUCH longer than it use to when creating PDFs, and (2) its VERY slow when I try to multi-task and switch to a new window...

It's not really crashing anymore... but when I focus on a new program and the window finally pops up it stays white for a few moments, says its not responding, lags, then a few moments later finally catches up and starts operating fine... this happens for every program and creates an extra minute or two for every task that I need to do here at work. Does this sound like a RAM issue to you?

Thanks again!

Attached Files

#5 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:08:49 PM

Posted 23 May 2011 - 07:40 PM

Hmmm, a tricky one here. Firstly, the DDS looked clean and then I saw something strange in the error log. The symptoms don't seem to connect with the errors and your idea that it is RAM don't fit that either. So, let's go with my instinct and look for volsnap.sys being infected first. If that doesn't pan out then we'll see what else might be causing the slow down.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 v00d00d0ll

  • Topic Starter

  • Members
  • 8 posts
  • Local time:02:49 PM

Posted 24 May 2011 - 01:40 PM

Okay! All done! The log should be attached :)

Oh yeah! I think I should mention that when I tried to run comfix.exe it wouldn't run unless I uninstalled AVG completely (I tried to just temporarily disable it as the instructions explained, but it still wouldn't work until it was completely uninstalled). *slowly slinking away unsure of herself* I'm..gonna..go ahead and reinstall AVG.. I know you guys say not to install/uninstall stuff but I think that's only if I didn't already have it, right? I hope that's okay...just trying to put everything back how it was...

Thanks again for your help!

Attached Files

Edited by v00d00d0ll, 24 May 2011 - 01:44 PM.

#7 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:08:49 PM

Posted 24 May 2011 - 02:20 PM

You did right. AVG is clashing with Combofix at the moment. The log shows a clean machine so we are not looking at malware now.

Uninstall Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.

Now reinstall AVG or another antivirus if you prefer.

Please post a topic in the Windows 7 forum and get them to troubleshoot possible hardware or operating system problems. I will hold this topic open for five days but after that please PM if you need to.

Good luck tracking down the problem :)
Posted Image
m0le is a proud member of UNITE

#8 v00d00d0ll

  • Topic Starter

  • Members
  • 8 posts
  • Local time:02:49 PM

Posted 25 May 2011 - 12:21 PM

Ah, good to know! Thanks for all your help! Very much appreciated!

#9 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:08:49 PM

Posted 29 May 2011 - 02:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users