Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Freeze Randomly


  • This topic is locked This topic is locked
9 replies to this topic

#1 fastfinger

fastfinger

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 04 June 2008 - 06:31 PM

Hi,

I seem to have a hard time creating a topic on this forum... I have been having problems lately with my Internet Explorer 7.0.... It freezes randomly while visiting various web pages. It usually freeze after I have openned a few pages to view in different tabs and then I read each tab and close it as I finish. Usually Internet Explorer will freeze right after clicking the X to close the tab. I have tried various On-Line scanners, Ad-Aware 2007, Spyboot search & destroy and always get a clean bill of health. I have tried uninstalling Internet Explorer 7.0, reboot and reinstalling it.

Can anyone help me, thanks

Here are the two logs required

Deckard's System Scanner v20071014.68
Run by Alain Tessier on 2008-06-04 19:25:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alain Tessier.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:18, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Jetico\BestCrypt\BCResident.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
H:\software\internet\Spyware\Deckard'sSystemScanner.exe
E:\HIJACK~1\Alain Tessier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC6C99E-4225-4E26-BE18-C751596BEA21}: NameServer = 209.226.175.223,198.235.216.134,205.236.147.1,205.236.147.20
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8545 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 20:49:42 68096 --a------ C:\WINDOWS\zip.exe
2008-06-03 20:49:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-03 20:49:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-03 20:49:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-03 20:49:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-03 20:49:42 98816 --a------ C:\WINDOWS\sed.exe
2008-06-03 20:49:42 80412 --a------ C:\WINDOWS\grep.exe
2008-06-03 20:49:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 20:47:44 0 dr-hs---- C:\cmdcons
2008-06-03 20:47:43 0 d-------- C:\WINDOWS\setup.pss
2008-06-03 20:47:27 0 d-------- C:\WINDOWS\setupupd
2008-06-03 20:32:52 0 d-------- C:\Documents and Settings\Alain Tessier\Application Data\Malwarebytes
2008-06-03 20:32:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 19:59:19 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-02 19:49:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 19:49:16 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-02 19:39:12 0 d-------- C:\Documents and Settings\Alain Tessier\.housecall6.6
2008-06-02 18:53:32 0 d-------- C:\Program Files\Panda Security
2008-06-02 18:37:44 3084 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-01 22:41:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-18 15:42:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-17 23:36:37 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-17 17:35:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PKWARE
2008-05-11 18:00:22 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-10 07:29:24 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-09 20:56:20 0 -rahs---- C:\MSDOS.SYS
2008-05-09 20:56:20 0 -rahs---- C:\IO.SYS
2008-05-09 19:36:04 0 d-------- C:\Documents and Settings\Alain Tessier\Application Data\LumaPix
2008-05-04 21:31:58 0 d-------- C:\Documents and Settings\Alain Tessier\Application Data\Thinstall
2008-05-04 21:28:10 0 d-------- C:\Program Files\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-06-03 23:26:26 0 d-------- C:\Documents and Settings\Alain Tessier\Application Data\uTorrent
2008-06-03 21:13:40 0 d-------- C:\Program Files\Google
2008-06-01 19:43:09 0 d-------- C:\Program Files\ExplorerXP
2008-05-18 09:08:47 3012 --a------ C:\drmHeader.bin
2008-05-17 23:37:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-17 23:37:23 0 d-------- C:\Program Files\Symantec
2008-04-27 22:33:31 0 d-------- C:\Program Files\ACDSee32
2008-04-27 21:18:35 0 d-------- C:\Documents and Settings\Alain Tessier\Application Data\Auslogics
2008-04-22 23:25:37 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-04-22 19:27:40 0 d-------- C:\Program Files\UPHClean


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 15:57]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/22/2005 18:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 16:27]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 13:35]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/02/2008 12:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 17:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/15/2006 01:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/17/2007 01:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BestCrypt Auto Open.lnk - C:\Program Files\Jetico\BestCrypt\BestCrypt.exe [3/27/2003 2:59:41 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/17/2007 1:00:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"G:\Steam\Steam.exe" -silent




-- End of Deckard's System Scanner: finished at 2008-06-04 19:25:40 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.40GHz
CPU 1: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2047.11 MiB / 1365.4 MiB
Pagefile Memory (total/avail): 3943.57 MiB / 3405.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 18.15 GiB free.
D: is Fixed (NTFS) - 93.13 GiB total, 10.65 GiB free.
E: is Fixed (NTFS) - 139.69 GiB total, 78.15 GiB free.
F: is Fixed (NTFS) - 204.99 GiB total, 29.77 GiB free.
G: is Fixed (NTFS) - 151.37 GiB total, 92.74 GiB free.
H: is Fixed (FAT32) - 39.06 GiB total, 5.99 GiB free.
I: is Fixed (FAT32) - 42.43 GiB total, 29.78 GiB free.
J: is Fixed (FAT32) - 232.83 GiB total, 112.35 GiB free.
K: is CDROM (No Media)
L: is CDROM (No Media)
O: is Fixed (NTFS) - 465.76 GiB total, 203.41 GiB free.

\\.\PHYSICALDRIVE0 - MAXTOR S TM3500630A SCSI Disk Device - 465.76 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 437.81 GiB - D: - E: - F:

\\.\PHYSICALDRIVE1 - WDC WD25 00JB-00GVA0 SCSI Disk Device - 232.88 GiB - 3 partitions
\PARTITION0 - Extended w/Extended Int 13 - 232.88 GiB - G: - H: - I:

\\.\PHYSICALDRIVE3 - SAMSUNG SP2514N USB Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 232.88 GiB - J:

\\.\PHYSICALDRIVE2 - ST350063 0A USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - O:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\eMule\\emule.exe"="E:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"F:\\UTorrent\\Copy of utorrent.exe"="F:\\UTorrent\\Copy of utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alain Tessier\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALAIN-NEW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alain Tessier
LOGONSERVER=\\ALAIN-NEW
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ALAINT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ALAINT~1\LOCALS~1\Temp
USERDOMAIN=ALAIN-NEW
USERNAME=Alain Tessier
USERPROFILE=C:\Documents and Settings\Alain Tessier
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alain Tessier (admin)
Genevieve Tessier
Julien Tessier


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 32 --> C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AsfTools 3.1 (remove only) --> D:\Utility\AsfTools 3.1\Uninst.exe
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BestCrypt 7.0 --> "C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BestCrypt\UnInstall.log
CodecInstaller 2.7.0 --> C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
Diskeeper Professional Premier Edition --> MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dpeg Cicada --> C:\WINDOWS\iun507.exe D:\dpeg Cicada\\irunin.ini
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
eMule --> "e:\eMule\Uninstall.exe"
Eschalon Book 1 v1.04 --> "E:\Eschalon Book I\unins000.exe"
ExplorerXP (remove only) --> C:\Program Files\ExplorerXP\Uninst.exe
Folder Security Personal 2.60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7897595F-3C12-4067-A6FC-FC5C6E29B59B}\Setup.exe"
Forté Agent --> D:\Program\Agent1\UNWISE.EXE D:\Program\Agent1\INSTALL.LOG "Uninstall Forté Agent"
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> E:\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB932390) --> "C:\WINDOWS\$NtUninstallKB932390$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
MINERVA: Metastasis --> G:\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE G:\Steam\STEAMA~1\SOURCE~1\METAST~1\metastasis.log
Movie Joiner --> C:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 7 Premium --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Transport 1.87.258 --> "C:\Program Files\Xi\NetTransport 2\unins000.exe"
OfflineList 0.7.2a --> F:\OfflineLIst\uninst.exe
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickPar 0.9 --> f:\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
RomCenter 2.71 --> "F:\Romcenter\uninst\unins000.exe"
Siege of Avalon Anthology CD --> E:\SIEGEO~1\UNWISE.EXE E:\SIEGEO~1\INSTALL.LOG
Source SDK Base --> "G:\Steam\steam.exe" steam://uninstall/215
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Total Video Converter 3.02 --> "C:\Program Files\Total Video Converter\unins000.exe"
TreeSize Free V2.1 --> "C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u e:\TrueCrypt
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinUHA 2.0 RC1 (2005.02.27) --> "C:\Program Files\WinUHA\unins000.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5510 / Error
Event Submitted/Written: 06/03/2008 07:54:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ExplorerXP.exe, version 1.0.53.381, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x0007f785.
Processing media-specific event for [ExplorerXP.exe!ws!]

Event Record #/Type5509 / Error
Event Submitted/Written: 06/03/2008 07:51:05 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Backdoor.Trojan in File: D:\Test\Softwares\CleanPC\Spyware\VundoFix.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type5507 / Error
Event Submitted/Written: 06/03/2008 07:51:00 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type5506 / Error
Event Submitted/Written: 06/03/2008 07:50:58 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Backdoor.Trojan in File: D:\Test\Softwares\CleanPC\Spyware\VundoFix.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type5505 / Error
Event Submitted/Written: 06/03/2008 07:50:58 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Backdoor.Trojan in File: D:\Test\Softwares\CleanPC\Spyware\VundoFix.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21027 / Warning
Event Submitted/Written: 06/03/2008 09:02:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20996 / Warning
Event Submitted/Written: 06/03/2008 08:51:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALAIN-NEW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALAIN-NEW27 can't undo changes that you allow.

For more information please see the following:
%ALAIN-NEW275

Scan ID: {3B473A5A-DE09-4E81-9005-6A9F25A04548}

User: ALAIN-NEW\Alain Tessier

Name: %ALAIN-NEW271

ID: %ALAIN-NEW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALAIN-NEW276

Alert Type: %ALAIN-NEW278

Detection Type: 1.1.1593.02

Event Record #/Type20994 / Warning
Event Submitted/Written: 06/03/2008 08:51:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALAIN-NEW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALAIN-NEW27 can't undo changes that you allow.

For more information please see the following:
%ALAIN-NEW275

Scan ID: {388866E0-F19C-4931-AF2D-9922C7C7CA4B}

User: ALAIN-NEW\Alain Tessier

Name: %ALAIN-NEW271

ID: %ALAIN-NEW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALAIN-NEW276

Alert Type: %ALAIN-NEW278

Detection Type: 1.1.1593.02

Event Record #/Type20993 / Warning
Event Submitted/Written: 06/03/2008 08:51:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALAIN-NEW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALAIN-NEW27 can't undo changes that you allow.

For more information please see the following:
%ALAIN-NEW275

Scan ID: {D8F3CCE3-89D1-47C3-B266-24B4FB4A7B54}

User: ALAIN-NEW\Alain Tessier

Name: %ALAIN-NEW271

ID: %ALAIN-NEW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALAIN-NEW276

Alert Type: %ALAIN-NEW278

Detection Type: 1.1.1593.02

Event Record #/Type20987 / Warning
Event Submitted/Written: 06/03/2008 08:51:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALAIN-NEW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALAIN-NEW27 can't undo changes that you allow.

For more information please see the following:
%ALAIN-NEW275

Scan ID: {19851AF1-53F6-404C-93AA-2DC12873ECF4}

User: ALAIN-NEW\Alain Tessier

Name: %ALAIN-NEW271

ID: %ALAIN-NEW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALAIN-NEW276

Alert Type: %ALAIN-NEW278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-03 21:18:15 ------------



Thanks for the help

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 01 July 2008 - 05:35 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 fastfinger

fastfinger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 01 July 2008 - 07:37 PM

Hi,

As requested, this is my current log for the PC... hoping you will find what is causing this "freezing" in Internet Explorer. I have been running it "without" add-on and it does solve part of the problem but in some sites, I do get a 5 to 6 seconds delay before the tab is closing when I click on the X to close it.

Thanks for the help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:22, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Jetico\BestCrypt\BCResident.exe
C:\Program Files\Y0YS Software\Folder Security Personal 2.60\SecFld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\NZB\NZB-O-Matic.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program\Agent-NewsOld\agent.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC6C99E-4225-4E26-BE18-C751596BEA21}: NameServer = 209.226.175.223,198.235.216.134,205.236.147.1,205.236.147.20
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7962 bytes

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 02 July 2008 - 06:59 PM

A Firewall is an essential part of computer security and you do not appear to have a third party software firewall running on your system. If you have one, and I missed it, please ignore this. There are several firewalls that provide better protection than the Windows Firewall. Follow these steps to turn off/disable the Windows Firewall before installing a new firewall:
  • Download the new firewall to your desktop.
  • Disconnect from the Internet.
  • Click Start > Control Panel.
  • Switch to Classic View if you have not already done so.
  • Double click on the Windows Firewall icon.
  • Click Off (Not recommended).
  • Install the new Firewall.
Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.

There are a few firewalls available for free that appear to be good and easy to use:For more information about firewalls, please read Understanding and Using Firewalls.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 02 July 2008 - 07:35 PM

Since I did not see any obvious malware, I need to get a better idea of what you have already done.

When you uninstalled and reinstalled Internet Explorer 7, did you follow these directions?

To uninstall Internet Explorer 7 or Internet Explorer 8 Beta 1, follow these steps:Have you tried a Repair Installation of Windows XP? This does not remove any files or programs.

To Perform A Reinstallation Of Windows XP (Sometimes Called A Repair Installation)
  • Configure your computer to start from the CD-ROM drive. For more information about how to do this, refer to your computer's documentation or contact your computer manufacturer.
  • Insert your Windows XP Setup CD, and restart your computer.
  • When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.
  • When you see the Welcome To Setup screen, you will see the options below under This portion of the Setup program prepares Microsoft Windows XP to run on your computer:
    • To setup Windows XP now, press ENTER.
    • To repair a Windows XP installation using Recovery Console, press R.
    • To quit Setup without installing Windows XP, press F3.
  • Press Enter to start the Windows Setup.
  • Do NOT choose the option to press "R" to use the "Recovery Console".
  • In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
  • Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
  • Follow the instructions on the screen to complete Setup.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 fastfinger

fastfinger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 03 July 2008 - 08:11 PM

Dear Suebaby41,

Let's start first with what I did in the last month to fix the problem. When the problem started occuring (around june 1st/2nd) I did the following:

1. Full scan with Norton Anti-Virus 10.0 - Nothing major detected
2. Scan with SpyBoot Search & Destroy - Nothing major detected
3. Scan with AdAware 2007 - Nothing major detected
4. HiJackthis Scan and review of the various lines - Nothing seemed at the time to be wrong
5. Full system scan with Panda Antivirus Online Scanner - Nothing detected
6. Full system scan with Kasperky Online Scanner - Nothing detected

I then started looking in various users groups for a solution to this problem. I found an article in this forum related to problems with Internet Explorer and a suggestion to "uninstall" "deinstall" it, or to try a system repair, or to try a reset of Internet Explorer. I did all of these in the following order:

1. I tried first a File Signature Verification and nothing major came up.
2. I then tried a Windows System Repair with the CD from the
recovery console. It didn't fix the problem
3. At that point I did not have the WinXP SP3 installed on my computer so I went with the next recommendation in the article and uninstalled Internet Explorer 7. After the Uninstall, I tested Internet Explorer and my PC was working with the Internet Explorer 6.
4. Thinking that my Norton Antivirus might be conflicting with the program, I uninstalled Norton, cleaned the entire registry with a tool from Norton and then installed Avira Antivir Personal. Again with no success.
5. I reinstalled Internet Explorer 7 from a direct download from Microsoft and installed all the patches after except for the XP SP3. This did not solved the problem.
6. I then tried the "reset" for internet explorer and re-activated only a portion of the add-ons. Again, this did not solved the problem entirely.

The only thing I found was that some of the problems might be related to Real Player Download and Record Plugin for Internet Explorer add-on and an incompatiblity with Internet Explorer or a recent patch for it. I remember installing this add-onn at the end of may or early june because it came with the new RealPlayer. I tried uninstalling the Realplayer but again it did not fix the problem.

7. I then tried installing the XP SP3 hoping that this would solve the problem but again with no success.

I do not have a firewall running on my PC because I have a home network installed and my router is also a firewall. I find it easier to configure my PC for gaming purpose that way.

I have been able in the past to fix most of my computer problems and consider myself somewhat knowledgeable but I am really at loss on explaining what is causing the problem to my PC. I usually keep a back-up copy of my install but had a problem with the back-up copy so I could not restore my original Ghost copy.

I am now thinking of just erasing the installation and reinstalling everything.....unless you have an idea what could cause the problem, however.

By the way, I just tried again a "repair installation" of Windows XP just it case I would have missed something and I do not get the "R" option after the F8 for the Windows XP LIcensing Agreeement. RIght after, I get to the screen showing my C drive and my D drive with the cursor on the C and the only option working is the "install". I tried it anyway right over my current install but the internet explorer react the same way as before. I tried again going through the same sequence and then pressing "R" right after the F8 key press but it does not work.

Regards

Alain

Edited by fastfinger, 03 July 2008 - 09:00 PM.


#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 03 July 2008 - 09:31 PM

In my research, I found several users having a similar problem and they used the following:

There is a download available from MS that enables sites to be viewed when using IE 7. The issue is with some sites not being upgraded properly to work with IE 7. You can download this and continue to use IE 7 and then access the difficult sites by running this program when needed. It works very simply and well by reporting to the difficult site that your browser is IE 6 (when really its IE 7) and the site can then be viewed.
User Agent String Utility version 2 (Reports Internet Explorer 7 as Internet Explorer 6 when it is really Internet Explorer 7
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 fastfinger

fastfinger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 04 July 2008 - 07:17 PM

Thanks for the info I didn't come across that one yet....

I just downloaded the utility and tested it. It still freeze on some on the sites I visit but not as often as before. That should do for the time being until I can figure out what the problem is.

Again thanks for your time and effort, its really appreciated.

Regards,

Alain

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 06 July 2008 - 12:10 PM

I have a few suggestions:

Step 1

I noticed that your Java Runtime Environment is out of date.

The latest version is Java Runtime Environment (JRE) 6 Update 6

Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right. When a new window opens, you will see
    NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
    Required: You must accept the license agreement to download the product.
  • Click to place a check mark by Accept License Agreement.
  • Make the selection corresponding to your computer platform. For Windows, click on Windows Offline Installation, Multi-languagelink to download. Save it to your desktop.
  • On your desktop, double-click on jre-6u6-windows-i586-p.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the Welcome To Java and Verify Installation page.

Step 2

I recommend using Spyware Blaster.

Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 3

I recommend using the ATF-Cleaner weekly.

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.

Step 4

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would not be removing the program itself, just removing them from your startup.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would not be removing the program itself, just removing them from your startup.

Step 5

Please advise me of any problems you still have.

Edited by suebaby41, 06 July 2008 - 12:18 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:55 AM

Posted 13 July 2008 - 09:54 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users