BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
PC hangs when i search
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > PC hangs when i search  
Forum Quick Jump
 
Vote Results :: 1 vote(s) total
0
Grisoft AVG Free Edition 7.1 - 0.0%
0
Panda Antivirus Pro 2009 - 0.0%
1
Symantec Norton AntiVirus 2006 - 100.0%
0
Norton Antivirus 2009 - 0.0%
0
Alwil Software Avast Home Edition 4.6 - 0.0%
0
ZoneAlarm Anti-virus 2009 - 0.0%
0
Kaspersky Lab Kaspersky Anti-Virus Personal 5.0 - 0.0%
0
Trend Micro PC-cillin Internet Security Security - 0.0%
0
Grisoft AVG Free Edition 7.1 - 0.0%
0
McAfee VirusScan 2006 - 0.0%

 
You cannot post new topics in this forum. Post reply to : PC hangs when i search Printable version of : PC hangs when i search
[ << Previous Thread | Next Thread >> ]

krayon
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/16/2008 5:56 PM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
Hi,
 
When i press search on windows to search a file or a folder, my pc stops responding.
It donesnt even open search window but freezes my task bar. I cant even press start after this and have to restart
my pc was infected by newfolder.exe earlies which i used antivirus system which showed all the exe files were infected
than i got rid with the virus with a newfolder.exe remover.
 
but still facing this problem(I might have deleted some exe and dll files when antivirus showed me those file as infected)
 
Please help me...
 
Many Thanks in advance
Krayon
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/16/2008 7:01 PM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
Hello smile
 
 
Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit
Reboot
 
Please download Malwarebytes' Anti-Malware:
 
Or here:
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
 
Please connect all your external hard drive/flash drive before running Malwarebyte
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Click here to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet.
Most of what it finds will be harmless or even required.
 
Post hijackthis log along with Malwarebytes' Anti-Malware log


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

krayon
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/17/2008 12:13 PM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
Thank you so much for your help .. Touch

Will try doing the way u mentioned

Thanks again..
Back to Top
 

krayon
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/18/2008 12:24 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
hi
I did the way you mentioned
 
 
Hijackthis log: (I still not have fixed anything here)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:00 AM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\Program Files\Topro\tppoll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TVR\TVR\RecSche.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: TVR Schedule.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{645E7729-C10C-4216-B058-8938EB93DC1A}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF954329-909A-4D7E-AAC3-3A0BD1906306}: NameServer = 202.144.115.4,202.144.66.6
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7926 bytes
 
 
 
 
 
Malwarebytes' Anti-Malware 1.31

Database version: 1456
Windows 5.1.2600 Service Pack 2
12/18/2008 2:31:16 AM
mbam-log-2008-12-18 (02-31-16).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 209710
Time elapsed: 2 hour(s), 27 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost agent (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{72B56CBE-BA97-4CE8-8DBF-B25ABD782F79}\RP148\A0089579.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{72B56CBE-BA97-4CE8-8DBF-B25ABD782F79}\RP147\A0088219.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\28463\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
 
Thanks for your help
 
waiting for your reply for the next step
 
thanks again
Krayon

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/18/2008 6:24 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
Next step will be a combo log smile
 
 
Please download Combofix:
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drive/flash drive before running Combofix, if you any
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results". 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.  

 When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

krayon
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/18/2008 7:29 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
I did the way you said again
 
Before that My Internet Client loader is not coming now. before this tests it was opening properly
 
here is the log:
ComboFix 08-12-17.01 - Gaurang 2008-12-18  9:34:48.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2030.1523 [GMT 5.5:30]
Running from: c:\documents and settings\Gaurang\Desktop\ComboFix.exe
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
c:\windows\system32\28463
c:\windows\system32\28463\svchost.001
c:\windows\system32\28463\svchost.002
c:\windows\system32\setting.ini
c:\windows\system32\setup.ini
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr

(((((((((((((((((((((((((   Files Created from 2008-11-18 to 2008-12-18  )))))))))))))))))))))))))))))))
.
2008-12-18 02:34 . 2008-12-18 02:34 <DIR> d-------- c:\program files\Trend Micro
2008-12-18 00:01 . 2008-12-18 00:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 00:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 00:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 22:59 . 2008-12-17 22:59 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\Malwarebytes
2008-12-17 22:58 . 2008-12-17 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 22:48 . 2008-12-17 22:48 <DIR> d-------- c:\program files\CCleaner
2008-12-17 22:40 . 2008-12-17 22:44 <DIR> d-------- C:\SDFix
2008-12-17 20:23 . 2008-12-17 20:25 <DIR> d-------- c:\program files\Error Repair Professional
2008-12-17 15:39 . 2008-12-17 15:39 <DIR> d-------- c:\program files\TeraCopy
2008-12-17 15:39 . 2008-12-18 09:20 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\TeraCopy
2008-12-16 11:37 . 2008-12-16 11:37 <DIR> d-------- c:\program files\AccuTrans 3D
2008-12-16 10:48 . 2008-12-16 10:56 40 --a------ c:\windows\devcap.ini
2008-12-14 17:29 . 2008-12-14 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-12-14 17:28 . 2008-12-14 17:28 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\GRETECH
2008-12-14 17:15 . 2008-12-14 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\SRSLabs
2008-12-14 17:13 . 2008-12-14 17:13 <DIR> d-------- c:\program files\SRSLabs
2008-12-14 17:13 . 2008-12-14 17:13 <DIR> d-------- c:\program files\Common Files\SRS
2008-12-10 18:19 . 2008-12-10 18:19 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-12-08 16:50 . 2008-12-08 16:50 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-06 12:07 . 2008-12-06 20:49 <DIR> d-------- c:\program files\Internet Download Manager
2008-12-06 12:07 . 2008-12-18 02:45 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\IDM
2008-12-04 23:39 . 2008-12-04 23:39 <DIR> d-------- c:\program files\Topro
2008-12-04 23:39 . 2003-09-08 14:01 1,523,712 --a------ c:\windows\system32\ToproVC.dll
2008-12-04 23:39 . 2005-03-04 10:27 221,184 --a------ c:\windows\ToproUI.exe
2008-12-04 23:39 . 2006-05-08 15:55 198,316 --a------ c:\windows\system32\drivers\TP6800.sys
2008-12-04 23:39 . 2003-09-01 14:16 65,536 --a------ c:\windows\system32\camlib.dll
2008-12-04 23:39 . 2006-02-21 10:35 49,152 --a------ c:\windows\system32\drivers\CustPage.ax
2008-12-04 23:39 . 2005-02-25 10:24 28,672 --a------ c:\windows\tpsti.exe
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\Alien Skin
2008-12-02 21:57 . 2008-12-02 21:57 <DIR> d-------- c:\program files\Good Shot
2008-12-02 00:09 . 2008-12-02 00:09 <DIR> d-------- c:\program files\Smart Virus Remover
2008-12-01 23:55 . 2008-12-01 23:55 <DIR> d-------- c:\windows\system32\Flashy.exe
2008-12-01 15:00 . 2008-12-01 15:00 <DIR> d-------- c:\program files\Web Page Maker
2008-12-01 15:00 . 2008-12-01 15:10 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\Web Page Maker
2008-12-01 13:25 . 2008-12-01 13:39 <DIR> d-------- c:\program files\Avanquest update
2008-12-01 13:25 . 2008-12-01 13:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-01 11:17 . 2008-12-01 11:17 <DIR> d-------- c:\program files\GlobalSCAPE
2008-12-01 11:17 . 2008-12-01 11:17 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\GlobalSCAPE
2008-11-29 16:14 . 2008-11-29 16:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-29 16:13 . 2008-11-29 16:13 <DIR> d-------- c:\windows\Elf Bowling - Hawaiian Vacation
2008-11-29 16:13 . 2008-11-29 16:13 <DIR> d-------- c:\program files\Elf Bowling - Hawaiian Vacation
2008-11-28 11:56 . 2008-11-28 11:56 <DIR> d-------- c:\program files\uTorrent
2008-11-28 11:56 . 2008-12-16 01:04 <DIR> d-------- c:\documents and settings\Gaurang\Application Data\uTorrent
2008-11-19 10:38 . 2004-09-17 15:07 61,440 -ra------ c:\windows\system32\vuins32.dll
2008-11-19 10:38 . 2005-01-19 12:15 43,008 -ra------ c:\windows\system32\drivers\dlkfet5b.sys
2008-11-19 10:10 . 2004-08-03 22:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2008-11-19 10:10 . 2004-08-03 22:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2008-11-19 00:15 . 1997-07-19 21:30 155,920 --------- c:\windows\system32\comct232.ocx
2008-11-19 00:15 . 1997-07-19 21:30 129,808 --------- c:\windows\system32\comdlg32.ocx
2008-11-19 00:15 . 1997-06-13 15:26 56,832 --------- c:\windows\system32\iyvu9_32.dll
2008-11-19 00:06 . 2008-11-19 00:06 <DIR> d-------- c:\windows\BBSTORE
2008-11-19 00:06 . 2008-11-19 00:06 <DIR> d-------- c:\program files\The Learning Company
2008-11-19 00:06 . 2008-11-21 00:01 382 --a------ c:\windows\ereg077.dat
2008-11-19 00:05 . 2008-11-19 00:05 0 --a------ c:\windows\SETUP32.INI
2008-11-18 20:46 . 2007-03-02 14:07 1,904 --------- c:\windows\system32\SetupBD.din
2008-11-18 20:42 . 2008-11-18 20:46 <DIR> d-------- c:\program files\Intel
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 04:07 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-18 04:07 --------- d-----w c:\program files\DNA
2008-12-18 04:07 --------- d-----w c:\documents and settings\Gaurang\Application Data\DNA
2008-12-18 04:04 --------- d-----w c:\documents and settings\Gaurang\Application Data\DMCache
2008-12-18 03:53 --------- d-----w c:\documents and settings\Gaurang\Application Data\Broadband
2008-12-17 14:51 --------- d-----w c:\program files\Common Files\Adobe
2008-12-17 11:04 --------- d-----w c:\program files\Winamp
2008-12-17 09:56 --------- d-----w c:\program files\Folder Lock
2008-12-17 09:55 --------- d-----w c:\program files\Any FLV Player
2008-12-17 09:53 --------- d-----w c:\program files\DivX
2008-12-17 09:50 --------- d-----w c:\program files\VideoLAN
2008-12-17 09:49 --------- d-----w c:\program files\Common Files\Real
2008-12-17 09:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 09:48 --------- d-----w c:\program files\CyberLink
2008-12-17 09:46 --------- d-----w c:\program files\Google
2008-12-16 17:32 --------- d-----w c:\program files\Yahoo!
2008-12-16 05:42 --------- d-----w c:\program files\QuickTime
2008-12-15 20:26 --------- d-----w c:\program files\VideoMach-4.0.3
2008-12-15 20:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-15 20:26 --------- d-----w c:\program files\Apple Software Update
2008-12-15 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-14 11:58 --------- d-----w c:\program files\GRETECH
2008-11-19 05:18 --------- d-----w c:\program files\Internet Cyclone
2008-11-15 16:49 --------- d-----w c:\program files\Sify Broadband
2008-11-10 05:32 --------- d-----w c:\documents and settings\Gaurang\Application Data\Uniblue
2008-11-10 05:30 --------- d-----w c:\program files\PopCap Games
2008-11-10 05:30 --------- d-----w c:\program files\GameHouse
2008-11-09 09:51 --------- d-----w c:\program files\Zeallsoft
2008-11-07 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-11-07 13:54 --------- d-----w c:\documents and settings\Gaurang\Application Data\MSNInstaller
2008-11-07 04:57 --------- d-----w c:\program files\Reflexive Arcade Games - Action
2008-11-06 15:08 --------- d-----w c:\documents and settings\Gaurang\Application Data\Yahoo!
2008-11-05 11:50 --------- d-----w c:\program files\UnHackMe
2008-11-05 10:52 522,240 ----a-w c:\windows\system32\libcurl.dll
2008-11-05 10:52 41,472 ----a-w c:\windows\system32\hengine.dll
2008-11-05 10:52 22,016 ----a-w c:\windows\system32\ndisprot.sys
2008-11-05 10:52 16,000 ----a-w c:\windows\system32\passthru.sys
2008-11-05 05:46 --------- d-----w c:\program files\Total Video Converter
2008-10-26 18:17 193 ----a-w C:\aw.dat
2008-10-26 17:38 --------- d-----w c:\program files\Autodesk
2008-10-14 10:30 16,896 ----a-w c:\windows\system32\RASPPPOE.EXE
2008-10-04 19:28 166,989 ----a-w c:\windows\Cam 3D Webmaster Edition Uninstaller.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-12-06 931248]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-13 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-13 86016]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-12-01 193760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"DSS"="c:\windows\BBSTORE\DSS\DSSAGENT.EXE" [1999-10-12 590336]
"tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
"nwiz"="nwiz.exe" [2007-03-13 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="c:\windows\system32\lvhidsvc.exe" [2004-10-10 33280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TVR Schedule.lnk - c:\windows\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-12-16 1078]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2008-09-23 33792]
S2 MCIDRV_2600_6_0;MCIDRV_2600_6_0;\??\c:\windows\system32\drivers\hsrnqs.sys []
S3 DCamUSBIntel;Webcam;c:\windows\system32\Drivers\TP6800.sys [2008-12-04 198316]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2004-03-12 169192]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{324fb291-b07c-11dd-8c3b-0019d1fd5b3b}]
\Shell\Auto\command - asp.net
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{324fb292-b07c-11dd-8c3b-0019d1fd5b3b}]
\Shell\Auto\command - asp.net
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74120564-a4be-11dd-8c02-0019d1fd5b3b}]
\Shell\AutoRun\command - I:\Secret.exe
\Shell\explore\Command - I:\Secret.exe
\Shell\open\Command - I:\Secret.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d555c774-2f16-11dd-8a4d-0019d1fd5b3b}]
\Shell\AutoRun\command - I:\i.bat
\Shell\explore\Command - I:\i.bat
\Shell\open\Command - I:\i.bat
.
Contents of the 'Scheduled Tasks' folder
2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2008-11-10 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mDefault_Page_URL = hxxp://in.yahoo.com
mDefault_Search_URL = hxxp://in.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://in.search.yahoo.com
mSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mStart Page = hxxp://in.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://in.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://in.search.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
TCP: {645E7729-C10C-4216-B058-8938EB93DC1A} = 202.144.115.4,202.144.66.6
TCP: {AF954329-909A-4D7E-AAC3-3A0BD1906306} = 202.144.115.4,202.144.66.6
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 09:37:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1380)
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-12-18  9:43:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-12-18 04:13:33
Pre-Run: 9,769,009,152 bytes free
Post-Run: 9,605,132,288 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
253 --- E O F --- 2008-11-04 18:11:04
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/18/2008 8:06 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
Reboot, and tell how things are running now ?


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

krayon
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/18/2008 8:42 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
no its still hangs.

When i press start<search

:(
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/18/2008 9:27 AM (GMT +3)    Quote: PC hangs when i searchAlert an admin about: PC hangs when i search
There are no more infections. I´ll therefore suggest you try these tips/tweaks and see if they help:
http://home.comcast.net/~SupportCD/OptimizeXP.html


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
You cannot post new topics in this forum. Post reply to : PC hangs when i search Printable version of : PC hangs when i search
 
Forum Information
Currently it is Friday, August 22, 2014 10:39 PM (GMT +3)
There are a total of 60,569 posts in 13,311 threads.
In the last 3 days there were 2 new threads and 2 reply posts. View Active Threads
Who's Online
This forum has 36262 registered members. Please welcome our newest member, pravintechno.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard 2014 Firewall and high DPC latency (13)8/22/2014 5:29:40 PM (NorthPole)
Best antivirus features under free licensing (0)8/22/2014 6:30:43 AM (pravintechno)
Malware bytes can not be installed successfully and pricechope adware (0)8/21/2014 10:23:52 PM (petlad)