Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Computer is acting strange

  1. #11
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    Here's the log

  2. #12
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Any of the other logs we might make please go ahead and cut and paste them into your replies rather than attaching them please. It makes it much easier to review the logs that way. Thank you.

    P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.
    ----------

    Please download JavaRa to your desktop and unzip it to its own
    folder
    • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
      click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
      Java Runtime Environment (JRE) version for your computer.

    ----------

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Push Finish

    http://www.eset.com/onlinescan/
    ----------

    In your next reply please post the logs created by Malwarebytes and ESET Online Scanner.

  3. #13
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    When I tried to install the latest version of JRE I got an error message; Internal Error 2753. regutils.dll

  4. #14
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi Araknid!

    For now don't worry about updating Java. We can come back to that later. It is no problem.

    Please go ahead and run Malwarebytes and the ESET online scan like I asked before and then post the logs created.

  5. #15
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6633

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/21/2011 3:13:48 AM
    mbam-log-2011-05-21 (03-13-48).txt

    Scan type: Quick scan
    Objects scanned: 137442
    Time elapsed: 3 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ____________________________________________________________
    ESET : No found threats.

  6. #16
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    I guess it was acting strange for no reason :S

  7. #17
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    You have an older version of Adobe Reader. You can download the current version HERE
    ----------

    To fix Java please do the following:

    If you are able, uninstall all previous versions of Java in add/remove programs in your control panel.
    Next, you may download the current version of Java here: http://java.com/en/download/manual.jsp
    I recommend that you use the offline installer version.

    Please download and run this automated tool to fix the Java MSI problem on all versions of windows: JavaMSIFix
    ----------

    Now if you would please run another DDS scan and post that in your next reply.

  8. #18
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Aaron at 2:17:02.59 on Sun 05/22/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.366 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\Aaron\My Documents\Downloads\dds(1).scr
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {F9A2A8D7-6BD0-4AA3-9882-889B95A8B74A} = 8.8.8.8,8.8.4.4
    TCP: {FE9F6D91-2DCB-44E7-A1D8-F2397800F99D} = 8.8.8.8,8.8.4.4
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\aaron\applic~1\mozilla\firefox\profiles\cp50h5s6.default\
    FF - plugin: c:\documents and settings\aaron\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\aaron\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\aaron\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\byond\bin\npbyond.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
    S3 apf001;apf001;c:\program files\softnyxgame\gunboundis\apf001.sys [2011-1-16 10872]
    S3 cpuz132;cpuz132;\??\c:\docume~1\aaron\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\aaron\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
    S4 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    .
    =============== Created Last 30 ================
    .
    2011-05-21 10:15:27 -------- d-----w- c:\program files\ESET
    2011-05-21 10:09:05 -------- d-----w- c:\docume~1\aaron\applic~1\Malwarebytes
    2011-05-21 10:08:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-21 10:08:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-05-21 10:08:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-21 10:08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 02:52:00 -------- d-sha-r- C:\cmdcons
    2011-05-19 02:46:46 98816 ----a-w- c:\windows\sed.exe
    2011-05-19 02:46:46 89088 ----a-w- c:\windows\MBR.exe
    2011-05-19 02:46:46 256512 ----a-w- c:\windows\PEV.exe
    2011-05-19 02:46:46 161792 ----a-w- c:\windows\SWREG.exe
    2011-05-15 12:45:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-09 01:20:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\LAG
    2011-05-09 01:20:28 -------- d-----w- c:\docume~1\aaron\locals~1\applic~1\LAG
    2011-05-09 01:19:25 -------- d-----w- c:\windows\system32\AGEIA
    2011-05-08 07:52:55 -------- d-----w- c:\program files\NCH Swift Sound
    2011-05-08 07:43:49 -------- d-----w- c:\windows\system32\XPSViewer
    2011-05-08 07:43:10 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-05-08 07:42:40 14048 ------w- c:\windows\system32\spmsg2.dll
    2011-04-30 23:56:31 -------- d-----w- c:\program files\Diablo II
    2011-04-30 22:42:50 -------- d-----w- c:\program files\D2-1.12A-enUS
    2011-04-30 22:24:53 -------- d-----w- c:\program files\D2LOD-1.12A-enUS
    2011-04-30 21:24:02 -------- d-----w- c:\docume~1\aaron\locals~1\applic~1\Blizzard Entertainment
    2011-04-30 18:49:08 -------- d-----w- c:\program files\World of Warcraft
    2011-04-30 11:38:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
    2011-04-30 11:37:37 -------- d-----w- c:\program files\World of Warcraft Installer
    2011-04-22 10:00:21 -------- d-----w- C:\9b588f0685db3592be05072b
    .
    ==================== Find3M ====================
    .
    2011-05-22 09:06:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-22 09:06:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-07 02:28:02 254464 --sh--w- C:\gf.bin
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-27 16:53:52 247296 ----a-w- C:\ToDel
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 2:18:08.25 ===============

  9. #19
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      c:\ToDel /s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    ----------

    I have found something of interest that I would like you to submit to an online virus scan. Please visit the site located Here and submit C:\gf.bin.

    Follow steps one and two as shown below

    Let the scan proceed and let me know what the results are about this file.

    In your next reply please post the log created by SystemLook and VirusTotal.

  10. #20
    Member
    Join Date
    Jun 2007
    Posts
    51

    Default

    SystemLook 04.09.10 by jpshortstuff
    Log created at 13:37 on 22/05/2011 by Aaron
    Administrator - Elevation successful

    ========== dir ==========

    c:\ToDel - Unable to find folder.

    -= EOF =-
    _________________________________________________



    I was also unable to find gf.bin in C:\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •