Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer freezes [RESOLVED]

Started by Naveb , Mar 31 2006 09:31 AM

  • This topic is locked This topic is locked

#1
Naveb
Posted 31 March 2006 - 09:31 AM

Naveb

    Member

  • Member
  • PipPip
  • 18 posts
hello my computer freezes at random times - mainly after about four hours now.

i thought it was because of my out-dated hardware drivers (graphics card and monitor) but the upgrade did not fix it. ive used trojan hunter, ewido, spybot and avg to scan and it found many viruses all of which were cleaned up, i think, so i thought that was the end of it. however, the problem still persists.

im now thinking its because my computer is overheating - GPU at 84C (183F), GPU Memory 31C (88), HDD 38C (102F). i think the GPU is too hot which could make my comp freeze.

after my comp freezes the BIOS pages have wierd white lines which is a sign my computer wont load to the windows. i must go to safe mode and reset so the lines go away and i can go inot windows.

i also have the blackworm, winfixer, winantivirus pop ups even though i thought they were gone with the viruses.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:49 PM, on 31/03/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lxcccoms.exe
E:\Program Files\Foobar2000\foobar2000.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\EVEREST Home Edition\everest.bin
C:\Program Files\Spybot\SpybotSD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\yabca.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .csm: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .csml: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cub: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cube: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .dx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .emb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .embl: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .gau: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mol: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mop: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .scr: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .skc: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .spt: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143118067542
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140687968703
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C58614B4-BCB7-4B9C-94C6-546A1267BDB5}: NameServer = 203.134.17.90 211.26.25.90
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: yabca - C:\WINDOWS\System32\yabca.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)

thanks
  • 0

Advertisements

#2
Rawe
Posted 31 March 2006 - 09:37 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome to the site.. Lets get started. :blink:

==

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Check the Run VundoFix as a task box.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log. :whistling:

  • 0

#3
Naveb
Posted 31 March 2006 - 09:52 AM

Naveb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hello,

thankyou for the fast reply.


VundoFix V4.2.43

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.5

Scan started at 11:45:26 PM 31/03/06

Listing files found while scanning....

C:\WINDOWS\System32\yabca.dll
C:\WINDOWS\System32\acbay.ini
C:\WINDOWS\System32\acbay.bak1
C:\WINDOWS\System32\acbay.bak2
C:\WINDOWS\System32\acbay.ini2

C:\WINDOWS\SYSTEM32\acbay.bak1
C:\WINDOWS\SYSTEM32\acbay.bak2
C:\WINDOWS\SYSTEM32\acbay.ini
C:\WINDOWS\SYSTEM32\acbay.ini2
C:\WINDOWS\SYSTEM32\yabca.dll
C:\WINDOWS\SYSTEM32\acbay.ini2
C:\WINDOWS\SYSTEM32\acbay.bak2
C:\WINDOWS\SYSTEM32\acbay.ini
C:\WINDOWS\SYSTEM32\acbay.ini2
C:\WINDOWS\SYSTEM32\yabca.dll
Attempting to delete C:\WINDOWS\System32\yabca.dll
C:\WINDOWS\System32\yabca.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\acbay.ini
C:\WINDOWS\System32\acbay.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\acbay.bak1
C:\WINDOWS\System32\acbay.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\acbay.bak2
C:\WINDOWS\System32\acbay.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\acbay.ini2
C:\WINDOWS\System32\acbay.ini2 Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#4
Rawe
Posted 31 March 2006 - 09:55 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Next:

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
==

Post back with a fresh HijackThis log. :whistling:
  • 0

#5
Naveb
Posted 31 March 2006 - 10:11 PM

Naveb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok, thankyou

Logfile of HijackThis v1.99.1
Scan saved at 12:11:04 PM, on 01/04/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\lxcccoms.exe
E:\Program Files\Foobar2000\foobar2000.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .csm: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .csml: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cub: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cube: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .dx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .emb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .embl: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .gau: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mol: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mop: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .scr: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .skc: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .spt: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143118067542
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140687968703
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C58614B4-BCB7-4B9C-94C6-546A1267BDB5}: NameServer = 203.134.17.90 211.26.25.90
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
  • 0

#6
Rawe
Posted 31 March 2006 - 11:32 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again. :blink:

Please run a scan with HijackThis and check the following objects for removal:

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

@echo off
sc stop "Service Hosts"
sc delete ServiceHost


Double-click on Removeservice.bat. A window will pop up and close. This is normal. Please reboot.

==

Navigate to, and delete the following file if present:

C:\WINDOWS\shost.exe

==

Post back with one final HijackThis log and let me know how's the system acting now. :whistling:
  • 0

#7
Naveb
Posted 01 April 2006 - 03:43 AM

Naveb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hello,

the computer has been running fine - no freeze and popups. hope it can stay this nice and healthy.

thankyou very much.

Logfile of HijackThis v1.99.1
Scan saved at 5:41:27 PM, on 01/04/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\lxcccoms.exe
E:\Program Files\Soulseek\slsk.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .csm: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .csml: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cub: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .cube: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .dx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .emb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .embl: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .gau: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mol: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .mop: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .scr: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .skc: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .spt: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\WINDOWS\ServicePackFiles\i386\Plugins\npchime.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143118067542
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140687968703
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C58614B4-BCB7-4B9C-94C6-546A1267BDB5}: NameServer = 203.134.17.90 211.26.25.90
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#8
Rawe
Posted 01 April 2006 - 04:02 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yep, looks clean to me :whistling:

==

First priority: Install Service Pack 2 by visiting WindowsUpdates. After you have installed it, reboot, download & install ALL the available critical updates. Then some more preventive maintenance:

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
  • 0

#9
Rawe
Posted 01 April 2006 - 04:20 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP