Tech Support banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 · (Edited)
Hello

I've developed a problem on my machine that none of my virus/spyware scanners can seem to pick up. I cannot connect to any website after opening Internet Explorer OR Mozilla Firefox. When I save an http link on my desktop I can use that link to go to that given website but cannot browse any further. Also, I am a gamer. I play World of Warcraft mostly. When trying to log on to WoW I, often times, can't connect. I also have AstonShell on my computer. If I use the shell swapper, log out, log back in, and hurry into WoW, I can sometiems connect. I have no idea why that makes it work. I am posting from the Linux OS I installed on a second hard drive to learn a little about Linux on. I have recently ran a scan with HijackThis and if you could give it a look over or suggest a resolution I would greatly appreciate it.

Oh yes, also I have seen where my computer prompts me that it will shut down in 1 minute. When this dialog box appears I go to start/run and then use "shutdown -a" to prevent it from happening. I have AVG antivirus and use spysweeper, spybot, and ad-aware. Thanks in advance for any information you could provide. The following is my HijackThis log:


Logfile of HijackThis v1.99.1

Scan saved at 7:20:11 PM, on 2/7/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\KL\My Documents\HijackThis.exe



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {121f91cc-d9c8-4b9f-90a6-b3802c0cc3f8} - C:\WINDOWS\system32\lsasadv.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0029C1D1-0427-4F90-AC70-D146BFF56DFE}: NameServer = 85.255.114.8,85.255.112.189

O17 - HKLM\System\CCS\Services\Tcpip\..\{354CE07A-46BE-4616-B6D7-54D55591B355}: NameServer = 85.255.114.8,85.255.112.189

O17 - HKLM\System\CS1\Services\Tcpip\..\{0029C1D1-0427-4F90-AC70-D146BFF56DFE}: NameServer = 85.255.114.8,85.255.112.189

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: lsasadv - lsasadv.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
Just an update, I have tried fixing
O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe

in Hijackthis and I can now get on the internet and browse and do not have any trouble logging on to WoW. I don't know if this is the only thing I need to fix. Is there anything else in my log that is out of place?
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that this is but Round 1 of what could be several posts to get your system clean. Stick with me until you get the all clear.

Not sure what you did with the format of the HijackThis log, but please don't double-space it. It's actually harder (for us who read hundreds of these things) to read. Thank you.

---------------------------------------------------------------------------------------------

  1. Download combofix.exe to your desktop.
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. It will be located at C:\ComboFix.txt should you happen to close it. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


---------------------------------------------------------------------------------------------

Once Combofix has completed it's routine, do this:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: (no name) - {121f91cc-d9c8-4b9f-90a6-b3802c0cc3f8} - C:\WINDOWS\system32\lsasadv.dll (file missing)
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0029C1D1-0427-4F90-AC70-D146BFF56DFE}: NameServer = 85.255.114.8,85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{354CE07A-46BE-4616-B6D7-54D55591B355}: NameServer = 85.255.114.8,85.255.112.189
O17 - HKLM\System\CS1\Services\Tcpip\..\{0029C1D1-0427-4F90-AC70-D146BFF56DFE}: NameServer = 85.255.114.8,85.255.112.189
O20 - Winlogon Notify: lsasadv - lsasadv.dll (file missing)


Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\3611010322516384.exe

If it resists deletion, boot into safe mode and delete it from there.

To boot into safe mode, if needed:

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.


---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

C:\ComboFix.txt
A new HijackThis log
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top