Jump to content


Photo

browser problems


  • This topic is locked This topic is locked
8 replies to this topic

#1 johnnyquango

johnnyquango

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 22 May 2007 - 06:32 PM

I have xp sp 1 ..the problems i am experiencing are when i use firefox it sometimes closes the session and wants to send an error report in..when i next start firefox i get the option to restore session or start new session..dont know why this keeps happening...2nd problem is i play CSS and it has started to lag quite bad my ping is normally in single figures but it has gone up to 50..i know its not that high but its a uk server that i rent and other local ppl on it are still about 8 or 9 ping..its like my browser is being used and not by me?

here are the HJT log and dejob log

any help would be appreciated thank john

I have run spybot and ad aware se with nothing found


Logfile of HijackThis v1.99.1
Scan saved at 22:11:10, on 22/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe


--------------------------------------------------------
NO LOP JOBS FOUND
--------------------------------------------------------
FILES IN TASKS FOLDER

--------------------------------------------------------
EXPORT APP DATA FOLDERS

Volume in drive C has no label.
Volume Serial Number is D0B9-FBE8

Directory of C:\Documents and Settings\Quango\Application Data

16/04/2007 20:38 <DIR> .
16/04/2007 20:38 <DIR> ..
07/01/2007 16:21 <DIR> Adobe
07/01/2007 16:20 <DIR> AdobeAUM
07/01/2007 16:20 <DIR> AdobeUM
25/12/2006 13:21 <DIR> Ahead
20/12/2006 00:05 <DIR> atitray
14/01/2007 21:36 <DIR> Autodesk
25/03/2007 15:07 <DIR> Corel
20/12/2006 00:30 <DIR> Creative
20/12/2006 20:45 <DIR> CYBERL~1 CyberLink
03/05/2007 19:11 <DIR> Help
19/12/2006 22:58 <DIR> IDENTI~1 Identities
20/12/2006 02:20 <DIR> ImgBurn
04/03/2007 00:28 <DIR> Lavasoft
03/02/2007 22:36 <DIR> LEADER~1 Leadertech
20/12/2006 19:15 <DIR> MACROM~1 Macromedia
26/02/2007 20:15 <DIR> MEDIAP~1 Media Player Classic
07/02/2007 17:35 <DIR> MICROS~1 Microsoft
20/12/2006 00:42 <DIR> Mozilla
08/02/2007 17:47 <DIR> Real
15/02/2007 21:55 <DIR> Serif
23/01/2007 22:18 <DIR> SONYER~1 Sony Ericsson
20/12/2006 22:12 <DIR> TEAMSP~1 teamspeak2
23/01/2007 22:02 <DIR> Teleca
03/04/2007 19:05 <DIR> vlc
18/04/2007 18:43 <DIR> Vso
21/05/2007 22:34 <DIR> Xfire
20/12/2006 22:31 <DIR> XFIREP~1 Xfire Plus
0 File(s) 0 bytes
29 Dir(s) 43,672,600,576 bytes free
Volume in drive C has no label.
Volume Serial Number is D0B9-FBE8

Directory of C:\Documents and Settings\All Users\Application Data

03/05/2007 20:13 <DIR> .
03/05/2007 20:13 <DIR> ..
07/01/2007 16:20 <DIR> Adobe
14/01/2007 21:36 <DIR> Autodesk
25/03/2007 15:06 <DIR> Corel
20/12/2006 20:44 <DIR> CYBERL~1 CyberLink
22/04/2007 15:49 <DIR> DVDSHR~1 DVD Shrink
04/03/2007 00:28 <DIR> MICROS~1 Microsoft
03/05/2007 20:14 <DIR> SNAPPY~1 Snappy Invoice System
23/01/2007 22:16 <DIR> SONYER~1 Sony Ericsson
20/12/2006 01:31 <DIR> SPYBOT~1 Spybot - Search & Destroy
23/01/2007 22:16 <DIR> Teleca
0 File(s) 0 bytes
12 Dir(s) 43,672,600,576 bytes free
--------------------------------------------------------

Logs added to text of post and attachments deleted
TheJoker

Edited by TheJoker, 26 May 2007 - 06:42 AM.

[color=#3333FF][size=7][font=Lucida Console] $>Be congruent to yourself <$
Where we go is not important..the journey getting there is
QŬĂŅĢǾ

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 25 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 May 2007 - 09:11 AM

Hi,

Nothing suspicious was found on your log.

Let me see this result.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 johnnyquango

johnnyquango

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 27 May 2007 - 10:40 AM

Hi again thanks for looking at this, here is the combo log (I dont know what all those sad faces are at the bottom of the combo post! i had to delete some as there were to many to allow me to post!!)

"Quango" - 2007-05-27 16:16:36 Service Pack 1 [SAFE MODE]
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Quango\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


2007-05-22 17:47 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-05-22 17:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-21 23:32 <DIR> d-------- C:\ATI
2007-05-21 23:17 <DIR> d-------- C:\Program Files\ATI Technologies
2007-05-21 22:53 <DIR> d--hs---- C:\WINDOWS\CSC
2007-05-06 18:29 <DIR> d-------- C:\Program Files\HLSW
2007-05-03 20:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Snappy Invoice System
2007-04-28 18:13 <DIR> d-------- C:\Films


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 12:21:19 -------- d-----w C:\Program Files\nbpro
2007-05-27 00:31:48 -------- d-----w C:\DOCUME~1\Quango\APPLIC~1\Xfire
2007-05-26 23:57:04 -------- d-----w C:\Program Files\Steam
2007-05-26 20:32:08 -------- d-s---w C:\Program Files\Xfire
2007-05-22 16:59:44 192 ----a-w C:\WINDOWS\system32\tbhi.dat
2007-05-22 16:59:44 10 ----a-w C:\WINDOWS\system32\drivers\tmbi.sys
2007-05-22 16:21:23 -------- d-----w C:\Program Files\RegVac Registry Cleaner
2007-05-21 22:17:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-03 19:17:33 -------- d-----w C:\Program Files\Snappy Invoice System
2007-05-03 18:11:09 -------- d-----w C:\DOCUME~1\Quango\APPLIC~1\Help
2007-04-22 17:04:00 -------- d-----w C:\Program Files\Monkey's Audio
2007-04-19 20:40:23 -------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
2007-04-18 17:43:29 -------- d-----w C:\DOCUME~1\Quango\APPLIC~1\Vso
2007-04-16 19:38:20 87,608 ----a-w C:\DOCUME~1\Quango\APPLIC~1\ezpinst.exe
2007-04-16 19:38:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-16 19:38:20 47,360 ----a-w C:\DOCUME~1\Quango\APPLIC~1\pcouffin.sys
2007-04-16 19:38:19 -------- d-----w C:\Program Files\vso
2007-04-03 18:05:33 -------- d-----w C:\DOCUME~1\Quango\APPLIC~1\vlc
2007-04-03 18:04:20 -------- d-----w C:\Program Files\VideoLAN
2007-04-01 16:33:32 -------- d-----w C:\Program Files\Audio4You
2007-03-25 14:22:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-25 14:07:43 88 --sh--r C:\WINDOWS\system32\745AEC2476.sys
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-12-20 00:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43]
"Steam"="" []


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"mnmsrvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070308-195140-517
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay11...es/MsnPUpld.cab

?????????

backup-20070308-195140-738
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

backup-20070308-195140-352
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 16:17:48
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-27 16:17:58

--- E O F ---
[color=#3333FF][size=7][font=Lucida Console] $>Be congruent to yourself <$
Where we go is not important..the journey getting there is
QŬĂŅĢǾ

#5 johnnyquango

johnnyquango

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 27 May 2007 - 10:48 AM

here is the new hjt log.. Just a point to note, when i boot the PC it takes up to 10/15 seconds for all the icons to show themselves, they look like files with no picture with what they are, they seem to come on a few at a time. Its not a problem (didn't use to do this ) but just wondered if the memory needed adjustment, i have 2gig ram




Logfile of HijackThis v1.99.1
Scan saved at 16:21:08, on 27/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
[color=#3333FF][size=7][font=Lucida Console] $>Be congruent to yourself <$
Where we go is not important..the journey getting there is
QŬĂŅĢǾ

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 28 May 2007 - 07:27 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

(I dont know what all those sad faces are at the bottom of the combo post! i had to delete some as there were to many to allow me to post!!)

The faces are unreadable characters.

when i boot the PC it takes up to 10/15 seconds for all the icons to show themselves, they look like files with no picture with what they are, they seem to come on a few at a time


Possibly you have a corrupt ShellIconCache or you must increase it's size if you have many icons on the desktop.

I think this article can help you.
http://articles.tech...11-5164407.html

=*=

Please download SmitfraudFix (by S!Ri)
Extract all the content (to a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Let me know what problem remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 johnnyquango

johnnyquango

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 28 May 2007 - 02:58 PM

This is the rapport from SmitfraudFix
I have also resized the Icon cach and set the value to 2000 (instead of the standard 500) Although im not sure how this relates in size to 2gig RAM.. bits bytes? I do have a few icons on the desktop (unfinished work) not all short cuts to progs ;) However this seems to have sorted that out..

In relation to the Firefox Browser closing unexpectedly, It hasn't happened today and the ping has gone down to 15 (in game) Whatever was causing this has stopped, momentarily ? I will have to wait and see.


ASmitFraudFix v2.188

Scan done at 17:32:47.31, 28/05/2007
Run from C:\Documents and Settings\Quango\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Quango


C:\Documents and Settings\Quango\Application Data


Start Menu


C:\DOCUME~1\Quango\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32-xpdt



DNS

Description: Broadcom NetLink ™ Gigabit Ethernet
DNS Server Search Order: 194.168.4.100
DNS Server Search Order: 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9156FDC6-5606-49CB-B969-2DFFBE63B199}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9156FDC6-5606-49CB-B969-2DFFBE63B199}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9156FDC6-5606-49CB-B969-2DFFBE63B199}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


Scanning for wininet.dll infection


End
[color=#3333FF][size=7][font=Lucida Console] $>Be congruent to yourself <$
Where we go is not important..the journey getting there is
QŬĂŅĢǾ

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 28 May 2007 - 03:16 PM

Nice Work your last HijackThis log log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 07 June 2007 - 07:09 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button