Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Random freezes/resets

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Random freezes/resets

Unread postby Devlosirrus » May 19th, 2006, 5:00 pm

Hey, guys. I'm new to forum, and signed up because I've used threads and fixes from the forum before to fix my computer problems. However, this time I can't figure it out on my own.

For the past few months, I've been getting random freezes--and the very occasional reboot--while using my computer. Nothing seems to be triggering it; it happens during games, on the internet, playing music, or even sitting idly. The computer simply stops responding completely. I've run Ewido, Smitrem, AVG and AdAware multiple times, but the problem persists. I even reformatted the drive I run Windows from, but aside from some performance boosts, I'm still getting the same problem.

Here's a HighjackThis log I took after scanning with Smitrem, Ewido and AdAware. If any of you guys have any ideas, I'd certainly appreciate the help.

Scan saved at 4:46:46 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Devon Morrison\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Thanks a lot, fellas.
Devlosirrus
Active Member
 
Posts: 1
Joined: May 19th, 2006, 12:46 pm
Top
Advertisement
Register to Remove

Unread postby Dorian » May 20th, 2006, 4:45 pm

Hi and welcome to the forums, your log which you have submitted here is now in the process of being analyzed, some logs take longer than others depending on the type of infection. As I am currently at undergrad status all my post are verified before final posting so this may also cause a short delay in the final post. Please be patient and I will get back to you as soon as I can

While you are wating for your reply please note...

Do not try and fix any entries that you see yourself (even if they do seem very obvious) If you do so the fix may not work as it should, leaving you open to possible immediate re-infection.

Do not disable your system restore - an infected/corrupted system restore is better than none at all, if anything should go wrong during the fix and restore is turned off then you could well be looking at a full system format. If for any reason you have already disabled your system restore then please enable it again and reboot.

Please do not post in other forums while you are being helped here This is so the HJT helpers at other forums can get on with helping other users that are in need of attention.

If you are at anytime in doubt, or unsure of anything then please ask ! Dont be frightened - we wont bite.... :)

Many Thanks - Dorian - AkA Steve :)
User avatar
Dorian
Regular Member
 
Posts: 587
Joined: January 20th, 2006, 1:21 am
Location: Lost in the Milky Way
Top

Unread postby Dorian » May 20th, 2006, 5:34 pm

Hi there Devlosirrus

Before we go any further lets secure your computer to avoid any further risk of infection

First we will build up on your primary defences...
1... An anti virus package
2... A firewall

There are many antivirus products out there, and at first, with there being so many different products it may look confusuing to you, some are free products and others are fully licienced products. It is up to you which you go for. For free antivirus product I would be looking at either Avast Home edition or AVG Free edition. If you are going to be looking at fully licienced software then I would seriously consider either Nod32 or kaspersky Antivirus, both are excellent in their job of keeping viruses at bay.

Firewalls.... A firewall serves as a program that monitors ports, connections and programs, both incomming and outgoing from your computer. Windows does come with its own firewall but unfortunatly it only monitors traffic in one direction. As a result we advise that you install your own independant firewall. Two good firewalls you can choose from (both are free) are Sunbelt Kerio Firewall and also Zonealarm As with the above anti virus packages, both are excellent in their job.

Please note.... only ever install one anti virus product and one firewall, if you try running more than one antivirus on your computer they will conflct and cause problems with each other. Once you have these products installed and on board your computer the next thing is to update your anti virus, this will check for the latest virus definitions so that your anti virus can detect the latest viruses. One you have updated then you should run a full complete scan on your computer, this may take some time but it is highly advisable that you let this finish on its own accord.

The log you have submitted here looks visually free from any nasties
Can I ask have you disable anything (also in msconfig) or deleted any entries using HJT as this looks short for a standard log, also was this log generated in normal operating mode and not safe mode. IMHO I feel that this is more likley to be a hardware related problem - Possibly memory or a graphics card problem but I am more than happy to look deeper to confim this for you.

Before we go any further into the fix I want to ask about a couple of programs
--> bearshare and Viewpoint Manager
If these are the free versions then I would recommend that you uninstal them as they carry malware with them.

I want you to run exido which I see you already have installed
Open Ewido by clicking on the icon on your desktop (or open it from your start menu)
On the left hand side of the main screen click Update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
Now Close Ewido for the time being, do not scan just yet

Please re-start your computer in safe mode - You may want to print the rest of these instructions from here onwards
To do so, reboot your computer and repeatedly tap the F8 whilst your computer is booting up (just before the MS Windows flag screen appears) until a menu appears. Once you see the menu select the option to start the computer in safe mode. (It might take more than go to access the menu if you have not done this before, just simply reboot the machine again and repeat the steps)

Now click on the ewido icon on your desktop to start it (or locate the program from your start menu)

Click on Scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Now reboot your computer and allow it to start normally again

Now I would like you to run an online scan by KAV
Visit Kaspersky Anti-Virus Online scanner
Please use Microsoft Explorer for this scan
Click on the Kaspersky Online Scanner Button (The first button)
A new window will now open
Accept the agreement by clicking on the accept button at the bottom of the agreement page
It will now install an active x compenent into your browser
Once done it iwll automatically start downloading the virus definitions, once it has done click on the next button
Now click on Scan Settings
In the scan settings make that the following are selected:
--> Scan using the following Anti-Virus database:
--> Extended (If available otherwise Standard)
--> Scan Options:
--> Scan Archives
--> Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Now I would like you to generate an uninstall list log using HJT
Open up HJT - Select the fourth button - Open the misc tools section
Select the button on the left called open uninstall manager
Now click the button that says save list...
Save this to a secure location
Now you can close HJT again

Once you have all 3 logs in your posession post them back here as a reply to this post - do not start a new topic - thank you
User avatar
Dorian
Regular Member
 
Posts: 587
Joined: January 20th, 2006, 1:21 am
Location: Lost in the Milky Way
Top

Unread postby 'KotaGuy » May 30th, 2006, 4:39 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index