Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDs log


  • This topic is locked This topic is locked
14 replies to this topic

#1 Komputer Dummy

Komputer Dummy

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2012 - 01:44 PM

boopme,

I think this is the DDs.txt file that you want. Let me know if it's not.

Thanks for all your help even though I have a massive headache. It's nice to learn how to fix my problems.

Dennis

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Dennis at 14:27:06 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.7230 [GMT -4:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dennis\Desktop\tdsskiller\TDSSKiller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uURLSearchHooks: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
uURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
mURLSearchHooks: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
mURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Greenshot] "C:\Program Files (x86)\Greenshot\Greenshot.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Dennis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7F587694-1D50-4BE4-A422-99F7297C2A67} : DhcpNameServer = 75.75.76.76 75.75.75.75
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO-X64: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\tbElf0.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB-X64: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
TB-X64: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 c2scsi64;c2scsi64;C:\Windows\system32\DRIVERS\c2scsi64.sys --> C:\Windows\system32\DRIVERS\c2scsi64.sys [?]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/07 11:29:53];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-2-7 146928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-8-4 203096]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-9-3 173352]
S2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-03 11:00:35 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBA35594-EC4C-408C-B651-C16E6461B78A}\mpengine.dll
2012-03-21 19:51:53 -------- d-----w- C:\Windows\System32\SPReview
2012-03-21 19:49:55 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-21 19:49:43 -------- d-----w- C:\ae6ad7b20de9baa971cf2df4a2eece
2012-03-20 07:09:37 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-20 07:09:35 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-20 07:09:34 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-20 07:00:53 -------- d-----w- C:\82a3a4fabfda92b5513fe6
2012-03-18 00:41:27 -------- d-----w- C:\ProgramData\Recovery
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 14:27:58.53 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 09 April 2012 - 06:52 AM

Hi,

the log is looking ok. What's your problem?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 April 2012 - 06:11 PM

Hi,

the log is looking ok. What's your problem?

regards myrti

myrti,

My computer is running extremely slow and a computer guru friend recommended I run the MBAM from this site. I wasn't able to download it and boopme helped me in the other forum to run several things including the RKill (I have not yet run the MBAM as I've been following instructions).. My problems started when viewing a ford truck site. The screen froze up and I suspected a virus so I turned off the computer immediately. After awhile I restarted the computer and it ran alright for some time. Then some time later it froze up again while watching a DVD. I also suspected a virus that time and turned off the computer. Since that second time the computer has been running very slow. I have done a couple of system restores and that helped for awhile but then I accidently uninstalled my IE browser and now the computer thinks it's life started a few weeks ago.


Basically my problem is the computer is running very slow and I don't know why. Thanks for any help you give.

Dennis

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 12 April 2012 - 04:44 AM

Hi,

ok, then let's run aswMBR and see if there's a rootkit hiding:

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

But this doesn't sound much like malware, did you check the PC is not overheating?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 12 April 2012 - 08:32 AM

Hi,

ok, then let's run aswMBR and see if there's a rootkit hiding:

Please download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

But this doesn't sound much like malware, did you check the PC is not overheating?

regards myrti

myrti,

I have downloaded the aswMBR but I can't run it. I get an alert saying "aswMBR.exe is not a valid Win32 application".

How do I tell if the computer is overheating? I've had problems with it even after shutting it down overnight. Sometimes I would have to start & restart it 30 or 40 times just to get it to work (I'd forgotten this).


Dennis

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 12 April 2012 - 08:43 AM

Hi,

this sounds more and more like hardware issues. You could try installing speedfan and check what temperatures it shows: http://www.almico.com/speedfan.php

Please disable automatic restart:
  • Right-click My Computer, and then click Properties.
  • Click the Advanced tab.
  • Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
  • Uncheck the Automatically restart check box, and click OK the necessary number of times.
  • Restart your computer for the settings to take effect.

Next time your PC crashes it should now show an error message. Please write that down and let me know what it says.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 12 April 2012 - 09:37 AM

Hi,

this sounds more and more like hardware issues. You could try installing speedfan and check what temperatures it shows: http://www.almico.com/speedfan.php

Please disable automatic restart:

  • Right-click My Computer, and then click Properties.
  • Click the Advanced tab.
  • Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
  • Uncheck the Automatically restart check box, and click OK the necessary number of times.
  • Restart your computer for the settings to take effect.

Next time your PC crashes it should now show an error message. Please write that down and let me know what it says.

regards myrti

myrti,

I get the same alert with the speedfan download, "PCperformer_GG.exe.exe is not a valid Win32 application". I apparently cannot run it.

I will do the other things you suggested now.

Thanks for your help myrti.

I just attempted to do the other suggestion but the "automatically restart" box was already unchecked.

Dennis

Edited by Komputer Dummy, 12 April 2012 - 09:41 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 13 April 2012 - 05:25 AM

Hi,

are you having a bad internet connection that cuts off a lot? Did you get any warnings from your ant virus program while downloading? Something seems to be corrupting your downloads, so that they reach your PC broken.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 13 April 2012 - 06:50 PM

Hi,

are you having a bad internet connection that cuts off a lot? Did you get any warnings from your ant virus program while downloading? Something seems to be corrupting your downloads, so that they reach your PC broken.

regards myrti

myrti,

I have a cable connection for my computer and it doesn't cut off at all. I get no TrendMicro alerts at all when attempting these downloads. I had some of the same problems when downloading the other things that were suggested for me to run (in the other forum).

Thanks again for your help myrti.

EDIT: I just checked my TrendMicro info and it says the "speedfan" thing was blocked but I never got an alert. As far as I know it showed it was downloaded but I just can't run it.

Dennis

Edited by Komputer Dummy, 13 April 2012 - 06:58 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 14 April 2012 - 07:53 AM

Hi,

do you have a second PC from which you could download these things and then transfer them to your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 April 2012 - 06:50 PM

Hi,

do you have a second PC from which you could download these things and then transfer them to your PC?

regards myrti

myrti,

I do not have a second computer. I think I recall disabling my TrendMicro & Windows Firewall to download and run some of the other scans I've run, what do you think about me doing that?

Dennis

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 15 April 2012 - 12:13 PM

Hi,

yes, please try that then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Komputer Dummy

Komputer Dummy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 17 April 2012 - 07:57 PM

Hi,

yes, please try that then.

regards myrti

myrti,

I tried this on 4-16-12 and my computer ended up freezing up. The screen froze up and the cursor arrow was gone. I turned the computer off & on several times trying to get it to work to no avail. The light under the "power" button ended up not lighting up and I couldn't start the computer at all after awhile (the fans come on but nothing happens). I guess I'll have to take it to a shop to find out what's wrong with it.

Thanks so much for your time & your help, I appreciate it very much. I only wish we could've solved the problem. At the exit on the back of the computer, at the top, it was very warm where the fan was blowing out. I've never felt back there till now so I don't know if that's normal or not but it doesn't matter now I guess.

Take care myrti and thanks for everything.

Dennis

Edited by Komputer Dummy, 17 April 2012 - 07:58 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 18 April 2012 - 03:33 AM

Hi,

yes, it's probably easier to fix this through a shop.. If you want to delve into the PC personally and figure out what is going wrong with your PC, I would suggest you repost in the hardware section and ask if they can help you identify what happened. This will take longer than having it fixed in a shop though.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 AM

Posted 07 June 2012 - 07:03 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users