| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85062 | 2007-11-28 05:53:00 | Windows XP hangs after connecting to Internet/ opening browser | mechadios (13071) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 615870 | 2007-11-28 05:53:00 | Hello Experts, I have a strange problem. I am running on Windows XP SP2. From the last couple of days my machine hangs after 15-20 minutes after I connect to internet. Otherwise the machine runs fine if I don't connect net or don't open iexplorer. I have tried using mozilla also and the same proble encountered with mozilla. This is happening intermittently. However in safe mode with networking everything works fine and i can browse normally no hiccups there. Below is the log file for more details: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:17 AM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Netscape Internet Service\ncupdatesvc.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O1 - Hosts: 200.100.1.63 ustdc3 O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515- F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6- 6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15- 001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB- D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1 \mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\136741L.exe O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\136741W.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1 \McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1 \MpfTray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1 \COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1 \COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Search - edits.mywebsearch.com p=ZNxmk570YYIN O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB- 11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03 \bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56- 3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF- D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE- 00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088- 4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9- 0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F- 11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110- 11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.camsps1 O15 - Trusted Zone: http://vis1200.solutionbeacon.net O15 - Trusted Zone: *.solutionbeacon.net O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - www.creative.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com muweb_site.cab?1155281839234 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - www.adobe.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458- 1830C7DD7F5D} - C:\PROGRA~1\COMMON~1 \Skype\SKYPE4~1.DLL O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OracleClientCache80 - Unknown owner - c:\OraHome1 \BIN\ONRSD80.EXE O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9894 bytes |
mechadios (13071) | ||
| 615871 | 2007-11-28 05:54:00 | One more thing the hijack this log file shows iE 6 but I had 7 and uninstalled that trying to see if that was causing the issue but the issue still persists even with Mozilla Firefox. | mechadios (13071) | ||
| 615872 | 2007-11-28 06:47:00 | Have you got any firewall installed on your computer? (I haven't read through the log yet) |
Renmoo (66) | ||
| 615873 | 2007-11-28 07:26:00 | Don't have any firewall and don't even have the windows firewall enabled, my VPN had some issues with that. Moreover didn't really change anything installed/uninstalled and all of a sudden the issue started. Once I am on the net I can browse for 15-20 minutes and then everything freezes and I had to do a hard shutdown. Can't even do the Ctrl+Alt+Delete. Thanks for your time. |
mechadios (13071) | ||
| 615874 | 2007-11-28 07:32:00 | Don't have any firewall and don't even have the windows firewall enabled, my VPN had some issues with that. Moreover didn't really change anything installed/uninstalled and all of a sudden the issue started. Once I am on the net I can browse for 15-20 minutes and then everything freezes and I had to do a hard shutdown. Can't even do the Ctrl+Alt+Delete. Thanks for your time. |
mechadios (13071) | ||
| 615875 | 2007-11-28 07:51:00 | I think you've got something nasty. Put hijackthis in its own folder first, run it tick these entries, then tick fix checked. Close browser/s. Nasty O1 - Hosts: 200.100.1.63 ustdc3 O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\136741L.exe O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\136741W.exe Safe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" Nasty O8 - Extra context menu item: &Search -edits.mywebsearch.com p=ZNxmk570YYIN If you dont know what these are, or u didn't add them tick these O15 - Trusted Zone: http://*.camsps1 O15 - Trusted Zone: http://vis1200.solutionbeacon.net O15 - Trusted Zone: *.solutionbeacon.net Get trojan remover (www.simplysup1.com) Install it run it then click on scan. Then select all options under the utilities menu. This may restore task manager. Check add/remove programs if it opens. Look for Mywebsearch/Myway. Uninstall it if its there. |
Speedy Gonzales (78) | ||
| 615876 | 2007-11-28 08:46:00 | Hello Speedy, Thanks for your help but it didn't work :( . I ran the trozen remover and it did fix couple of registry entries but didn't work, the system hangs even now after I connect . These entries are known I have added so should not be any issue because of these: O15 - Trusted Zone: http://* . camsps1 O15 - Trusted Zone: http://vis1200 . solutionbeacon . net O15 - Trusted Zone: * . solutionbeacon . net Also couldn't find Mywebsearch/Myway in Add/Remove . Below is the new hijack log after fixing the nasty entries Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 2:53:59 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 5730 . 0013) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Windows Defender\MsMpEng . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient . exe C:\PROGRA~1\MOZILL~1\FIREFOX . EXE C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis\HijackThis . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\system32\rundll32 . exe C:\WINDOWS\system32\wbem\wmiprvse . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho . dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee . com\vso\mcvsshl . dll O4 - HKLM\ . . \Run: [MCAgentExe] c:\PROGRA~1\mcafee . com\agent\McAgent . exe O4 - HKLM\ . . \Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui . exe" -hide O4 - HKLM\ . . \Run: [VSOCheckTask] "C:\PROGRA~1\McAfee . com\VSO\mcmnhdlr . exe" /checktask O4 - HKLM\ . . \Run: [VirusScan Online] C:\Program Files\McAfee . com\VSO\mcvsshld . exe O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_03\bin\jusched . exe" O4 - HKLM\ . . \Run: [SigmatelSysTrayApp] stsystra . exe O4 - HKLM\ . . \Run: [OASClnt] C:\Program Files\McAfee . com\VSO\oasclnt . exe O4 - HKLM\ . . \Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent . exe O4 - HKLM\ . . \Run: [MPFExe] C:\PROGRA~1\McAfee . com\PERSON~1\MpfTray . exe O4 - HKLM\ . . \Run: [igfxtray] C:\WINDOWS\system32\igfxtray . exe O4 - HKLM\ . . \Run: [igfxpers] C:\WINDOWS\system32\igfxpers . exe O4 - HKLM\ . . \Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd . exe O4 - HKLM\ . . \Run: [ehTray] C:\WINDOWS\ehome\ehtray . exe O4 - HKLM\ . . \Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY . exe O4 - HKLM\ . . \Run: [MCUpdateExe] c:\PROGRA~1\mcafee . com\agent\McUpdate . exe O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKUS\S-1-5-18\ . . \Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20 . exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\ . . \Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector . exe (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20 . exe" -t (User 'Default user') O4 - Global Startup: 24Online Client . lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient . exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie . htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie . htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2 . htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho . dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho . dll O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger . exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O15 - Trusted Zone: http://* . camsps1 O15 - Trusted Zone: http://vis1200 . solutionbeacon . net O15 - Trusted Zone: * . solutionbeacon . net O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - . creative . com/su/ocx/15030/CTSUEng . cab" target="_blank">www . creative . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1155281839234" target="_blank">update . microsoft . com O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - . adobe . com/products/acrobat/nos/gp . cab" target="_blank">www . adobe . com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - . creative . com/su/ocx/15030/CTPID . cab" target="_blank">www . creative . com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1 . DLL O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA . exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: McAfee WSC Integration (McDetect . exe) - McAfee, Inc - c:\program files\mcafee . com\agent\mcdetect . exe O23 - Service: McAfee . com McShield (McShield) - McAfee Inc . - c:\PROGRA~1\mcafee . com\vso\mcshield . exe O23 - Service: McAfee Task Scheduler (McTskshd . exe) - McAfee, Inc - c:\PROGRA~1\mcafee . com\agent\mctskshd . exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr . exe) - McAfee, Inc - C:\PROGRA~1\McAfee . com\Agent\mcupdmgr . exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee . com\PERSON~1\MpfService . exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc . - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr . exe O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc . exe O23 - Service: NICCONFIGSVC - Dell Inc . - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC . exe O23 - Service: OracleClientCache80 - Unknown owner - c:\OraHome1\BIN\ONRSD80 . EXE O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service . exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog . exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC . EXE -- End of file - 8504 bytes |
mechadios (13071) | ||
| 615877 | 2007-11-28 08:48:00 | if you need shall upload the trozen log also if that helps. | mechadios (13071) | ||
| 615878 | 2007-11-28 09:00:00 | Go Into my sig below, download and install/ run both Spybot S & D and the Free Spyware doctor - these will more than likely find a few more. They will help with the Browser speed, Spybot will rip out MyWay, so will Spyware doctor (usually). The latest versions of MyWay are not shown in Add/remove Programs. While at my sig, download Ccleaner, install and run it. When using spyware doctor, after it does the first scan on startup, go to the settings Button> Scan Setting> tick " Scan for rootkits.... See Here (www.imagef1.net.nz). The click on the Big SCAN MY COMPUTER button, it will take a lot longer to run but it should locate any other "bugs" You may need to disable system restore as well. To do this right click " My Computer> Properties> System Restore Tab, disable restore. MyWay hides in restore, if its not disabled, it may reinfect the moment you reboot. Had a similar customers problems today after running these two programs the browser was back to normal. |
wainuitech (129) | ||
| 615879 | 2007-11-28 09:12:00 | Run hijackthis again tick this entry then tick fix checked Close browser/s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" Yup you may have to disable system restore. I would also boot into safe mode, and do a search for these files C:\WINDOWS\136741L.exe C:\WINDOWS\136741W.exe And delete them. And reboot, then see if task manager opens. If its does, turn SR back on. |
Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | |||||