Author Topic: Valdr's problem. (Read 12875 times)

SuperDave · « **on:** April 17, 2010, 04:39:09 PM »

I started this thread for Valdr who couldn't, for some unknown reason, start his own.

Valdr · « **Reply #1 on:** April 17, 2010, 04:53:45 PM »

Thank you superdave

Valdr · « **Reply #2 on:** April 17, 2010, 04:55:00 PM »

Okay this is really strange. It seems to be doing the same thing 'the connection to the server was reset while the page was loading' whenever I attempt to post what i had written before. however I was able to post 'thank you superdave.'

Valdr · « **Reply #3 on:** April 17, 2010, 04:55:41 PM »

Hi guys, I'm having some trouble again.

I woke up in the middle of the night to an avira virus detected beep. I woke up and ran a scan it found many files named with some variation of: OLD54BG.dll OLDJE43.dll (OLD****.dll). in my C:\windows\system 32\drivers folder.
I unplugged my internet and ran a scan with avira. It removed it.
I ran cc cleaner.
I ran super anti-spyware. it was clean.
I mbam.
at this point i laid back down waiting for the scan to finish, I fell asleep and in the morning found avira dected somthing and stoped Mbam. I clicked ignore so that mbam would keep scanning. avira poped up again. this went on everytime I told avira what to do. I disabled avira and finished the Mbam scan. it found several things but not the OLD****.dll files. I re-enabled avira and scanned and found all the OLD****.dll files (2,600 of them or so). I then told Mbam and Avira to remove the detections.
I restarted.

I ran avira. clean
I ran super anti spyware. clean
I ran Mbam. clean.

I figured my computer was fine at this point and I opened up firefox to browse the internet. I began to get random new tab popups.

I ran avira. clean
cc cleaner.
SaS. clean
Mbam. clean.
I made sure my JRE was up to date.
I then ran HJT. i'm not too good at reading these so i'm not sure if it is clean. Here is my log:

Valdr · « **Reply #4 on:** April 17, 2010, 04:56:28 PM »

Okay it seems to be the HJT log that I had attached, it allowed me to post when I took that out.

SuperDave · « **Reply #5 on:** April 17, 2010, 05:24:12 PM »

Don't attach the logs. Copy and paste them.

Valdr · « **Reply #6 on:** April 17, 2010, 05:25:59 PM »

the same thing happens

Valdr · « **Reply #7 on:** April 17, 2010, 05:28:45 PM »

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:34:03 PM, on 4/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\V0410Mon.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe

Valdr · « **Reply #8 on:** April 17, 2010, 05:29:12 PM »

C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM Lite\aimlite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TrendMicro\HiJackThis\sniper.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [linksysDiag] C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hw
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [V0410Mon.exe] C:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Valdr · « **Reply #9 on:** April 17, 2010, 05:30:00 PM »

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

Valdr · « **Reply #10 on:** April 17, 2010, 05:31:16 PM »

It will not allow me to post part of the HJT log that exists right here.

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5546 bytes

Valdr · « **Reply #11 on:** April 17, 2010, 05:32:41 PM »

Okay. I started posting bits and peices till i found what part it wouldn't let me post. I had to take it out and I made note of it. It seems really strange but my guess is this is whatever is causing the problem. I will tr y to split up the lines and see if I can post it

Valdr · « **Reply #12 on:** April 17, 2010, 05:33:19 PM »

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

Valdr · « **Reply #13 on:** April 17, 2010, 05:34:17 PM »

(WUWebControl Class) - http://update

Valdr · « **Reply #14 on:** April 17, 2010, 05:34:43 PM »

.microsoft.com/

Valdr · « **Reply #15 on:** April 17, 2010, 05:35:22 PM »

windowsup

Valdr · « **Reply #16 on:** April 17, 2010, 05:35:39 PM »

date/v6/V5Controls/en/x86/client/wuweb_site.cab?1263093828140

Valdr · « **Reply #17 on:** April 17, 2010, 05:35:59 PM »

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265594445281

Valdr · « **Reply #18 on:** April 19, 2010, 09:40:53 AM »

... I know you guys don't like this but... bump. any idea whats going on? I still can't post that from my hjt in one post. i'm still getting a random new tab popup in firefox.

somthing new to add: there are a few files that ll my av/sas/Mbam scans seems to hangup on for quite some time, almost like they are huge files to scan; but they never hung up like this before recently.

scans still all come up negative.

SuperDave · « **Reply #19 on:** April 19, 2010, 11:14:10 AM »

Do you get any messages from this site's administration? The key to helping you is to get lots of scans and logs but it's impossible until we get this posting thing sorted out.

Computer Hope Forum

News:

Author Topic: Valdr's problem. (Read 12875 times)

SuperDave

Valdr

Valdr

Valdr

Valdr

SuperDave

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

Valdr

SuperDave