Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent Freezes: Virus Or Hardware Problem?


  • This topic is locked This topic is locked
2 replies to this topic

#1 samone4

samone4

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 27 March 2007 - 05:21 AM

Running XP: :thumbsup: :flowers: :huh: :huh: Always had problems with this computer... kept freezing with games.. gotten a lot of error messages while trying to install games such as diablo 2 and painkiller
I have formatted my computer reinstalling windows and my drivers including using windows update which had installed sp2 so i am currently using it... should i unistall sp2?... friend somehow obtained trojan dropper and trojan downloader on my computer... using trend micro internet security 2007 and kaspersky online scanner in safe mode i have gotten rid of it... still having freezing issues... ive checked the list in the 5 step post and the rogue and suspect program list.. i used spybot and adaware in safe mode... i installed vx2 cleaner, spyblaster and spy guard... iespyad came up as a malacious program with my trend micro so i did not use... panda came up with this:

Incident Status Location
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\John\Cookies\john@mbop[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John\Cookies\john@winantivirus[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@ath.belnk[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John\Cookies\john@www.errorsafe[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\John\Cookies\john@mmm.media-motor[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\John\Cookies\john@systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John\Cookies\john@www.winantivirus[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John\Cookies\john@errorsafe[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kount[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Vincent\Cookies\vincent@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Vincent\Cookies\vincent@com[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Vincent\Cookies\vincent@zedo[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Vincent\Cookies\vincent@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\FOUND.006\FILE0029.CHK
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.011\FILE0001.CHK
THIS IS WHAT DSS FOUND:

Deckard's System Scanner v20070318.32
Run by Vincent on 2007-03-26 at 21:38:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Vincent.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:39:00 PM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vincent\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Vincent.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165890547264
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165890530076
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

-- Files created between 2007-02-26 and 2007-03-26 -----------------------------
2007-03-26 18:25:52 0 d-------- C:\ie-spyad_zo<IE-SPY~1>
2007-03-26 18:15:50 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-03-26 18:07:08 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-26 18:07:07 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-26 17:52:08 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-26 16:57:48 0 d--hs---- C:\FOUND.006
2007-03-26 15:54:52 0 d--hs---- C:\FOUND.005
2007-03-26 15:40:20 0 d--hs---- C:\FOUND.004
2007-03-26 15:04:50 0 d-------- C:\Program Files\PC Wizard 2007<PCWIZA~1>
2007-03-26 14:52:14 0 d--hs---- C:\FOUND.003
2007-03-26 14:38:10 0 d--hs---- C:\FOUND.002
2007-03-24 15:11:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion<YAHOO!~1>
2007-03-23 15:41:32 0 d--hs---- C:\FOUND.001
2007-03-23 15:27:52 0 d--hs---- C:\FOUND.000
2007-03-22 21:53:29 0 d-------- C:\Program Files\CCleaner
2007-03-22 21:18:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab<KASPER~1>
2007-03-22 21:18:47 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-22 18:37:06 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-03-20 16:05:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-20 16:04:20 0 d-------- C:\Documents and Settings\Vincent\SecurityScans<SECURI~1>
2007-03-20 16:04:06 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2<MI884D~1>
2007-03-20 15:57:22 0 d-------- C:\temp

-- Find3M Report ---------------------------------------------------------------
2007-02-15 14:08:50 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-02-14 20:09:30 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-02-14 13:43:14 0 d-------- C:\Documents and Settings\Vincent\Application Data\AVG7

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\setupSNK.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\SETUP.EXE

-- End of Deckard's System Scanner: finished at 2007-03-26 at 21:39:33 ---------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:00 AM

Posted 01 April 2007 - 05:47 PM

I can't see anything suspicious here. You said you even reinstalled Windows and the same problem reappears?
If you format and reinstall and there was malware present, it should be gone anyway.. and since you're having the same problem again, then this is certainly not malware related, but rather hardware related.

That's why I suggest you post your problem in the hardware part of this forum.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:00 AM

Posted 11 April 2007 - 03:33 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users