i was asked to repost in this part of the forum,
i had already followed the new instructions so the logs are exact same.
Hi, i'am in need of a little help to make sure my pc is clean of any infections,
i have started to notice only today that my pc hangs at bootup and stays with a black screen
for a number of minutes which isn't normal for the system.
i also noticed that even the google chrome browser hangs for a few minutes
before actually loading the browser.
i have comodo firewall, spybot and super anti spyware installed and set up,
i did have malwarebytes installed and updated which found no threats.
scans with spybot and super anti spyware only find tracking cookies.
i have since removed a few of my installed programs including malwarebytes to reduce
the log size for anyone who takes the time to check the logs for me.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ally at 6:24:31 on 2012-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1534.977 [GMT 0:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348263985140
TCP: Interfaces\{458958E4-D16C-4696-B28B-9AEB4DBA3F94} : NameServer = 194.168.4.100,194.168.8.100
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-11-7 1990464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-21 1684736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-12 11:49:31 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-12 11:49:20 -------- d-----w- c:\program files\COMODO
2012-12-12 09:22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-12 09:22:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-12-12 08:50:29 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-12-08 17:12:09 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-08 17:12:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-08 17:12:07 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-12-08 17:12:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-12-08 17:12:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-08 17:12:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-12-08 17:12:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-08 17:12:01 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-12-03 20:17:29 -------- d--h--w- c:\windows\PIF
2012-12-03 00:56:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-03 00:56:49 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-12-11 21:24:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:24:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-17 03:58:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-17 03:58:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38:18 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38:16 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38:14 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37:36 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 00:48:16 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15:50 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:15:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39:31 385024 ----a-w- c:\windows\system32\html.iec
2012-10-23 01:09:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 22:49:38 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-09-21 00:29:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-09-20 23:50:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-20 23:50:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-20 23:50:55 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
============= FINISH: 6:25:32.42 ===============
i had already followed the new instructions so the logs are exact same.
Hi, i'am in need of a little help to make sure my pc is clean of any infections,
i have started to notice only today that my pc hangs at bootup and stays with a black screen
for a number of minutes which isn't normal for the system.
i also noticed that even the google chrome browser hangs for a few minutes
before actually loading the browser.
i have comodo firewall, spybot and super anti spyware installed and set up,
i did have malwarebytes installed and updated which found no threats.
scans with spybot and super anti spyware only find tracking cookies.
i have since removed a few of my installed programs including malwarebytes to reduce
the log size for anyone who takes the time to check the logs for me.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ally at 6:24:31 on 2012-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1534.977 [GMT 0:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348263985140
TCP: Interfaces\{458958E4-D16C-4696-B28B-9AEB4DBA3F94} : NameServer = 194.168.4.100,194.168.8.100
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-11-7 1990464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-21 1684736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-12 11:49:31 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-12 11:49:20 -------- d-----w- c:\program files\COMODO
2012-12-12 09:22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-12 09:22:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-12-12 08:50:29 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-12-08 17:12:09 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-08 17:12:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-08 17:12:07 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-12-08 17:12:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-12-08 17:12:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-08 17:12:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-12-08 17:12:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-08 17:12:01 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-12-03 20:17:29 -------- d--h--w- c:\windows\PIF
2012-12-03 00:56:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-03 00:56:49 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-12-11 21:24:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:24:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-17 03:58:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-17 03:58:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38:18 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38:16 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38:14 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37:36 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 00:48:16 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15:50 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:15:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39:31 385024 ----a-w- c:\windows\system32\html.iec
2012-10-23 01:09:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 22:49:38 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-09-21 00:29:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-09-20 23:50:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-20 23:50:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-20 23:50:55 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
============= FINISH: 6:25:32.42 ===============