Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible infection crashes pc


  • This topic is locked This topic is locked
3 replies to this topic

#1 corwera

corwera

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 10 May 2013 - 10:18 AM

do not know what to do with this!

 

pc crashes after 5 minutes, sometimes faster if i run anti-virus program. (so im writing this in a hurry)

here are the logs from sdd.scr file

 

 

i have a self built computer (specs at the bottom) which i had a couple of problems with that started when i updated windows 4 days ago. the installation of the update did not run smoothly, i had to manually install them three times to get all of them sucessfully installed. then the pc froze when configuring the updates (during the reboot which is required after update installation). some times at 32% other times at 36, 52 and 76%. i googled and it seemed like a viral infection. i unplugged the internet cable and removed the usb-network adapter so that the pc would not have access to the itnernet - just in case. this fixed the problem, and the configuration would complete itself.

 

since just before the update i have not been able to see the asus-logo before the pc boots (and thus i cannot enter safe mode). if i just wait it out, windows will boot normaly, and if i try to spam the delete/F8 button the monitor is all black for hours and hours.

 

after i managed to install the updates for windows, the computer started to freeze. first couple of times, the CPU usage rocketed to a 100%, causing such a bad lag that every i tried took about 30 minutes. i used windows restore to restore the system to a couple of days ago, like three days or so. after this the problem is that after some time, varying from a couple of seconds after login to a full 30 min my computer freezez and i have to hold the power button down for 6 seconds for it to be turned off. i noticed that the time it takes is all the shorter, the more programs i am using. e.g. running virus scan always made the computer freeze before it was completed (quick scans was completed though, avg found two infections (middle serious) and deleted one of them). i am now able to install 110 new updates for windows (39 optional and 71 important), but i have not deared to install them since it messed the computer up so badly the last time.

 

what should i do? to me it seems like the only solution is to reinstall windows but i'd like to avoid that for obvious reasons. i am though willing to do it and formate all the HDDs if that's what it takes

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Viktor at 17:11:53 on 2013-05-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16364.14354 [GMT 2:00]
.
AV: AVG AntiVirus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{03D14F70-460C-4CEC-A6F9-0D2E0030A9B4} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\ll08hukq.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - ExtSQL: 2013-04-30 14:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\ll08hukq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-10 10:10; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-10 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-10 189936]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-4-30 25056]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-10 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-10 378432]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-30 283200]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2013-4-30 26624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-10 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-10 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-10 46808]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-4-25 4936752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2013-4-30 297440]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-4-30 1924096]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2013-4-30 960992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-05-10 15:10:12 -------- d-----w- C:\Windows\pss
2013-05-10 14:51:31 8247264 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_e7456bf5ec7c965e96db7416286ee5267da6c_cab_1f6d8e6a\WNA1100.exe
2013-05-10 14:07:20 -------- d-----w- C:\Users\Viktor\AppData\Roaming\AVG2013
2013-05-10 14:06:45 -------- d-----w- C:\Users\Viktor\AppData\Roaming\TuneUp Software
2013-05-10 14:06:36 -------- d-----w- C:\ProgramData\AVG2013
2013-05-10 14:06:19 -------- d-----w- C:\Program Files (x86)\AVG
2013-05-10 14:04:29 -------- d-----w- C:\Users\Viktor\AppData\Local\MFAData
2013-05-10 14:04:29 -------- d-----w- C:\Users\Viktor\AppData\Local\Avg2013
2013-05-10 14:04:29 -------- d-----w- C:\ProgramData\MFAData
2013-05-10 13:53:23 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFE0B98F-9DC2-47FC-BAEC-84BF8CF9D28E}\mpengine.dll
2013-05-10 09:40:06 2114072 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_799b94c3eda4bbcfd2117c11602d2fabcf3f50_cab_12f450dd\AvastBCL-Sfx.exe
2013-05-10 08:16:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-10 08:13:11 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-10 08:10:19 -------- d-----w- C:\Users\Viktor\AppData\Local\Google
2013-05-10 08:10:17 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-10 08:10:17 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-10 08:10:17 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-10 08:10:17 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-10 08:10:17 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-10 08:10:03 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-10 08:09:49 -------- d-----w- C:\Program Files\AVAST Software
2013-05-10 08:09:38 -------- d-----w- C:\ProgramData\AVAST Software
2013-05-09 21:54:10 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-09 20:49:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-09 20:49:05 -------- d-----w- C:\Users\Viktor\AppData\Local\Programs
2013-05-09 18:48:45 -------- d-----w- C:\Users\Viktor\AppData\Local\Ubisoft Game Launcher
2013-05-09 18:21:59 -------- d-----w- C:\Users\Viktor\AppData\Roaming\Malwarebytes
2013-05-09 18:21:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-09 17:35:58 286720 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_73a2c578febf58e39cc3a6f95aa785f492ab7_cab_08331e0a\CLI.Component.Eeu.dll
2013-05-01 11:25:34 -------- d-----w- C:\Users\Viktor\AppData\Local\ApplicationHistory
2013-05-01 08:14:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-05-01 08:14:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-05-01 08:13:03 77312 ----a-w- C:\Windows\System32\packager.dll
2013-05-01 08:13:03 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-04-30 23:36:08 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-30 23:36:04 -------- d-----w- C:\Users\Viktor\AppData\Local\PunkBuster
2013-04-30 23:35:48 -------- d-----w- C:\Users\Viktor\AppData\Local\ESN
2013-04-30 23:35:46 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2013-04-30 19:55:39 -------- d-----w- C:\Windows\Panther
2013-04-30 19:50:01 -------- d-----w- C:\Windows.old
2013-04-30 13:31:01 -------- d-----w- C:\Users\Viktor\AppData\Local\ATI
2013-04-30 13:24:45 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-04-30 13:18:01 0 ----a-w- C:\Windows\ativpsrm.bin
2013-04-30 13:15:38 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-04-30 13:15:07 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-30 13:15:07 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-30 13:15:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-30 13:06:35 -------- d-----w- C:\ProgramData\AMD
2013-04-30 13:06:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-04-30 13:06:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-04-30 13:05:42 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-04-30 13:05:35 -------- d-----w- C:\Program Files\ATI Technologies
2013-04-30 13:05:32 -------- d-----w- C:\Program Files\ATI
2013-04-30 12:51:05 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2013-04-30 12:50:57 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2013-04-30 12:50:57 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2013-04-30 12:37:19 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2013-04-30 12:08:25 -------- d-----w- C:\Program Files (x86)\SEGA
2013-04-30 12:05:41 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-04-30 12:05:39 -------- d-----w- C:\Users\Viktor\AppData\Roaming\DAEMON Tools Lite
2013-04-30 12:05:37 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-04-30 12:05:05 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-04-30 11:45:33 -------- d-----w- C:\Users\Viktor\AppData\Roaming\Origin
2013-04-30 11:45:33 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-04-30 11:45:29 -------- d-----w- C:\Users\Viktor\AppData\Local\Origin
2013-04-30 11:44:36 -------- d-----w- C:\ProgramData\Origin
2013-04-30 11:44:29 -------- d-----w- C:\Program Files (x86)\Origin
2013-04-30 11:29:49 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32D7CED3-7491-4D83-889F-7D13841F0396}\gapaengine.dll
2013-04-30 11:28:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-04-30 11:28:41 -------- d-sh--w- C:\Windows\Installer
2013-04-30 11:28:41 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-04-30 11:24:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-04-30 11:24:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-04-30 11:24:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-04-30 11:24:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-04-30 11:22:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-04-30 11:22:33 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-30 11:22:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-04-30 11:22:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-04-30 11:10:41 26624 ----a-w- C:\Windows\System32\drivers\jswpslwfx.sys
2013-04-30 11:10:41 25056 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2013-04-30 11:10:41 1924096 ----a-w- C:\Windows\System32\drivers\athurx.sys
2013-04-30 11:10:40 -------- d-----w- C:\Program Files (x86)\NETGEAR
2013-04-30 11:02:08 -------- d-----w- C:\Users\Viktor\AppData\Local\Diagnostics
2013-04-30 11:01:39 -------- d-----w- C:\ProgramData\EA Core
2013-04-30 11:01:38 -------- d-----w- C:\ProgramData\Electronic Arts
2013-04-30 11:01:38 -------- d-----w- C:\ProgramData\EA Logs
.
==================== Find3M  ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-29 00:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 01:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-02-14 11:41:10 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-02-14 11:40:58 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
.
============= FINISH: 17:12:14.73 ===============

 

 

 

thanks for taking the time to read this :)

Attached Files


Edited by hamluis, 10 May 2013 - 12:43 PM.
Pasted DDS log into post - Hamluis.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:30 AM

Posted 15 May 2013 - 06:20 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
 
----------------
 
Please do the following next:
 
:step1:
 
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


:step2:
 
Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of those logfiles with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
 
 
:step3:
 
Please download GMER it from one of the below to your desktop:

  • Main mirror
  • Zipped version
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:30 AM

Posted 18 May 2013 - 04:04 AM

Hi Are you still with us? The topic will be closed in 3 days unless we receive a response from you.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:30 AM

Posted 21 May 2013 - 02:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users