TheTechGuide Forum
General Category => Tech Clinic => Topic started by: ernest_ckl on May 26, 2007, 05:26:06 AM
-
sysFader: iexplore application error
when i open chinese star XP,
this eror come out, sysFader: iexplore application error
the exception provileged instruction
(0xc0000096) occurred in the application at location ox43207fa0
then all explorer close...
here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 6:13:40 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.espn.go.com/?cc=4716 (http://\"http://soccernet.espn.go.com/?cc=4716\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 234.123.234.123:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (http://\"http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rdihost - {357FB374-F326-4847-97D0-BEEF930DD1AC} - rdihost.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Hi ernest_ckl
Can we run a few tools on your computer
Do the following:
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
We will need this later
Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
If the link to SDFix is temporarily unavailable, please try HERE (http://\"http://antimalware.andymanchesta.com/research/SDFix.exe\") instead
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We will need this later
Download FixwareOut from one of the following sites:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe (http://\"http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe\")
http://downloads.subratam.org/Fixwareout.exe (http://\"http://downloads.subratam.org/Fixwareout.exe\")
Save it too desktop, we'll need it later
Print the rest of these instructions, or save them too a text file on desktop for reference
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O21 - SSODL: rdihost - {357FB374-F326-4847-97D0-BEEF930DD1AC} - rdihost.dll (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account
In Safe mode
I need to see everything running on startup
Go to START>>RUN>>type in
msconfig
Under the General Tab select Normal startup
Apply and Close it but DO NOT restart the computer yet
SDFix
Go to START>>My Computer>>Double click to open the C:\ folder - Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
I'll need to see that log later
Double click on FixWareout.exe
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads, it will open a textfile. Save that log, because I need it later.
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back all the following please, even if it takes more than one reply to do so
1. Post the log from Combofix
2. Post the report from Fixwareout
3. Post the report from SDFix
4. Post a fresh hijackthis log
-
"Owner" - 2007-05-27 13:38:36 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Owner\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\install.log"
((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))
2007-05-27 13:33 8,177 --a------ C:\dnsbak.reg
2007-05-22 15:11 45,119 --a------ C:\WINDOWS\system32\csdriver.sys
2007-05-19 17:30 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2007-05-19 17:29 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-03 02:04 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-03 02:02 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-05-03 02:02 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-05-03 02:02 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-05-03 02:02 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-03 02:01 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-03 02:01 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-03 02:01 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-03 02:01 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-02 10:33 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-02 10:33 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-27 20:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-04-27 20:17 <DIR> d-------- C:\divx
2007-04-27 20:16 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-04-27 20:16 <DIR> d-------- C:\Program Files\DivX
2007-04-27 20:01 <DIR> d-------- C:\WINDOWS\naevius
2007-04-27 20:01 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2007-04-27 20:01 <DIR> d-------- C:\naevius_temp_folder
2007-04-27 19:52 <DIR> d-------- C:\WINDOWS\FLV Player
2007-04-27 18:09 65,536 --a------ C:\WINDOWS\IFinst27.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-26 10:03:55 -------- d-----w C:\Program Files\Chinese Star XP
2007-05-09 09:11:03 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-06 06:30:34 -------- d-----w C:\Program Files\Google
2007-05-02 18:04:19 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 18:04:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-05-02 18:04:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-05-02 18:02:06 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-05-02 18:02:02 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-05-02 18:02:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-21 07:04:12 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-21 07:04:10 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 08:55:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-04 14:33:26 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-31 13:47:53 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-03-31 13:46:34 -------- d-----w C:\Program Files\iWin Games
2007-03-31 12:34:34 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-27 07:55:31 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-26 05:57:16 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-03-18 09:30:49 530 ----a-w C:\WINDOWS\system32\ealregsnapshot2.reg
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-08 16:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=D:\Program Files\FlashGet\jccatch.dll [2007-01-29 17:46]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 17:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 03:25]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{F156768E-81EF-470C-9057-481BA8380DBA}=D:\Program Files\FlashGet\getflash.dll [2007-01-15 11:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 04:47]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 17:33]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 18:48]
*Newly Created Service* -PROCEXP90
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070527-131137-395
O21 - SSODL: rdihost - {357FB374-F326-4847-97D0-BEEF930DD1AC} - rdihost.dll (file missing)
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{357FB374-F326-4847-97D0-BEEF930DD1AC}]
[HKEY_CLASSES_ROOT\CLSID\{357FB374-F326-4847-97D0-BEEF930DD1AC}\InProcServer32]
@="rdihost.dll"
backup-20070527-131137-580
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
backup-20070527-131136-354
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
backup-20070527-131136-657
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070527-131136-575
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-05-27 13:39:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-27 13:40:23
C:\ComboFix-quarantined-files.txt ... 2007-05-27 13:40
--- E O F ---
Fixwareout
Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»»
»»»»» Postrun check
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Or http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ZoneAlarm Client"="\"D:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
SDFix
SDFix: Version 1.85
Run by Owner - Sun 05/27/2007 - 13:21:09.59
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp*.tmp - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Chinese Star XP\\CStar.exe"="C:\\Program Files\\Chinese Star XP\\CStar.exe:*:Enabled:Chinese Star XP"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Program Files\\Hamachi\\hamachi.exe"="D:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\Owner\\Desktop\\fifa07.exe"="C:\\Documents and Settings\\Owner\\Desktop\\fifa07.exe:*:Enabled:fifa07"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\chankaileongEmail Removed\SharingMetadata\nistelrooy_kokEmail Removed\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
-
Logfile of HijackThis v1.99.1
Scan saved at 1:46:25 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.espn.go.com/?cc=4716 (http://\"http://soccernet.espn.go.com/?cc=4716\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 234.123.234.123:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (http://\"http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
How are things running?
Have you purposely set up this proxy server?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 234.123.234.123:80
Open IE>>Tools>>Internet options>>Connections>>Select Settings beside your connection type
Take note of settings
Did you set these? Just curious
Your ISP appears to be somewhere in Malaysia
I just can't get info on the proxyserver address
-
[quote name=\'guestolo\' post=\'331492\' date=\'May 27 2007, 10:42 PM\']How are things running?
Have you purposely set up this proxy server?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 234.123.234.123:80
Open IE>>Tools>>Internet options>>Connections>>Select Settings beside your connection type
Take note of settings
Did you set these? Just curious
Your ISP appears to be somewhere in Malaysia
I just can't get info on the proxyserver address[/quote]
erm.... yeap i set up the proxy server, i am a malaysian...
but the problem still happened when i open chinese star xp...
y ?
-
I think there is still more problems hiding
Can you do the following
Temporarily disable AVG realtime protection
Double click on AVG icon by the clock
Right click on Resident Shield>>left click Properties
Uncheck "Turn On AVG Resident Shield..."
Apply and OK out of there
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
-
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
-
Can you try this solution from another forum please
Let's see if it's related to Nvidia fade effect
Go to START > CONTROL PANEL > DISPLAY > NVIDIA NVIEW DESKTOP MANAGER > tab DESKTOP MANAGEMENT > PROPERTIES > tab APPEARANCE > EFFECTS and uncheck the FADE EFFECT option.
-
[quote name=\'guestolo\' post=\'332114\' date=\'May 28 2007, 09:41 PM\']Can you try this solution from another forum please
Let's see if it's related to Nvidia fade effect
Go to START > CONTROL PANEL > DISPLAY > NVIDIA NVIEW DESKTOP MANAGER > tab DESKTOP MANAGEMENT > PROPERTIES > tab APPEARANCE > EFFECTS and uncheck the FADE EFFECT option.[/quote]
still same problem,
nvm
i just din use chinese star xp
den no problem
-
ok after uncheck the FADE EFFECT option
when i open chinese star xp
error like below appeared.---------------
escore initiation error! Continue?
other applications din closed this time.....
-
You may have better luck interpeting the links from google
Take a look here
http://www.google.ca/search?hl=en&sa=X...33;&spell=1 (http://\"http://www.google.ca/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=chinese+star+xp+%2B+cscore+initiation+error!&spell=1\")
-
[quote name=\'guestolo\' post=\'333327\' date=\'May 30 2007, 09:33 PM\']You may have better luck interpeting the links from google
Take a look here
http://www.google.ca/search?hl=en&sa=X...33;&spell=1 (http://\"http://www.google.ca/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=chinese+star+xp+%2B+cscore+initiation+error!&spell=1\")[/quote]
ok, thanks for yr help........