Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Does Not Shutdown/restart


  • Please log in to reply
15 replies to this topic

#1 Deltaforce229

Deltaforce229

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 11:10 AM

Topic moved to HijackThis forum for analysis.

OT 5/27/2007


When i try to shutdown/reboot my computer it gets to the blue "shutting down...." screen and does nothing i have to manually press and hold the power button to get my pc to shutdown.

If it helps here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:42 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NETGEAR\NAS\Z-SANService.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\James Ciasullo\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...aWebSuite-AimEx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NAS\Z-SANService.exe

--
End of file - 4924 bytes

Edited by OldTimer, 27 May 2007 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 01:40 PM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Greets Jürgenv

Donation: Click me.

#3 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 03:11 PM

I tried running it and got a warning from AVG. Should i be worried about this?

Posted Image

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 03:14 PM

It's a false positive, allow it, Disable AVG when it's needed.
Greets Jürgenv

Donation: Click me.

#5 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 03:30 PM

---Combo Fix Log---


"James Ciasullo" - 2007-05-27 16:07:25 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\James Ciasullo\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\packet.dll"
"C:\WINDOWS\system32\wpcap.dll"
"C:\WINDOWS\system32\drivers\npf.sys"


((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


2007-05-27 11:12 <DIR> d-------- C:\bfu
2007-05-22 19:56 <DIR> d-------- C:\Incomplete
2007-05-22 15:30 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys
2007-05-22 15:30 342,144 --a------ C:\WINDOWS\system32\drivers\sfsz.sys
2007-05-22 15:30 159,907 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2007-05-22 15:30 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys
2007-05-22 15:30 13,056 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys
2007-05-22 15:28 <DIR> d-------- C:\Program Files\NETGEAR
2007-05-20 19:02 <DIR> d-------- C:\dos
2007-05-20 18:58 <DIR> d-------- C:\Program Files\DOSBox-0.70
2007-05-18 15:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-05-17 16:05 <DIR> d-------- C:\Program Files\Foster
2007-05-15 16:52 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-15 16:41 2,100 --a------ C:\WINDOWS\ladydata.dat
2007-05-15 16:41 <DIR> d-------- C:\WINDOWS\ScooP_
2007-05-10 20:16 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-05-10 20:15 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-05-01 22:59 <DIR> d-------- C:\Program Files\QuickTime


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 19:54:41 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\Xfire
2007-05-27 19:54:31 -------- d-s---w C:\Program Files\Xfire
2007-05-26 15:35:42 -------- d-----w C:\Program Files\Cheat Engine
2007-05-26 03:12:40 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\FrostWire
2007-05-22 19:30:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-21 19:25:42 -------- d-----w C:\Program Files\Winamp
2007-05-17 20:54:09 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\uTorrent
2007-05-16 02:27:36 -------- d-----w C:\Program Files\AutoIt3
2007-04-24 21:36:02 -------- d-----w C:\Program Files\Proxomitron Naoko-4
2007-04-19 23:21:12 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\ATI
2007-04-19 23:17:55 -------- d-----w C:\Program Files\ATI Technologies
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 17:48:57 -------- d-----w C:\Program Files\Sony
2007-04-15 23:30:52 -------- d-----w C:\Program Files\Sol Edit
2007-04-15 19:14:38 -------- d-----w C:\Program Files\Diskeeper Corporation
2007-04-13 22:43:06 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\Audacity
2007-04-13 01:29:39 12,290,055 ------w C:\avg7qt.dat
2007-04-12 23:10:15 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\Help
2007-04-10 22:34:47 -------- d-----w C:\Program Files\Audacity
2007-04-10 21:03:31 162,133 ----a-w C:\WINDOWS\Video Cleaner Lite Uninstaller.exe
2007-04-10 21:03:30 -------- d-----w C:\Program Files\Common Files\River Past
2007-04-10 21:03:30 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\River Past G5
2007-04-10 21:03:28 -------- d-----w C:\Program Files\River Past
2007-04-10 20:48:29 -------- d-----w C:\Program Files\Combined Community Codec Pack
2007-04-10 01:18:59 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-08 19:04:51 -------- d-----w C:\Program Files\AP Tuner
2007-04-08 05:21:49 4 ----a-w C:\WINDOWS\info147.sys
2007-04-08 05:21:49 -------- d-----w C:\Program Files\Common Files\Totem Shared
2007-04-08 04:38:39 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-08 04:38:37 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-04-06 21:38:36 -------- d-----w C:\Program Files\DDS Converter 2
2007-04-04 22:40:37 -------- d-----w C:\Program Files\Net Tools
2007-04-04 22:36:36 -------- d-----w C:\Program Files\TweakNow
2007-04-04 22:36:33 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\TweakNow PowerPack
2007-04-04 03:01:04 -------- d-----w C:\Program Files\iTunes
2007-04-04 03:00:19 -------- d-----w C:\Program Files\iPod
2007-04-03 21:06:29 -------- d-----w C:\Program Files\UltraVNC
2007-04-02 01:54:04 -------- d-----w C:\Program Files\Speed Gear
2007-04-02 01:20:13 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-03-28 20:00:47 -------- d-----w C:\DOCUME~1\JAMESC~1\APPLIC~1\Dev-Cpp
2007-03-23 23:32:24 579 ----a-w C:\WINDOWS\eReg.dat
2007-03-23 13:58:35 6 ----a-w C:\user_data.dat
2007-03-23 01:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-11 21:36:44 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-03-11 21:36:44 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-03-10 22:46:42 405 ----a-w C:\WINDOWS\PowerReg.dat
2007-03-09 00:21:48 28,672 ----a-w C:\WINDOWS\system32\myodbc3i.exe
2007-03-09 00:21:48 2,056,192 ----a-w C:\WINDOWS\system32\myodbc3S.dll
2007-03-09 00:21:48 11,776 ----a-w C:\WINDOWS\system32\myodbc3m.exe
2007-03-09 00:21:48 1,712,128 ----a-w C:\WINDOWS\system32\myodbc3.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2007-02-12 00:51:36 56 --sh--r C:\WINDOWS\system32\A1C94DB8E4.sys
2007-02-12 00:51:36 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [2006-11-20 22:12]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 08:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-03-10 18:37]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-19 12:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)
"NoViewContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)

*Newly Created Service* -PROCEXP90


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070527-105833-257
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070527-105833-809
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171172863953

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????`????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070527-105833-420
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171172869875

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????`?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070527-105833-723
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070527-105832-888
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

???????????????????????????????????????????4????????????????????????????????????????????????????????????????????????4???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070527-105832-796
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

backup-20070527-105832-713
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

backup-20070527-105832-493
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
Contents of the 'Scheduled Tasks' folder
2007-05-23 02:53:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 16:08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-27 16:08:51
C:\ComboFix-quarantined-files.txt ... 2007-05-27 16:08

--- E O F ---




---Hijackthis Log---

Logfile of HijackThis v1.99.1
Scan saved at 4:24:57 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NETGEAR\NAS\Z-SANService.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...aWebSuite-AimEx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NAS\Z-SANService.exe

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 03:35 PM

Download next tool to a place where you'll find it easily:

http://djlizard.net/Dial-a-fix-2006-09-19.exe

Doubleclick Dial-a-fix-2006-09-19.exe to start the program.
Immediately a window will open with on top: "Dial-A-fix : Restrictive policies"
You'll see registry keys.
Check them all and click the remove button below.
Then click close. This should close the policies window.
After that, check everything in the main window and click on 'Go'
Let the tool do his job and restart your computer, after that, post a new hijackthis log here and tell me how everything is working.
Greets Jürgenv

Donation: Click me.

#7 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 03:53 PM

No dice i still had to forcibly shut down my pc.

Edit: I also got errors with dial-a-fix

Logfile of HijackThis v1.99.1
Scan saved at 4:46:45 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NETGEAR\NAS\Z-SANService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...aWebSuite-AimEx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NAS\Z-SANService.exe

Edited by Deltaforce229, 27 May 2007 - 03:54 PM.


#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 04:11 PM

Can you tell me what errors?
Greets Jürgenv

Donation: Click me.

#9 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 04:24 PM

Click to see larger images.

Posted Image

Posted Image

Posted Image

Posted Image

Posted Image

Edited by Deltaforce229, 27 May 2007 - 04:25 PM.


#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 04:28 PM

Are you using windows XP pro of home?
Greets Jürgenv

Donation: Click me.

#11 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 04:30 PM

home

#12 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 04:36 PM

Download this tool: http://DjLizard.net/software/secedit-sfx.exe
extract it to your desktop and run secedit.exe
A black DOS screen will appear en dissapear very quickly, that's normal, after that, retry dial-a-fix.
Greets Jürgenv

Donation: Click me.

#13 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 04:50 PM

nope I'm still getting the same errors and secedit.exe is opening and closing a cmd window but then it opens up the help file.

#14 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:48 AM

Posted 27 May 2007 - 04:54 PM

On the right side of the 'policies' tab you'll see a hammer icon, click it and select in the new window: "Repair permissions"
After that, click on Go, let the tool do his job and restart your computer, after that, retry please.
Greets Jürgenv

Donation: Click me.

#15 Deltaforce229

Deltaforce229
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 May 2007 - 05:46 PM

Ok well it seems to be working. If it comes back anytime soon I'll post. Thanks jurgenv!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users