Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hello all,

I have a problem on my computer. It seems like everytime I restart my computer or reboot it it would freeze on me after a few seconds. My Avast! Antivirus detects a.bat and sometimes a number.bat in C:/. I have 3 Hard Drives.

D:/ (Used)
C:/ (System Files or what not)
I:/ (Back Up Drive for any material)

Whenever it freezes, the taskbar would not work and the hourglass sign would display on my mouse. I cannot click anything. I would have to press F8 before accessing the login of my computer and continue to the login by selecting "Last Known Good Configuration" or something like that because the computer wouldn't act weird. It still does appear on my antivirus that a.bat or a number.bat has been detected. Can anybody help? I have already downloaded a HJT installer and continued by saving a log. Here it is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:09 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ALCXMNTR.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\sm56hlpr.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\msconf.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\AutoFlip.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymcforums.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\system32\vsdrv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [DRam prosessor] msconf.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RunFlip] D:\WINDOWS\RunFlip.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Ezonics VGA camera
O4 - HKLM\..\RunServices: [DRam prosessor] msconf.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperCam] D:\Program Files\Wallpaper Cam\WallPaperCam.exe /d40
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5932 bytes
I only quoted it to let you all know that that specific quote is the full log of HJT and I did not take it from another person's log. I hope somebody can help me out. Thank you and help is much appreciated. :)
 

·
Registered
Joined
·
2,697 Posts
Welcome to TSF....

Posting the HJT log file here actually is in the wrong portion of the forum It really should be posted in the HJT Help forum but only after going thru a slight procedure here that will follow. Please do this procedure and then post if necessary.

To get Expert Help with malware removal:

I recommend that you read this article… ("Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? - First Steps";
http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/security-center/hijackthis-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/security-center/hijackthis-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. .
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top