Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page computer lockup
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-19-2009, 03:37 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


computer lockup
my computer locks up and i am pretty much unable to do anything for a couple of minutes. then it returns back to normal. I also notice my cpu usage shoots up from 1-10% to 80-100% dont know if that has anything to do with it since i dont know that much about computers. I also have random pop ups every once and a while.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Vincent Mendoza at 0:47:15.13 on Tue 05/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090518-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vincent Mendoza\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.masteringphysics.com/site
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] atiptaxx.exe
mRun: [bascstray] BascsTray.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\vincen~1\startm~1\programs\startup\multires.lnk - c:\program files\multires\MultiRes.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1067411164482
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vincen~1\applic~1\mozilla\firefox\profiles\31cuwskn.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.csus.edu/portal/render.userLayoutRootNode.uP

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-14 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-31 24652]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-14 352920]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-10-14 254040]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;c:\windows\system32\drivers\csco21.sys [2003-10-28 344832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

=============== Created Last 30 ================

2009-05-17 17:57 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-17 04:28 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-05-17 04:27 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-17 04:27 575,488 -c------ c:\windows\system32\xpsshhdr.dll
2009-05-17 04:27 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-17 04:27 117,760 -c------ c:\windows\system32\prntvpt.dll
2009-05-17 04:27 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-17 04:27 <DIR> -cd----- C:\7e8e9bbc5dfbe73e411d13e69048d3
2009-05-17 04:27 1,676,288 -c------ c:\windows\system32\xpssvcs.dll
2009-05-17 04:27 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-12 17:03 5,174 ac------ c:\windows\system32\nppt9x.vxd
2009-05-12 17:03 4,682 ac------ c:\windows\system32\npptNT2.sys
2009-05-06 10:00 <DIR> -cd----- c:\windows\system32\KB905474
2009-05-04 14:23 <DIR> -cd----- c:\program files\SystemRequirementsLab
2009-04-30 00:47 <DIR> -cd----- C:\ijji
2009-04-24 10:40 <DIR> -cd----- c:\program files\iPod
2009-04-24 10:40 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-24 10:38 <DIR> -cd----- c:\program files\Bonjour
2009-04-24 10:37 1,900,544 ac------ c:\windows\system32\usbaaplrc.dll
2009-04-24 10:37 36,864 ac------ c:\windows\system32\drivers\usbaapl.sys
2009-04-21 16:27 <DIR> -cd----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-09 05:19 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 ac------ c:\windows\system32\pdh.dll
2009-02-20 01:10 666,112 ac------ c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 ac------ c:\windows\system32\ieencode.dll
2007-10-01 10:41 25,600 ac------ c:\documents and settings\vincent mendoza\usbsermptxp.sys
2007-10-01 10:41 22,768 ac------ c:\documents and settings\vincent mendoza\usbsermpt.sys
2008-05-03 23:51 80 -c-shr-- c:\windows\system32\62E932F6B2.dll

============= FINISH: 0:47:51.75 ===============
Attached Files
File Type: zip attach.zip (3.2 KB, 6 views)
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-24-2009, 11:21 AM   #2 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


Re: computer lockup
"bump"
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-30-2009, 01:10 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,023
OS: WinXP and Vista


Re: computer lockup
Hello marasamune,

If you still require assistance, please run a new scan with dds, post the fresh dds.txt , and we'll get started.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-01-2009, 11:25 AM   #4 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


Re: computer lockup
DDS (Ver_09-05-14.01) - NTFSx86
Run by Vincent Mendoza at 10:22:27.54 on Mon 06/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.639 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090531-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Vincent Mendoza\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] atiptaxx.exe
mRun: [bascstray] BascsTray.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\vincen~1\startm~1\programs\startup\multires.lnk - c:\program files\multires\MultiRes.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1067411164482
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vincen~1\applic~1\mozilla\firefox\profiles\31cuwskn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-14 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-31 24652]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-14 352920]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-10-14 254040]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;c:\windows\system32\drivers\csco21.sys [2003-10-28 344832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

=============== Created Last 30 ================

2009-06-01 00:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-17 17:57 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-17 04:28 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-05-17 04:27 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-17 04:27 575,488 -c------ c:\windows\system32\xpsshhdr.dll
2009-05-17 04:27 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-17 04:27 117,760 -c------ c:\windows\system32\prntvpt.dll
2009-05-17 04:27 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-17 04:27 1,676,288 -c------ c:\windows\system32\xpssvcs.dll
2009-05-17 04:27 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-17 04:27 <DIR> --d----- C:\7e8e9bbc5dfbe73e411d13e69048d3
2009-05-12 17:03 5,174 ac------ c:\windows\system32\nppt9x.vxd
2009-05-12 17:03 4,682 ac------ c:\windows\system32\npptNT2.sys
2009-05-06 10:00 <DIR> -cd----- c:\windows\system32\KB905474

==================== Find3M ====================

2009-03-26 15:23 1,900,544 ac------ c:\windows\system32\usbaaplrc.dll
2009-03-09 05:19 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 ac------ c:\windows\system32\pdh.dll
2007-10-01 10:41 25,600 ac------ c:\documents and settings\vincent mendoza\usbsermptxp.sys
2007-10-01 10:41 22,768 ac------ c:\documents and settings\vincent mendoza\usbsermpt.sys
2008-05-03 23:51 80 -c-shr-- c:\windows\system32\62E932F6B2.dll

============= FINISH: 10:22:49.28 ===============


here you go and thank you for the help.
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-01-2009, 09:37 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,023
OS: WinXP and Vista


Re: computer lockup
Thanks. I'm not seeing any malware here. Given the CPU spikes, an online scan would likely take all night. I'd like you to use this stand alone scanner, and run it in Safe Mode.

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean anything, I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

======================================

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.


--------------------------------------------------------------------


Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar, Go to Options>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-02-2009, 06:13 PM   #6 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


Re: computer lockup
well here is the report.

ropuvwym.dll;C:\Deckard\System Scanner\20080123193452\backup\DOCUME~1\VINCEN~1\LOCALS~1\Temp;Trojan.Click.4739;;
DWMRCW.msi/stream000\DWRCS.exe;F:\Victor's Computer\C_Drive\Temp\DWMRCW.msi/stream000;Program.RemoteAdmin.origin;;
DWMRCW.msi/stream000\DWRCCnvt.exe;F:\Victor's Computer\C_Drive\Temp\DWMRCW.msi/stream000;Program.RemoteAdmin;;
stream000;F:\Victor's Computer\C_Drive\Temp;Archive contains infected objects;;
DWMRCW.msi;F:\Victor's Computer\C_Drive\Temp;Archive contains infected objects;;
ipscan.exe;F:\Victor's Computer\C_Drive\Temp;Tool.AngryIpscan;;
AVRTv110.exe\Postie.exe;F:\Victor's Computer\C_Drive\Temp\utils\Avrt\AVRTv110.exe;Probably DLOADER.Trojan;;
AVRTv110.exe\PSExec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Avrt\AVRTv110.exe;Program.PsExec.142;;
AVRTv110.exe;F:\Victor's Computer\C_Drive\Temp\utils\Avrt;Archive contains infected objects;;
Postie.exe;F:\Victor's Computer\C_Drive\Temp\utils\Avrt;Probably DLOADER.Trojan;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Avrt;Program.PsExec.142;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\reboot;Program.PsExec.131;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Reg;Program.PsExec.131;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Superdat;Program.PsExec.131;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\SYSconnect;Program.PsExec.131;;
postie.exe;F:\Victor's Computer\C_Drive\Temp\utils\Tmart;Probably DLOADER.Trojan;;
psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Tmart;Program.PsExec.140;;
TMArt_v0.08a.exe\psexec.exe;F:\Victor's Computer\C_Drive\Temp\utils\Tmart\TMArt_v0.08a.exe;Program.PsExec.140;;
TMArt_v0.08a.exe\postie.exe;F:\Victor's Computer\C_Drive\Temp\utils\Tmart\TMArt_v0.08a.exe;Probably DLOADER.Trojan;;
TMArt_v0.08a.exe;F:\Victor's Computer\C_Drive\Temp\utils\Tmart;Archive contains infected objects;;
TMA_371v2.EXE\REGDEL.EXE;F:\Victor's Computer\C_Drive\Temp\utils\Tmart\TMA_371v2.EXE;Win32.HLLC.Winatch;;
TMA_371v2.EXE;F:\Victor's Computer\C_Drive\Temp\utils\Tmart;Archive contains infected objects;;
TMA_371v2.EXE\REGDEL.EXE;F:\Victor's Computer\C_Drive\Temp\utils\Tmart\tma_371v2\install\TMA_371v2.EXE;Win32.HLLC.Winatch;;
TMA_371v2.EXE;F:\Victor's Computer\C_Drive\Temp\utils\Tmart\tma_371v2\install;Archive contains infected objects;;
NACFG.vbs;F:\Victor's Computer\D112192a\Desktop;Probably SCRIPT.Virus;;
pskill.exe;F:\Victor's Computer\kvavlm2\Desktop\tools;Tool.Prockill;;
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-02-2009, 08:27 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,023
OS: WinXP and Vista


Re: computer lockup
What are those programs that are being reported?

Tmart
Avrt
And do you know what this is - NACFG.vbs


===================================

Delete this folder:

C:\Deckard
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-03-2009, 12:38 PM   #8 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


Re: computer lockup
honestly i dont know what those are.
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-03-2009, 11:46 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,023
OS: WinXP and Vista


Re: computer lockup
If you don't know what they are, then I recommend deleting them, although with them located on your F: drive, it should not be causing cpu spikes.

As I'm not seeing any malware in any of these logs, it appears to be OS related and you would be better served discussing these issues in the Windows XP Support section of this forum.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-04-2009, 05:23 AM   #10 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 29
OS: xp service pack 2


Re: computer lockup
Ok good no virus/malware/spyware time to move onto the other forum. Thanks Ried for your help
marasamune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:53 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85