0

Hi all,
My Internet Explorer, Outlook Express and MSN all freeze up and have to be closed as soon as i open them. I have a number of anti- virus and spyware programs, none of which have found anything, and this problem is getting more and more annoying. Some other things, like User Accounts, do not open either.

I had to get the Firefox browser through Skype (which works perfectly) from a friend, and i have had no problems with it.
My internet connection is fine.

Please help!

Thanks everyone.

7
Contributors
24
Replies
25
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hey people... just for info, this issue was first discussed in this thread: http://www.daniweb.com/techtalkforums/thread14172.html ... Im having the exact same problem as Hypnotoad did...

Please do the following, as the contents of your HijackThis log will differ from Hypnotoad's log:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

0

Thanks, DMR.

Well, here's my Hijackthis log file then:

Logfile of HijackThis v1.99.1
Scan saved at 17:29:53, on 24/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dwwin.exe
C:\DOCUMENTS AND SETTINGS\WILL\DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

... any use to you?

/Will

0

That's a clean log, but it does indicate one thing: the following header information in your HJT log shows that your versions of Windows XP and Internet Explorer are very out of date:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Please use Windows' Automatic Update feature to bring your system up to date; many of the updates you're missing address/fix security loopholes and other bugs. I definitely wouldn't suggest going all the way to Service Pack 2 until we're sure that your system is stable, but you need to at least upgrade to Service Pack 1 with all of its most current critical updates.

Once you've done that, the upgrades/updates should be reflected in your HJT log's header info as follows:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Since malicious programs don't immediately appear to be the cause of the crashes, open the event viewer utility in your Administrative Tools folder and have a look through your System and Application logs for any error or warning entries. Double-clicking on any of the entries will open a window with more specific info on the fault; post the full and exact contents of any such messages which might appear to relate to the problems you're experiencing.

0

Right ok thanks a lot DMR...

One question though, how would someone go about getting the necessary updates if their version of XP wasn't exactly legit? Hypothetically speaking of course...

/Will

0

Hypothetically speaking of course...

Sorry man, but there's no hypothetical here as far as that one goes- we can't and don't support pirated or otherwise illegally-obtained software; it's our butts on the line if we do. :(


Did you find anything possibly useful in the Event Viewer logs?

0

DMR - It's not that i have a pirated copy, but i'm using a corporate version of XP, i.e. the one that companies use so that they dont have to get a seperate version for every computer. This isn't really illegal, or if it is, its not half as bad as an actual pirated copy, so d'ya reckon updates would work without ruining my computer?

Thanks, and if it doesnt work, i'll buy a legitmate, home version of XP. I promise. ;)

/Will

0

HELP!! ive been having similar problems to the ones described above

symptoms:

1. Internet Explorer can open and will run for about 5 mins until it will freeze, and break the internet connection. After Ending Task, i will try to open a new internet explorer window but it will not open any websites since the internet connection is somehow broken. Cannot Report Error also since i can't connect back online.

When i restart the computer, the internet connection comes back on, but then the problem will repeat again- IE will freeze after 5 mins, and internet connection breaks

(I think my internet version is 6.0)

2. Same thing with MSN messenger- after a few minutes, MSN messenger will freeze, and then break the internet connection. After force-ending it with Task Manager, cannot log back on. Cannot Report Error also .

I got this error message:
AppName: msnmsgr.exe AppVer: 7.5.306.0 ModName: shdocvw.dll
ModVer: 6.0.2900.2096 Offset: 00013fe1

3. I tried downloading Mozilla but does not solve the problem. it also freezes after about 5 mins and i will lose the internet connection until i restart the computer.

4. Not sure if this is related but it takes longer than normal to restart and shut down the computer- can take up to 5-10mins/

I ran a Hijack This log, and here are the results
Volume (C:)
Volume size = 17.72 GB
Cluster size = 16 KB
Used space = 12.69 GB
Free space = 5.03 GB
Percent free space = 28 %
Volume fragmentation
Total fragmentation = 22 %
File fragmentation = 42 %
Free space fragmentation = 2 %
File fragmentation
Total files = 34,743
Average file size = 349 KB
Total fragmented files = 41
Total excess fragments = 9,822
Average fragments per file = 1.28
Pagefile fragmentation
Pagefile size = 720 MB
Total fragments = 1,178
Folder fragmentation
Total folders = 2,705
Fragmented folders = 53
Excess folder fragments = 229
--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
438 224 MB \WINDOWS\MEMORY.DMP
68 146 MB \Documents and Settings\User\Local Settings\Temp\~PST3618.TMP
106 240 MB \Documents and Settings\User\Local Settings\Temp\~PST5835.TMP
58 95 MB \Documents and Settings\User\Local Settings\Temp\~PST1659.TMP
83 172 MB \Documents and Settings\User\Local Settings\Temp\~PST1444.TMP
53 64 MB \Documents and Settings\User\Local Settings\Temp\~PST6743.TMP
3,180 2.28 GB \Documents and Settings\User\Local Settings\Temp\Photoshop Temp2467333
47 66 MB \Documents and Settings\User\Local Settings\Temp\Photoshop Temp110359
810 184 MB \Documents and Settings\User\Local Settings\Temp\~PST1404.TMP
776 164 MB \Documents and Settings\User\Local Settings\Temp\~PST1067.TMP
72 59 MB \Documents and Settings\User\Local Settings\Temp\~PST2766.TMP
53 31 MB \Documents and Settings\User\Local Settings\Temp\~PST4011.TMP
116 82 MB \Documents and Settings\User\Local Settings\Temp\~PST1062.TMP
362 125 MB \Documents and Settings\User\Local Settings\Temp\~PST2257.TMP
129 78 MB \Documents and Settings\User\Local Settings\Temp\~PST9776.TMP
282 78 MB \Documents and Settings\User\Local Settings\Temp\~PST7382.TMP
550 132 MB \Documents and Settings\User\Local Settings\Temp\~PST1945.TMP
1,109 131 MB \Documents and Settings\User\Local Settings\Temp\~PST4514.TMP
1,045 283 MB \Documents and Settings\User\Local Settings\Temp\~PST2810.TMP
50 104 MB \Documents and Settings\User\Local Settings\Temp\~PST6104.TMP
33 36 MB \Documents and Settings\User\Local Settings\Temp\~PST1526.TMP
10 65 MB \Documents and Settings\User\Local Settings\Temp\~PST9050.TMP
76 168 MB \Documents and Settings\User\Local Settings\Temp\~PST2246.TMP
80 103 MB \Documents and Settings\User\Local Settings\Temp\~PST1292.TMP
6 1 MB \Documents and Settings\User\Desktop\Li Zhen's Folder\Conversations\lauhanyang1351355151.xml
6 2 MB \Documents and Settings\User\Desktop\Li Zhen's Folder\Conversations\mayann8679599405.xml
6 5 MB \Program Files\QuickTime\QuickTimePlayer.exe
29 14 MB \Program Files\QuickTime\QTSystem\QuickTime.qts
7 8 MB \System Volume Information\_restore{F7C1D839-7F97-49C3-9B26-B67612991679}\RP399\A0094270.EXE
10 16 MB \System Volume Information\_restore{F7C1D839-7F97-49C3-9B26-B67612991679}\RP389\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE


i'll appreciate any help or suggestions, thanks!!

0

[updated]

hi sorry, i mistakenly posted my defragmentation results. here is my HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 22:33:23, on 12-Dec-06
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Documents and Settings\User\Desktop\Hijack This\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,(Default) = 1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SNHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [rvrmxxnc] C:\WINDOWS\System32\oxpmpil.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\User\Local Settings\Temp\ms9.tmp"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S108.tmp"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.sg/support/OnlineDiagnosis/selftest/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

thanks!

0

Hi zhen87- welcome to DaniWeb :)

The HijackThis log you posted definitely shows that you have infections, but the version of HijackThis that you are using is extremely out-of-date and therefore isn't giving us the complete picture.
Please delete the old version, download the latest version (1.99.0), run a new scan with it, and post the new log file.

0

ohhokay, here's my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:33:18, on 13-Dec-06
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,(Default) = 1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SNHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\User\Local Settings\Temp\ms9.tmp"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S108.tmp"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.sg/support/OnlineDiagnosis/selftest/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

0

For the record, I had a great deal of difficulty when BT ran Broadband at a faster speed without mentioning it...out of the blue arrived a new 'router' aswas modem...so they KNEW! Seems to be OK since the new gadget although I get irritated with various small screen openings that have to be enlarged...but all I am saying is, as a total amateur, maybe it is the modem/router playing up. Cheers.

0

Thanks for the new log. I see signs of at least 4 different adware/spyware infections in that log, so it might take a few passes to get them all removed. Please be patient, and follow any instructions fully, carefully, and in the order given.

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.


1. Download ATF-Cleaner and save it to convenient location.


2. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.


3. Run another HiajckThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HijackThis once it completes its fixes:

R1 - HKLM\Software\Microsoft\Internet Explorer,(Default) = 1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: SNHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll (file missing)
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\User\Local Settings\Temp\ms9.tmp"
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

4. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

* Double-click ATF-Cleaner.exe to run the program.
- Click the Main menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.

If you use Firefox browser:

- Click the Firefox menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, click No at the prompt.
- Click Exit on the Main menu to close the program.


* Run AVG Anti-Spyware.

- Click on the "Scanner" icon just to the right of the Update icon. In the Scanner window, click on the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Delete" from the resulting menu.
- All boxes under "How to scan" and "Possibly unwanted..." should be checked.
- Under "Reports", check "Automatically generate report after every scan".
- Under "What to scan", select "Scan every file".
- Click on the "Scan" tab, and then click on "Complete System Scan" to start scanning. It usually takes at least 40 minutes to complete a full scan.

Once the scan is complete, a window listing all infected objects (if any are found) will be displayed. Below the list of infected objects, make sure the Set all elements to: option is set to Delete and then click the Apply all actions button.

After the malicious items are deleted, you will be given the option to save the scan report; do that. The report is saved as a text file in the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder. (The actual filename is a combination of the date and time of the scan.)


* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
Search for the following files and delete them if found:

C:\WINDOWS\VoiceIP.dll
C:\WINDOWS\mxTarget.dll
C:\WINDOWS\System32\SWin32.dll
C:\WINDOWS\svchost.exe <-Note that there is a valid Windows file named "svchost.exe" in the C:\WINDOWS\System32 folder, be sure to delete only the version of svchost.exe found in the C:\WINDOWS folder!!

Delete the C:\Program Files\Srng and C:\Program Files\Common Files\WinTools folders entirely and then empty your Recycle Bin.


5. Reboot the computer normally, open the AVG Anti-Spyware report in Windows Notepad, and Cut-N-Paste the entire contents of that report into a post in this thread. Run a new HijackThis scan and post that log as well.

.

0

hi DMR, thanks alot for your help so far.

here are the results:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:49:40 15-Dec-06
+ Scan result:

C:\WINDOWS\system32\mscjjn.dll -> Adware.180Solutions : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned.
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1 -> Adware.Adlogix : Cleaned.
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1\CLSID -> Adware.Adlogix : Cleaned.
HKLM\SOFTWARE\Mwsvm -> Adware.AdRotator : Cleaned.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Adware.BetterInternet : Cleaned.
C:\System Volume Information\_restore{F7C1D839-7F97-49C3-9B26-B67612991679}\RP408\A0097682.dll -> Adware.BiSpy : Cleaned.
C:\WINDOWS\system32\msnkmi.dll -> Adware.ClientMan : Cleaned.
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj -> Adware.ClientMan : Cleaned.
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj.1 -> Adware.ClientMan : Cleaned.
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID -> Adware.ClientMan : Cleaned.
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CurVer -> Adware.ClientMan : Cleaned.
C:\WINDOWS\system32\iezset.exe -> Adware.EZula : Cleaned.
C:\WINDOWS\system32\mskplb.dll -> Adware.Ipend : Cleaned.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned.
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned.
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned.
HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned.
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned.
HKLM\SOFTWARE\slmss -> Adware.SecondThought : Cleaned.
C:\WINDOWS\system32\sset.exe -> Adware.Sidesearch : Cleaned.
C:\adware\ngsw31.dll -> Adware.VB : Cleaned.
C:\WINDOWS\system32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned.
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc -> Adware.WebSearch : Cleaned.
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc\Enum -> Adware.WebSearch : Cleaned.
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc\Security -> Adware.WebSearch : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Adware.WebSearch : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Adware.WebSearch : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Adware.WebSearch : Cleaned.
HKU\.DEFAULT\Software\WinTools -> Adware.WebSearch : Cleaned.
HKU\.DEFAULT\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned.
HKU\S-1-5-18\Software\WinTools -> Adware.WebSearch : Cleaned.
HKU\S-1-5-18\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned.
C:\WINDOWS\system32\silent.exe -> Adware.WinFetcher : Cleaned.
C:\WINDOWS\system32\mmsbkend.exe -> Downloader.Apropo.f : Cleaned.
C:\WINDOWS\system32\pms3dmod.exe -> Downloader.Apropo.f : Cleaned.
C:\WINDOWS\system32\udhcore2.exe -> Downloader.Apropo.f : Cleaned.
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OH67CXQN\in[2].dat -> Downloader.QDown.j : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.75:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.291:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.292:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.293:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\User\Cookies\user@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\User\Cookies\user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\User\Cookies\user@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.78:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.317:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\User\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\User\Cookies\user@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User\Cookies\user@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.177:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.178:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.179:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.64:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.213:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ehg-deltatre.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.324:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.325:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\User\Cookies\user@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.326:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@creative.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.145:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.147:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.148:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\User\Cookies\user@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.323:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\User\Cookies\user@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.235:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.236:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.237:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.288:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\User\Cookies\user@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.270:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.271:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.29:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.111:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.94:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\User\Cookies\user@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\User\Cookies\user@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.201:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.202:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.203:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.204:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.205:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.206:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.208:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.184:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\az4m27o0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\mshlol.dll -> Trojan.Small : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 01:00:26, on 15-Dec-06
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S108.tmp"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.sg/support/OnlineDiagnosis/selftest/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

i followed your instructions all the way until the end with no problems. in step 4, the 4 files and 2 folders that you listed couldn't be found in my computer.

0

Good job- except for one leftover, your log is clean now :)

Having you manually search for the 4 files and two folders was just a double-check to verify that they were really deleted by the utilities (which they appear to have been).

1. Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix checked" button. This time, do not close HijackThis yet:

O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

* In HijackThis' main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, copy-n-paste the following in the deletion box and press OK:

.NET Connection Service

* Close HijackThis after that.


2. Disable and then re-enable your System Restore feature to delete the contents of the Restore folder. Instructions for doing that, as well as an explanation of why you're doing it, are posted here.


3. Once you've completed steps #1 and #2, please run a (hopefully) final HJT scan and post the new log. Also let us know how the system seems to functioning now.

0

i wasn't able to follow this step:


* In HijackThis' main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, copy-n-paste the following in the deletion box and press OK:

.NET Connection Service


the following warning comes up:
"The service .NET Connection Service is enabled/running. Please disable it...." even after i've Fix Checked the 023-service:..... previously as instructed.

i suspect its because in HijackThis, under Config then Main, the setting "Make backups before fixing" is checked.

should i uncheck it?

0

Sorry- I should have had you check to make sure that the service was disabled before we attempted to delete it. HijackThis can't delete a service if it is running. This should do the trick:

1. Open the Services utility in your Administrative Tools control panel.

* In the list of services, locate the service named ".NET Framework Service" or ".NET Connection Service" and double-click on it.

* In the General tab of the Properties window that opens, click the Stop button.

*Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK.

* Close the Services utility.


2. Open HijackThis, and in the main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, copy-n-paste the following in the deletion box and press OK:

.NET Connection Service

* Close HijackThis after that.

Let us know if that works, and give us a new HijackThis log please.

0

hi, here's my new Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 17:01:44, on 16-Dec-06
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S108.tmp"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.sg/support/OnlineDiagnosis/selftest/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


mm the same symptoms still seem to be persisiting though, Internet Explorer and MSN messenger 7.5 always freezes after a few minutes, MSN messenger usually immediately after logging on. After Ending Task, the internet connection is completely broken and can only be reaccessed after restarting the computer..

AVG anti-spyware scan still comes out clean

0

mm the same symptoms still seem to be persisiting though...

That's not totally unusual, but at least now your system is clean, so we don't have to worry about further complications caused by the infections.

Let's have a look at your Event Logs and see if Windows has been able to record any error messages that might offer details of the IE/Messenger crashes/hangs:

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s).

* Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

* To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

.

0

Some samples of errors/warnings under application

1. Event Type: Error
Event Source: TrueVector Service
Event Category: None
Event ID: 5007
Date: 17-Dec-06
Time: 19:58:33
User: N/A
Computer: USER-M35IA6NCV6
Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB206.tmp". File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been deleted.

2.Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 17-Dec-06
Time: 01:17:03
User: NT AUTHORITY\SYSTEM
Computer: USER-M35IA6NCV6
Description:
Windows saved user USER-M35IA6NCV6\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


3. Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 17-Dec-06
Time: 01:12:01
User: N/A
Computer: USER-M35IA6NCV6
Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2096, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 49 45 58 50 4c 4f IEXPLO
0018: 52 45 2e 45 58 45 20 36 RE.EXE 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 30 39 36 20 69 6e 20 2096 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

4. Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 17-Dec-06
Time: 01:11:20
User: N/A
Computer: USER-M35IA6NCV6
Description:
Hanging application msnmsgr.exe, version 7.5.306.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 73 6e 6d 73 67 msnmsg
0018: 72 2e 65 78 65 20 37 2e r.exe 7.
0020: 35 2e 33 30 36 2e 30 20 5.306.0
0028: 69 6e 20 68 75 6e 67 61 in hunga
0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
0038: 2e 30 20 61 74 20 6f 66 .0 at of
0040: 66 73 65 74 20 30 30 30 fset 000
0048: 30 30 30 30 30 00000


Some samples of errors/warnings under system
1. (occurs at high frequency)
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 09-Dec-06
Time: 01:46:27
User: N/A
Computer: USER-M35IA6NCV6
Description:
The WinTools for IE service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

2. Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 09-Dec-06
Time: 22:11:57
User: N/A
Computer: USER-M35IA6NCV6
Description:
The browser was unable to retrieve a list of servers from the browser master \\USER-CNT0GDID3M on the network \Device\NetBT_Tcpip_{4EA68F78-CBFD-46E7-9527-40F6ED0BE659}. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 35 00 00 00 5...


3. Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 09-Dec-06
Time: 23:42:31
User: N/A
Computer: USER-M35IA6NCV6
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000625486BE2. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...


4. Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 14-Dec-06
Time: 23:32:08
User: N/A
Computer: USER-M35IA6NCV6
Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.4. The machine with the IP address 192.168.0.2 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........


5. Event Type: Warning
Event Source: Ftdisk
Event Category: Disk
Event ID: 57
Date: 17-Dec-06
Time: 00:59:46
User: N/A
Computer: USER-M35IA6NCV6
Description:
The system failed to flush data to the transaction log. Corruption may occur.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 be 00 ......¾.
0008: 02 00 00 00 39 00 04 80 ....9..
0010: 00 00 00 00 0e 00 00 c0 .......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

0

Hey, I hope someone still checks this that can help... I have the same problem, Outlook started freezing, then MSN messenger, now Bitcomet and IE is starting to slow down too... I tried uninstalling and reinstalling stuff, didn't work. I don't have Winfax. I have now uninstalled Outlook and MSN Messenger and am using Mercury and Firefox, but I know the problem is still there... I ran Spybot and antivirus, no help, I also ran Regcure which cleaned up a bunch of stuff, still no help. I have Norton systemworks 2003 and Office 2003 with all the updates.. attached is my Hijack this log, Thank you for the help...

Logfile of HijackThis v1.99.1
Scan saved at 8:50:14 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160752161626
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160756616187
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

0

Hi jsh.

First of all- welcome to Daniweb :).

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules


Thanks for understanding.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.