dr watsons?? internet keeping hanging

  1. 17-05-2007  #1
    dicez
    dicez is offline Junior Member

    Unhappy dr watsons?? internet keeping hanging

    really don't know wat happened to my com...

    keep on getting error from dr watsons and after that IE will hang for quite some time...

    can anyone help??

    this is my hijackthis log...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:36 PM, on 5/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\ACER\PSM.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Giganology\Gigaget\Gigaget.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Candice\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RegProt] c:\docume~1\candice\locals~1\temp\rar$ex04.765\reg prot.exe /start
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: ʹÓÃiTudouÏÂÔؽÚÄ¿ - C:\Program Files\iTudou\iTudou_Link.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/Xecure...XPayMPIOCX.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167855011390
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

  3. 18-05-2007  #2
    Neal
    Neal is offline Dedicated Member
    Welcome,

    Please create a folder on your desktop by right clicking on an empty area select new then folder and name folder HJT and move hijackthis.exe into this folder. Very important.


    Log looks ok let's check some other things just in case.




    1. Download this file - COMBOFIX
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  4. 18-05-2007  #3
    dicez
    dicez is offline Junior Member
    This is the combofix log..

    "Candice" - 2007-05-18 17:11:48 Service Pack 2
    ComboFix 07-05.17.6.V - Running from: "C:\Documents and Settings\Candice\Desktop\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


    2007-05-15 10:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    2007-05-15 10:33 <DIR> d-------- C:\Program Files\zhypermu
    2007-05-15 10:33 <DIR> d-------- C:\Program Files\The ZhyperMU Network
    2007-05-14 21:49 <DIR> d-------- C:\Program Files\Shockwave.com
    2007-05-14 14:59 <DIR> d-------- C:\Program Files\MonsterMU
    2007-05-14 08:23 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
    2007-05-14 08:21 <DIR> d-------- C:\Program Files\Microsoft Works
    2007-05-14 08:20 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-05-14 08:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-05-14 08:16 <DIR> dr-h----- C:\MSOCache
    2007-05-14 08:10 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-05-14 08:10 <DIR> d-------- C:\DOCUME~1\Jasper\APPLIC~1\U3
    2007-05-10 17:44 <DIR> d--h----- C:\WINDOWS\HUL
    2007-05-10 15:33 <DIR> d-------- C:\ijji
    2007-05-10 15:33 <DIR> d-------- C:\DOCUME~1\Jasper\APPLIC~1\InstallShield
    2007-04-30 22:22 <DIR> d--h----- C:\WINDOWS\PIF
    2007-04-30 22:19 <DIR> d-------- C:\Program Files\BitComet
    2007-04-30 16:50 <DIR> d-------- C:\DOCUME~1\Jasper\APPLIC~1\AdobeUM
    2007-04-28 15:10 <DIR> d-------- C:\Program Files\Softnyx
    2007-04-28 00:17 <DIR> d-------- C:\Program Files\DivX
    2007-04-24 13:21 <DIR> d--hs---- C:\FOUND.008
    2007-04-20 20:35 <DIR> d-------- C:\DOCUME~1\Candice\APPLIC~1\Skype
    2007-04-20 20:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-04-20 20:19 <DIR> d-------- C:\Program Files\Yahoo!
    2007-04-20 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


    2007-04-11 13:33:32 -------- d-----w C:\Program Files\FlashGet
    2007-04-10 1658 -------- d-----w C:\DOCUME~1\Candice\APPLIC~1\Help
    2007-03-30 23:13:28 -------- d-----w C:\Program Files\MSXML 4.0
    2007-03-29 17:12:44 -------- d-----w C:\DOCUME~1\Candice\APPLIC~1\TransRender
    2007-03-29 17:12:44 -------- d-----w C:\DOCUME~1\Candice\APPLIC~1\Temporary
    2007-03-29 17:12:44 -------- d-----w C:\DOCUME~1\Candice\APPLIC~1\ConvertTemp
    2007-03-29 17:03:52 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-03-08 05:06:00 -------- d-----w C:\DOCUME~1\Candice\APPLIC~1\Samsung
    2007-03-07 17:10:46 -------- d-----w C:\Program Files\Samsung
    2007-02-23 14:35:34 76,611 ----a-w C:\WINDOWS\War3Unin.dat
    2007-02-23 14:01:40 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2007-02-23 14:01:40 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]
    {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 14:08]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "MPS"="C:\ACER\PSM.EXE" [2004-03-04 10:53]
    "AGRSMMSG"="AGRSMMSG.exe" []
    "Alaunch"="C:\Windows\alaunch.exe" [2002-05-24 16:08]
    "EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I3V1.exe" [2004-06-01 02:26]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 05:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 05:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 05:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 05:00]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMan"="SOUNDMAN.EXE" []
    "AlcWzrd"="ALCWZRD.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-04-21 14:39]
    "ClubBox"="" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 02:48]
    "Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw. exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Authentication Packages msv1_0
    Security Packages kerberos msv1_0 schannel wdigest
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HTTPFilter HTTPFilter
    LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
    NetworkService DnsCache
    DcomLaunch DcomLaunch TermService
    rpcss RpcSs
    imgsvc StiSvc
    termsvcs TermService
    WudfServiceGroup WUDFSvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{8ee2be12-a9f0-11db-ab6d-001217a3f223}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    Shell\Open\command J:\Boot.exe e


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ************************************************** ******************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-18 17:14:15
    Windows 5.1.2600 Service Pack 2 FAT

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ************************************************** ******************

    Completion time: 2007-05-18 17:15:54 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-18 17:15


    --- E O F ---
  5. 18-05-2007  #4
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    There is not anything showing that would tell us it is a malware issue.

    Let's try this scanner below it doesn't remove anything just shows it if it is there.



    Do an online scan (scan only tool) with Kaspersky WebScanner
    [Internet Explorer required]


    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the results of the scan back here please and a new hijackthis log.
+ Reply to Thread
« Please can you help. | Explorer Problem »