Help, a file causes freezing (could it be a virus?)

Question

bear38 0 Light Poster

13 Years Ago

About a week ago, my laptop just froze completely. Reboot successfully but froze again after a minute or so during startup (desktop screen). But whenever I click at the taskbar for connecting to WLAN or volume control it would freeze right away. Tried again many times and the same thing happened.
Tried safe boot, everything is okay, did AVG virus scan nothing was detected, so I thought it's one of the start up programs or services. Tried turning them off and manually enable them one by one, still the same actually, but somehow after a few tries the freezing didn't occur anymore... until 3 days ago.

It froze again, exactly the same problem. Tried system restore, it still froze during start up. I thought maybe this is due to fragmented files (because I had cleaned the registry with CCleaner). I used Auslogics Disk Defragmenter in Safe Mode. It froze at a certain point during defragmentation but after a Normal boot, it did not freeze anymore during start up. So I tried to complete the defragmenting, and it froze at a certain point. Restarted the computer, tried again, and it froze at the same file: C:\Windows\tracing\IpHlpSvc.OLD

I don't know about that file, but I thought maybe that's a malicious file or something. Maybe it's safe to delete also since it's a .OLD file. So I deleted it (sent to the recycle bin). However, the recycle bin was still empty. And the button 'Empty Recycle Bin' couldn't be clicked. Then I tried scanning the Recycle Bin with AVG and it froze. Tried disk defragmenting again, and it always froze at C:\$Recycle.Bin\S-1-5-21-13732829...\$$R7MC9UP.OLD. So it seems that whenever this file is detected, the system will freeze.

Downloaded and updated Malwarebytes' Anti-Malware. Performed the scan and while scanning C:\Windows\system32\vdmbg.dll the MAM was not responding and had to close the program (but it didn't freeze). Tried again in Safe Mode and it stopped responding at C:\Windows\system32\vdmredir.dll

Tried Safe Mode AVG command line scan, and the system froze at a certain file (it was C:\xxxxxxxxxxxxxxxxxxxxxxxxxxx; x=some numbers)

I have HiJackThis installed. Please help me guys, I almost thought this is a hardware failure (because the harddisk activity light just went off when it freezes), but since I found that .OLD file it seems that it is a virus or something. And the problem now is I can't detect it, can't do anything to it. Your response is very much appreciated.

Regards

windows-virus

2 Contributors
35 Replies
591 Views
1 Week Discussion Span
Latest Post 13 Years Ago Latest Post by crunchie

All 35 Replies

crunchie 990 Most Valuable Poster

13 Years Ago

According to the info I found, the T7300 cpu is good to 100C temperatures.
In OCCT you should be able to go into the settings and adjust the max temp warning. Change it to 90C and save the setting. When done, go back and run OCCT again, but before you do, at the top right, under Test Type, change it to infinite.
Keep your eye on the temps and if it keeps climbing, stop the test and let me know.

For my liking, it is getting too hot. There may be something blocking the vents, or the fan is not working correctly.

crunchie 990 Most Valuable Poster

13 Years Ago

Now that that file has been removed, are you able to complete the scan now?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 1 · 2010-10-25T15:47:07+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

Read me before posting a request for assistance

bear38 0 Light Poster · Answer 2 · 2010-10-25T19:56:00+00:00

Hi,

Thanks for the response. I'm sorry for my ignorance.
The Malwarebytes' Anti-Malware stopped responding again. So there's no log for it.

Here's the GMEROne log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-25 19:22:48
Windows 6.0.6002 Service Pack 2
Running: l68ym0oo.exe; Driver: C:\Users\Teddy\AppData\Local\Temp\fglcipob.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852121F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82B56D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 852121F8
Device \Driver\atapi \Device\Ide\IdePort1 852121F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82B56D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs 852131F8

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----

Here's GMERTwo log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-25 19:22:48
Windows 6.0.6002 Service Pack 2
Running: l68ym0oo.exe; Driver: C:\Users\Teddy\AppData\Local\Temp\fglcipob.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852121F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82B56D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 852121F8
Device \Driver\atapi \Device\Ide\IdePort1 852121F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82B56D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs 852131F8

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----

Here's the DDS log:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Teddy at 20:44:47.80 on 25/10/2010 Mon
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Teddy\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll/206
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\c4ga0obx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\c4ga0obx.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-2 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-4 243024]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

=============== Created Last 30 ================

2010-10-24 18:56:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 18:56:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 18:56:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-24 16:26:43 -------- d-----w- c:\users\teddy\appdata\local\Temp
2010-10-23 16:54:57 -------- d-----w- c:\users\teddy\appdata\local\temp(18)
2010-10-16 05:20:04 -------- d-----w- c:\program files\BMW M3 Challenge
2010-10-13 19:47:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 19:47:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 19:47:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 19:47:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 19:47:44 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 19:38:01 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 19:38:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 19:04:24 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 19:04:24 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 11:52:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 11:04:03 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 10:57:59 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 10:57:59 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 10:57:18 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 10:36:53 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 10:35:36 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 10:34:41 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-11 15:59:10 -------- d-----w- c:\users\teddy\appdata\local\Windows Live
2010-10-07 04:06:00 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-10-07 04:05:59 140864 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-10-07 04:05:54 -------- d-----w- c:\program files\Real Alternative
2010-10-05 11:59:33 -------- d-----w- c:\program files\CCleaner
2010-10-05 11:06:58 -------- d-----w- c:\program files\Chily Registry Cleaner
2010-09-30 05:38:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 08:34:50 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-09-22 17:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 21:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 21:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-05 07:27:41 2007040 ----a-w- c:\windows\system32\UC0087.scr
2010-07-30 14:32:55 7933952 ----a-w- c:\windows\system32\CC2345.scr
2010-07-30 13:02:11 13918208 ----a-w- c:\windows\system32\AC0195.scr
2010-07-30 13:02:06 1220608 ----a-w- c:\windows\system32\UC0153.scr
2010-07-29 07:51:44 4562944 ----a-w- c:\windows\system32\FC0060.scr
2010-07-29 07:51:43 749568 ----a-w- c:\windows\system32\UC0123.scr
2010-07-29 07:34:23 3809280 ----a-w- c:\windows\system32\UC0093.scr
2010-07-29 07:34:22 10977280 ----a-w- c:\windows\system32\UC0083.scr
2010-07-29 07:34:21 7741440 ----a-w- c:\windows\system32\UC0079.scr

============= FINISH: 20:47:02.71 ===============

And here's the DDS Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 1600/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 6.05 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 2.452 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1159: 17/10/2010 9:37:12 AM - Scheduled Checkpoint
RP1160: 18/10/2010 1:51:35 AM - Scheduled Checkpoint
RP1161: 19/10/2010 3:27:51 AM - Scheduled Checkpoint
RP1162: 21/10/2010 12:42:43 PM - Scheduled Checkpoint

==== Installed Programs ======================

ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AusLogics Disk Defrag
AVG Free 9.0
BitComet 1.23
BMW M3 Challenge
Bonjour
Canon G.726 WMP-Decoder
Canon MP Navigator 3.1
Canon MP140 series
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
DFX for Windows Media Player
ESU for Microsoft Vista
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0607
HDAUDIO Soft Data Fax Modem with SmartCP
Hell's Kitchen
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP User Guides 0060
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 6.4.0 (Standard)
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Phone Tools
Mozilla Firefox (3.6.11)
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Patapon 2
PSP ISO Compressor
PSSWCORE
QuickTime
RadLight MPC DirectShow Filter (remove only)
Real Alternative 2.0.2
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Stellarium 0.10.2
Touch Pad Driver
Ultra Flash Video FLV Converter 5.3.0402
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vodafone Mobile Connect Lite
VOS
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

25/10/2010 5:01:15 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
25/10/2010 5:01:15 PM, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
25/10/2010 12:52:16 AM, Error: EventLog [6008] - The previous system shutdown at 0:49:19 on 2010/10/25 was unexpected.
25/10/2010 12:02:31 AM, Error: EventLog [6008] - The previous system shutdown at 23:57:46 on 2010/10/24 was unexpected.
25/10/2010 10:58:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25/10/2010 10:57:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2010 10:57:52 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2010 10:57:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/10/2010 10:57:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/10/2010 10:57:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
25/10/2010 10:57:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/10/2010 10:57:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/10/2010 10:56:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:54:41 on 2010/10/25 was unexpected.
25/10/2010 10:50:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:14:20 on 2010/10/25 was unexpected.
25/10/2010 1:54:44 PM, Error: EventLog [6008] - The previous system shutdown at 11:40:03 on 2010/10/25 was unexpected.
24/10/2010 9:54:21 PM, Error: EventLog [6008] - The previous system shutdown at 21:36:06 on 2010/10/24 was unexpected.
24/10/2010 9:32:12 PM, Error: EventLog [6008] - The previous system shutdown at 21:26:30 on 2010/10/24 was unexpected.
24/10/2010 9:22:35 PM, Error: EventLog [6008] - The previous system shutdown at 21:19:12 on 2010/10/24 was unexpected.
24/10/2010 9:13:31 PM, Error: EventLog [6008] - The previous system shutdown at 0:01:54 on 2010/10/24 was unexpected.
24/10/2010 11:49:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/10/2010 11:48:21 PM, Error: EventLog [6008] - The previous system shutdown at 23:44:11 on 2010/10/24 was unexpected.
24/10/2010 11:42:42 PM, Error: EventLog [6008] - The previous system shutdown at 23:40:30 on 2010/10/24 was unexpected.
24/10/2010 11:36:01 PM, Error: EventLog [6008] - The previous system shutdown at 23:32:18 on 2010/10/24 was unexpected.
24/10/2010 11:24:48 PM, Error: EventLog [6008] - The previous system shutdown at 23:14:13 on 2010/10/24 was unexpected.
24/10/2010 11:10:24 PM, Error: EventLog [6008] - The previous system shutdown at 22:48:50 on 2010/10/24 was unexpected.
23/10/2010 12:38:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:20:12 on 2010/10/23 was unexpected.
23/10/2010 12:16:21 PM, Error: EventLog [6008] - The previous system shutdown at 0:22:59 on 2010/10/23 was unexpected.
23/10/2010 12:14:52 AM, Error: EventLog [6008] - The previous system shutdown at 0:10:53 on 2010/10/23 was unexpected.
23/10/2010 11:41:53 PM, Error: EventLog [6008] - The previous system shutdown at 23:38:32 on 2010/10/23 was unexpected.
23/10/2010 11:32:08 PM, Error: EventLog [6008] - The previous system shutdown at 23:28:46 on 2010/10/23 was unexpected.
23/10/2010 11:22:26 PM, Error: EventLog [6008] - The previous system shutdown at 12:42:22 on 2010/10/23 was unexpected.
22/10/2010 5:59:14 PM, Error: EventLog [6008] - The previous system shutdown at 17:56:34 on 2010/10/22 was unexpected.
22/10/2010 5:52:47 PM, Error: EventLog [6008] - The previous system shutdown at 17:42:49 on 2010/10/22 was unexpected.
22/10/2010 5:37:57 PM, Error: EventLog [6008] - The previous system shutdown at 17:33:28 on 2010/10/22 was unexpected.
22/10/2010 5:30:37 PM, Error: EventLog [6008] - The previous system shutdown at 17:19:00 on 2010/10/22 was unexpected.
22/10/2010 5:15:16 PM, Error: EventLog [6008] - The previous system shutdown at 17:11:49 on 2010/10/22 was unexpected.
22/10/2010 12:13:49 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
22/10/2010 12:02:39 AM, Error: EventLog [6008] - The previous system shutdown at 23:34:01 on 2010/10/21 was unexpected.
22/10/2010 11:40:20 PM, Error: EventLog [6008] - The previous system shutdown at 23:08:38 on 2010/10/22 was unexpected.
22/10/2010 11:04:50 PM, Error: EventLog [6008] - The previous system shutdown at 23:02:19 on 2010/10/22 was unexpected.
22/10/2010 10:55:23 PM, Error: EventLog [6008] - The previous system shutdown at 22:52:26 on 2010/10/22 was unexpected.
22/10/2010 10:48:38 PM, Error: EventLog [6008] - The previous system shutdown at 22:46:20 on 2010/10/22 was unexpected.
22/10/2010 10:42:30 PM, Error: EventLog [6008] - The previous system shutdown at 22:39:44 on 2010/10/22 was unexpected.
22/10/2010 10:35:56 PM, Error: EventLog [6008] - The previous system shutdown at 19:11:10 on 2010/10/22 was unexpected.
21/10/2010 11:20:08 AM, Error: EventLog [6008] - The previous system shutdown at 11:18:36 on 2010/10/21 was unexpected.
18/10/2010 10:37:13 PM, Error: EventLog [6008] - The previous system shutdown at 15:17:53 on 2010/10/18 was unexpected.

==== End Of File ===========================

Thank you very much for looking into this.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2010-10-26T02:37:32+00:00

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

bear38 0 Light Poster · Answer 4 · 2010-10-26T14:47:14+00:00

While ComboFix was running and Completed_Stage_5 my electricity went off. Should I re-run the ComboFix or what's the next step?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2010-10-26T15:21:47+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

Re-run please.

bear38 0 Light Poster · Answer 6 · 2010-10-26T15:22:05+00:00

PS: It was local lights off, not because of the Combofix.

bear38 0 Light Poster · Answer 7 · 2010-10-26T15:47:27+00:00

While Combofix was creating the log, the system crashed (blue screen), so the log has not been created. Do I re-run CF?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2010-10-26T15:52:43+00:00

Try running in safe mode please. Also have a look in C:\qoobox for a combofix.txt file.

bear38 0 Light Poster · Answer 9 · 2010-10-26T17:24:03+00:00

Tried to run CF in safe mode. The harddisk seemed to have stopped (the indicator light just stopped totally, just like when the system freezes) at Completed Stage_2. Rebooted in safe mode, and ran the CF again. The exactly same thing happened. Switched the wireless tab to off (the physical switch in HP Compaq Presario laptop) and re-ran CF in safe mode again. Completed the scan. The log is saved to the desktop (log.txt). C:\qoobox contains Combofix2.txt which happened to be from the previous usage of Combofix last year (following instructions in this forum also, because of a virus problem). Here's the log.txt:

ComboFix 10-10-25.01 - Teddy 0/2010 Tue 17:54:45.4.2 - x86 MINIMAL
Running from: c:\users\Teddy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))
.

2010-10-26 11:02 . 2010-10-26 11:02 -------- d-----w- c:\users\Teddy\AppData\Local\temp
2010-10-26 11:02 . 2010-10-26 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-25 19:34 . 2010-10-25 19:34 -------- d-----w- c:\users\Teddy\AppData\Local\Adobe
2010-10-24 18:56 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 18:56 . 2010-10-24 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-24 18:56 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 17:48 . 2010-10-24 17:48 -------- d-----w- c:\users\Administrator
2010-10-16 05:20 . 2010-10-16 05:23 -------- d-----w- c:\program files\BMW M3 Challenge
2010-10-13 19:47 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 19:47 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 19:47 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 19:47 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 19:47 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 19:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 19:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 19:04 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 19:04 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 11:52 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 11:04 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 10:57 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 10:57 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 10:57 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 10:36 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 10:35 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 10:34 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-11 15:59 . 2010-10-25 20:02 -------- d-----w- c:\users\Teddy\AppData\Local\Windows Live
2010-10-07 04:06 . 2010-02-15 18:00 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-10-07 04:05 . 2010-02-15 18:00 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-10-07 04:05 . 2010-10-07 04:05 -------- d-----w- c:\program files\Real Alternative
2010-10-05 11:59 . 2010-10-05 11:59 -------- d-----w- c:\program files\CCleaner
2010-10-05 11:06 . 2010-10-05 11:36 -------- d-----w- c:\program files\Chily Registry Cleaner
2010-09-30 05:38 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 08:34 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 17:47 . 2010-09-22 17:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-08-17 14:11 . 2010-09-14 20:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 21:15 . 2010-08-09 21:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 21:15 . 2010-08-09 21:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-05 07:27 . 2010-08-05 07:27 2007040 ----a-w- c:\windows\system32\UC0087.scr
2010-07-30 14:32 . 2010-07-30 14:32 7933952 ----a-w- c:\windows\system32\CC2345.scr
2010-07-30 13:02 . 2010-07-30 13:02 13918208 ----a-w- c:\windows\system32\AC0195.scr
2010-07-30 13:02 . 2010-07-30 13:02 1220608 ----a-w- c:\windows\system32\UC0153.scr
2010-07-29 07:51 . 2010-07-29 07:51 4562944 ----a-w- c:\windows\system32\FC0060.scr
2010-07-29 07:51 . 2010-07-29 07:51 749568 ----a-w- c:\windows\system32\UC0123.scr
2010-07-29 07:34 . 2010-07-29 07:34 3809280 ----a-w- c:\windows\system32\UC0093.scr
2010-07-29 07:34 . 2010-07-29 07:32 10977280 ----a-w- c:\windows\system32\UC0083.scr
2010-07-29 07:34 . 2010-07-28 04:14 7741440 ----a-w- c:\windows\system32\UC0079.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Teddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk]
backup=c:\windows\pss\MediaRing Talk.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 17:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 04:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 07:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMCL]
2007-09-20 06:23 131072 ----a-w- c:\program files\Vodafone\VMCLite\DongleEnumerator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-24 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-24 243024]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-24 308136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-03-13 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\User_Feed_Synchronization-{FF3D8B9D-A567-477B-B85E-A156E47C90B1}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\c4ga0obx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\c4ga0obx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 18:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-26 18:06:38
ComboFix-quarantined-files.txt 2010-10-26 11:06
ComboFix2.txt 2009-07-06 15:54

Pre-Run: 6,183,768,064 bytes free
Post-Run: 6,070,435,840 bytes free

- - End Of File - - C63B84BEC96181F52679879D14152F94

Thanks a lot.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2010-10-26T18:23:21+00:00

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::


RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

bear38 0 Light Poster · Answer 11 · 2010-10-26T19:22:22+00:00

While CF was waiting for the report log to pop up, the computer froze. What should I do now?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2010-10-27T02:23:35+00:00

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

====

Do you know for sure that it is a file causing the freeze? Have you checked your hardware? Nothing overheating?

bear38 0 Light Poster · Answer 13 · 2010-10-27T16:37:07+00:00

Couldn't run ESET, and Kaspersky's update file would take too long for me (98MB). Now scanning with Panda ActiveScan, progress 26%, 1 infected file so far. Seems like it's gonna take a while to complete, it has been 1 hour 20 minutes.

I assume it's a file that's causing the freeze because when I ran Auslogics disk defragmenter it froze at IpHlpSvc.OLD (I thought the freeze was because my files were badly fragmented). I deleted it (not shift+delete) so it should be at the recycle bin, but there was nothing in my Recycle Bin, and the 'empty recycle bin' button couldn't be clicked. So I ran Auslogics again, and it froze at C:\$recycle.bin\...
So it seems that the deleted file is still in the recycle bin but I can't reach it manually.

Also, whenever I leave my laptop for several minutes (about 3-5 minutes) it will freeze by itself. However, if I keep using it, it won't freeze randomly.

bear38 0 Light Poster · Answer 14 · 2010-10-27T19:48:49+00:00

Argh in the middle of the scan the screen suddenly turns off as if it is hibernating, and of course, the harddisk just stopped also (this is the second attempt, the first one the system froze). This is so frustrating. However, before the second attempt, I did a quick scan with Panda also and here's the log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-27 18:09:23
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\teddy\appdata\roaming\microsoft\windows\cookies\teddy@atdmt[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Then I tried Auslogics disk defrag in safe mode. This time it managed to complete the defragmentation.

Crunchie, you mentioned about the possibility of hardware problem. How to check it? This laptop indeed gets pretty hot compared to my friends', but this has been happening for at least 2 years and there had not been any such freeze. But can overheating cause permanent damage to the harddisk over time? Because if not, then the problem should not be occurring anymore if I let it rest for a few days, should it?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2010-10-28T02:53:25+00:00

Overheating can certainly kill hardware. If you download a program called HWMonitor it will show you different temperatures on the pc. Check it out.

bear38 0 Light Poster · Answer 16 · 2010-10-28T12:30:33+00:00

It still freezes whenever it's left idle for several minutes. This is from HWMonitor:

Hardware monitor ACPI
Temperature 0 67ｰC (152ｰF) [0xD4A] (TZS0)
Temperature 1 69ｰC (156ｰF) [0xD5E] (TZS1)

Hardware monitor Intel Mobile Core 2 Duo T7300
Temperature 0 70ｰC (157ｰF) [0x1E] (Core #0)
Temperature 1 71ｰC (159ｰF) [0x1D] (Core #1)

Hardware monitor FUJITSU MHW2160BH PL
Temperature 2 56ｰC (132ｰF) [0x38] (Air Flow)

Does it indicate overheating?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 17 · 2010-10-28T12:53:33+00:00

Would be better to do a screen shot and attach it to your post.

Just try something for me. Download a tool called OCCT from here; http://majorgeeks.com/OCCT_d5612.html and then run it on the computer.
Have HWMonitor open at the same time, showing the relevant areas of temperature.
Run OCCT for about 10 minutes and then take a screenshot and save it to M$ paint.
Upload the screenie and I'll have a look.

Just to be sure, can you give me the make and model of the lappie?

bear38 0 Light Poster · Answer 18 · 2010-10-28T13:26:38+00:00

OCCT could only run for about 1 minute (the idle monitoring) and a few seconds (testing 95%+ CPU) because it says 'CPU too hot!'
From the graphs generated after the test, it showed that the temperature reached about 80 degrees Celcius when CPU was running towards 100%. So.. it's overheating?
The lappie is HP Compaq Presario V3000.

bear38 0 Light Poster · Answer 19 · 2010-10-28T14:01:30+00:00

It got to 90 degrees as well, so OCCT stopped the test. In addition, Malwarebytes' Anti-malware still stops responding (and had to close the program) while scanning C:\Windows\system32\vdsdyn.dll
Is it just MBAM malfunctioning or is that file malicious? The MBAM is up to date and I tried it more than once and the same thing kept happening.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 20 · 2010-10-28T14:23:14+00:00

Looks like that is a legitimate file.
I think you need to eliminate the overheating problem before we can even ascertain if there are any secondary problems.

One thing you could do is rename a file that MBA-M is hanging up on by adding old before the extension.
Make sure it is not a needed system file though or you may have trouble booting :).

bear38 0 Light Poster · Answer 21 · 2010-10-28T14:38:41+00:00

Err, I'm not sure whether this is a needed system file.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 22 · 2010-10-28T15:46:50+00:00

It is, but it should not prevent the pc from booting. When you get to it, rename it as such:
C:\Windows\system32\vdsdynold.dll

Then reboot and try and scan again.

bear38 0 Light Poster · Answer 23 · 2010-10-28T23:58:14+00:00

bear38 0 Light Poster

13 Years Ago

I can't rename it..

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 24 · 2010-10-29T15:54:35+00:00

Download Avenger by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator privileges.

[*]Open the Avenger folder and double click Avenger.exe to launch the programme.
[*]Copy the text in the code box below and Paste it into the Input script here: box.

Files to replace with dummy:
C:\Windows\system32\vdsdyn.dll

Note: the above code was created specifically for this user. If you are not this user, do

NOT follow these directions as they could damage the workings of your system.

[*]Ensure the following:

Scan for Rootkits is checked.
Automatically disable any rootkits found is Unchecked.

[*]Press the Execute key.
[*]Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
[*]Post the log back here please. (it can also be found at C:\avenger.txt)

bear38 0 Light Poster · Answer 25 · 2010-11-01T14:16:32+00:00

I can't even reach the desktop now. At the user account screen (input password ) it just freezes. I can still load in safe mode but is there anything I can do in safe mode? Arghh.. (I'm using my phone to post this)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 26 · 2010-11-01T14:26:22+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

Try doing the above in safe mode.

bear38 0 Light Poster · Answer 27 · 2010-11-04T17:49:31+00:00

Hi.. Here's the Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\vdsdyn.dll" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Help, a file causes freezing (could it be a virus?)

Recommended Answers Collapse Answers

All 35 Replies

Recommended Answers