hjtmk16 Posted September 8, 2010 ID:311183 Share Posted September 8, 2010 Hi,My PC keeps freezing up for long periods of time. I noticed "Alert Popup" dialog box on occasion, or in my Task Manager. Once I kill it, the computer begins to perform normally for a period of time. But sometimes it freezes without "Alert Popup" detected. I suspect that this is the main reason for my pc probs. I ran Malwarebytes scan. It didn't detect anything.Also, I attempted to follow the recommended protocol in Safe Mode and downloaded Defogger, DDS, and GMER Rootkit Scanner to my Desktop. Defogger did not ask to reboot machine, as per instructions, so I rebooted it myself. I then ran the DDS.SCR. It says it "should not run longer than 3 minutes". It ran for over 20 minutes without any dialog box appearing, asking to name the two resulting log files as expected. Finally, when I tried running GMER, I received a blue screen with "A problem has been detected and Windows has been shut down to prevent damage to computer ..."I did run HijackThis, and attached the log. Please take a look and let me know if there's anything you can recommend I do, to rid myself of this problem.Thank you very much,Mikehijackthis_Sept8th2010.txt Link to post Share on other sites More sharing options...
negster22 Posted September 9, 2010 ID:311348 Share Posted September 9, 2010 Hi and Welcome to the Malwarebytes' forum.Please download ATF Cleaner by AtribuneClose Internet Explorer and any other open browsersDouble-click ATF-Cleaner.exe to run the program. Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click Click the Empty Selected button. No at the prompt.If you use Opera browser Click Opera at the top and choose: Select AllNOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Disable the active protection component of your antivirus by following the directions that apply here:http://www.bleepingcomputer.com/forums/topic114351.htmlPlease download Rootkit Unhooker and save it on your desktop.http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE Disable your security programs Double click RKUnhookerLE.exe to run it Click the Report tab, then click Scan Check Drivers, Stealth Code, Files, and Code Hooks Uncheck the rest, then click OK When prompted to Select Disks for Scan, make sure C:\ is checked and click OK Wait till the scanner has finished then go File > Save Report Save the report somewhere you can find it. Click Close Copy the entire contents of the report and paste it in your next reply.Note - If You get this warning it is ok, just ignore it: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"Please download Combofix from one of these locations: HERE or HERE I want you to rename Combofix.exe as you download it to a name of your choice such as fixit.exeNotes:It is very important that save the newly renamed EXE file to your desktop.You must rename Combofixe.exe as you download it and not after it is on your computer.You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:For FirefoxOpen Firefox and click Tools -> Options -> MainUnder the downloads section check the button that says "Always ask me where to save files".Click OK[*]For Internet Explorer:When downloading, choose to save, not open the fileWhen prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it!!!http://www.bleepingcomputer.com/combofix/how-to-use-combofixVery Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:http://www.bleepingcomputer.com/forums/topic114351.htmlNote: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.Running CombofixIn the event you already have Combofix, please delete it as this is a new version.Close any open browsers.Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. 1. Double click on the renamed combofix.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt 3. Post the contents of that log in your next replyNote: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Please post back the Rootkit Unhooker log and C:\Combofix.txtPlease copy/paste all logs into your topic and do NOT attach!!=================Your HJT LogLogfile of Trend Micro HijackThis v2.0.4Scan saved at 12:52:40 AM, on 2010-09-08Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thestar.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEO4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:AO4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimizedO4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundO4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Mike\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [Eraser RiskMonitor] "C:\Program Files\East-Tec Eraser 2010\Launch.exe" "C:\Program Files\East-Tec Eraser 2010\etRiskMon.exe"O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServerO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O17 - HKLM\System\CCS\Services\Tcpip\..\{AF0DF270-8BA6-406E-979F-9C9D1AF80504}: NameServer = 64.71.255.198O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeO23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7247 bytes================== Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2010 Staff ID:319594 Share Posted September 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts