Post by: wormit on April 24, 2008, 01:07:27 AM
I think there's something wrong with my laptop cos when i connect to the internet i get a warning icon in my tool bar saying error message or something like that and it asks me to click on it to read the message. When i click it, it says i got porn and other stuff on my laptop and asks me whether i want to run a scan to find and delete all the porn and things ( I dont have any of those stuff on my laptop). If i choose not to run the scan then it displays some porn web page.
Another problem is, after i run my computer for about 2 to 3 hours or so, i get the error message window saying that there was a error in win32 and then my internet connection shuts down and i have to restart my computer.
Here's my log file. Plz help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:14 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {CAC3D8A5-F0E4-49FF-A731-ED4356CE0446} - C:\WINDOWS\system32\comctl3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5638 bytes
Post by: wormit on April 24, 2008, 01:29:37 AM
First when i clicked on the icon this appeared:
"Drive defender may find dangerous traces that need to be cleaned. Dont let ur privacy and reputation to be ruined by them. Making ur private information public can cause problems with ur boss, family or friends. Click ok to start drivedefender scanner to remove compromising traces and setup controls to protect ur privacy by cleaning or removing dangerous information"
When i rejected to do the scan this page appeared:
http://drivedefender.com/privacy/index.php...656401501010b01 (http://\"http://drivedefender.com/privacy/index.php?590c170b4514113901110a586f5b583b5658675f5c6950054207165a084404060a5056105705135b16133a0f0605075604050f041357475c011355445c031f4005505504100b115b575343555d0a024256430559414245440374150427130b765901135758000402050f00575e52414a5059551407701b025c50515804441c027e0c0b52531b4f160e13400576435e0a16057c505155410c40100200025a565e5d3a0b575b06445522101246515350014b130a07595351440371060454051c020e04034413502516163c5c000203015300010d1758426a085e535f0b5502000467553a02045656401501010b01\")
"The site cannot be opened.
Reason: content that requires immediate cleaning is detected on ur pc
Notice: u may continue to receive this notification on system failure which may cause:
internet browser crashes,
slow work of computer,
too high hard disk activity,
system freezes
The computer clean and optimization upgrade tool is not found in ur computer
It is recommended to download and install the software to continue ur usual work on pc and ur internet browsing"
Then when i closed that page it opened this porn thing which showed a scan like thing and said that i had porn:
http://advancedcleaner.com/.cleaner/?tmn=a...nfo=5442_0_5269 (http://\"http://advancedcleaner.com/.cleaner/?tmn=adctmp&clone_name=swpadcex&led=6253&afr=pp_962427375&tmn=null&415903530252&ida=_adtm&mt_info=5442_0_5269\")
Then finally my antivirus detected 2 downloaders :in index[2].htm and INDEX_~2.HTM files
Post by: guestolo on April 24, 2008, 08:24:29 AM
If you have an older version of ComboFix, delete it
Then, Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Temporarily disable your AntiVirus software, so as it won't interfere with the running of combofix
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back the log from ComboFix
as well as a fresh log from Hijackthis
Post by: wormit on April 24, 2008, 12:46:54 PM
ComboFix 08-04-22.5 - Acer 2008-04-25 1:36:49.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.131 [GMT 8:00]
Running from: C:\Documents and Settings\Acer\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kmd.exe
C:\WINDOWS\system32\kavo.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.
2008-04-23 12:11 . 2004-08-04 06:56 88,064 --a------ C:\WINDOWS\system32\comctl3.dll
2008-04-23 03:21 . 2008-04-23 11:57 <DIR> d-------- C:\Downloads
2008-04-23 03:17 . 2008-04-23 22:16 <DIR> d-------- C:\Program Files\FlashGet
2008-04-16 19:12 . 2008-04-16 19:27 <DIR> d-------- C:\Program Files\MyRosso
2008-04-16 19:12 . 2008-04-16 19:12 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\InstallShield
2008-04-16 19:12 . 2007-03-30 19:49 266,240 --a------ C:\WINDOWS\system32\MyRossoPlugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-24 17:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:53 0 ----a-w C:\Program Files\temp01
2008-04-22 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-22 20:39 --------- d-----w C:\Documents and Settings\Acer\Application Data\PlayFirst
2008-04-16 11:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 01:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 08:30 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-09 11:39 --------- d-----w C:\Program Files\EA GAMES
2008-03-05 12:36 --------- d-----w C:\Program Files\Burger Shop
2007-09-16 05:51 20,464 ----a-w C:\Documents and Settings\Acer\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_10.21.22.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-24 17:23:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-11-20 08:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2000-08-31 00:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 00:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 00:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2007-07-17 08:16:38 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-09-11 06:49:11 2,494 ----a-r C:\WINDOWS\Installer\{EE48D800-A3B5-43E3-B846-1CC556B8170D}\NewShortcut1_DB8CEC4230B14F49BD069393EB81CCF7.exe
+ 2008-02-24 10:51:26 472,576 ----a-w C:\WINDOWS\Jane's Hotel\uninstall.exe
- 2000-08-31 00:00:00 51,200 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 00:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2007-07-17 08:03:18 2,112 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 00:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 00:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 00:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 00:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-23 11:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 11:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-23 11:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-23 11:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-23 11:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 11:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 11:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-23 11:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-08-23 11:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2001-08-23 11:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-03 22:56:58 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
+ 2008-03-19 11:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 11:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\swdir.dll
+ 2008-03-19 11:36:40 67,000 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDnld.exe
+ 2008-03-19 11:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 10:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 11:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 10:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 10:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 10:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 10:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 11:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 11:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 11:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 11:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 11:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 10:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 02:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2001-08-23 11:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
+ 2004-08-03 23:07:22 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 17:37:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-23 11:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-23 11:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 11:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-23 11:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-23 11:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-23 11:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-23 11:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-23 11:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-23 11:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2001-08-23 11:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2001-08-23 11:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-03 19:26:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
+ 2001-08-23 11:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-23 11:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-03 22:56:58 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-23 11:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-23 11:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 17:37:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-23 11:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2001-08-23 11:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 11:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2001-08-23 11:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-01-03 10:22:04 53,248 ------w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
- 2008-01-22 07:47:30 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-03-28 13:33:21 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-23 11:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-08-23 11:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-08-23 11:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2001-08-23 11:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-08-23 11:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2004-08-03 22:56:58 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-03 23:05:44 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2001-08-23 11:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2001-08-23 11:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-08-23 11:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-08-23 11:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
+ 2001-08-23 11:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2004-08-03 19:26:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-23 11:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2001-08-23 11:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-03 22:56:58 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-08-23 11:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-23 11:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2000-08-31 00:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 00:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAC3D8A5-F0E4-49FF-A731-ED4356CE0446}]
2004-08-04 06:56 88064 --a------ C:\WINDOWS\system32\comctl3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:24 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:20 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 20:05 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 16:27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 16:23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 23:50 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 11:51 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 21:57 85696]
"AdslTaskBar"="stmctrl.dll" [2004-07-27 15:58 155648 C:\WINDOWS\system32\stmctrl.dll]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-16 13:15 4376328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-08 15:11 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"D:\\torrant\\utorrent.exe"=
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;Prolink ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 17:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecbd50f8-4101-11dc-9318-000fb0f39c4b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe kernel32.dll.vbs
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-04-25 01:39:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-25 1:42:02
ComboFix-quarantined-files.txt 2008-04-24 17:41:48
ComboFix2.txt 2008-02-11 05:17:53
ComboFix3.txt 2008-01-29 08:47:26
ComboFix4.txt 2008-01-27 08:40:48
ComboFix5.txt 2008-01-27 07:42:48
Pre-Run: 13,870,833,664 bytes free
Post-Run: 14,059,266,048 bytes free
189
HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:52 AM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4246C120-7F3C-4E96-86C7-E0E13EFDA75B} - C:\WINDOWS\system32\comctl3.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {CAC3D8A5-F0E4-49FF-A731-ED4356CE0446} - C:\WINDOWS\system32\comctl3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5924 bytes
Post by: guestolo on April 25, 2008, 07:33:55 PM
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\system32\comctl3.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAC3D8A5-F0E4-49FF-A731-ED4356CE0446}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4246C120-7F3C-4E96-86C7-E0E13EFDA75B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}"=-
[/color]
Save this as txtfile on your desktop
name it:
CFScript
Temporarily disable your AntiVirus software again
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Take notice: Combofix may prompt that the computer needs to reboot, don't interupt it
Allow it too
When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log
NOTE:
# Combofix will disconnect your machine from the Internet as soon as it starts
# Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
# If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Post back all the following:
1. Post the log from ComboFix
2. Post a fresh hijackthis log
Post by: wormit on April 25, 2008, 08:36:20 PM
ComboFix 08-04-22.5 - Acer 2008-04-26 9:27:44.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT 8:00]
Running from: C:\Documents and Settings\Acer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Acer\Desktop\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\WINDOWS\system32\comctl3.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\comctl3.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.
2008-04-23 03:21 . 2008-04-23 11:57 <DIR> d-------- C:\Downloads
2008-04-23 03:17 . 2008-04-23 22:16 <DIR> d-------- C:\Program Files\FlashGet
2008-04-16 19:12 . 2008-04-16 19:27 <DIR> d-------- C:\Program Files\MyRosso
2008-04-16 19:12 . 2008-04-16 19:12 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\InstallShield
2008-04-16 19:12 . 2007-03-30 19:49 266,240 --a------ C:\WINDOWS\system32\MyRossoPlugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 01:26 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-26 01:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:53 0 ----a-w C:\Program Files\temp01
2008-04-22 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-22 20:39 --------- d-----w C:\Documents and Settings\Acer\Application Data\PlayFirst
2008-04-16 11:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 01:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 08:30 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-09 11:39 --------- d-----w C:\Program Files\EA GAMES
2008-03-05 12:36 --------- d-----w C:\Program Files\Burger Shop
2007-09-16 05:51 20,464 ----a-w C:\Documents and Settings\Acer\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-04-25_ 1.41.37.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 17:23:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 01:11:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:24 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:20 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 20:05 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 16:27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 16:23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 23:50 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 11:51 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 21:57 85696]
"AdslTaskBar"="stmctrl.dll" [2004-07-27 15:58 155648 C:\WINDOWS\system32\stmctrl.dll]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-16 13:15 4376328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-08 15:11 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"D:\\torrant\\utorrent.exe"=
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;Prolink ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 17:16]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-04-26 09:30:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-26 9:32:54
ComboFix-quarantined-files.txt 2008-04-26 01:32:32
ComboFix2.txt 2008-04-24 17:42:03
ComboFix3.txt 2008-02-11 05:17:53
ComboFix4.txt 2008-01-29 08:47:26
ComboFix5.txt 2008-01-27 08:40:48
Pre-Run: 13,743,435,776 bytes free
Post-Run: 14,021,402,624 bytes free
93
HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:36 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5654 bytes
Post by: guestolo on April 25, 2008, 08:43:01 PM
Any more popups?
Edit>>Could I also see the following log please
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: wormit on April 25, 2008, 09:24:10 PM
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Shockwave Player 11
Burger Shop
CleanUp!
Download Accelerator Plus (DAP)
Duke Nukem - Time To Kill
Duke Nukem Advance
HijackThis 2.0.2
HP Image Zone Express
Intel® Graphics Media Accelerator Driver for Mobile
LiveUpdate 2.6 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Nero Suite
Nostale(cn)
PowerDVD
Prolink H8600 ADSL Modem
QuickTime
Realtek AC'97 Audio
Soft Data Fax Modem with SmartCP
SPSS 15.0 for Windows Evaluation Version
Symantec AntiVirus
The Sims 2
The Sims 2 Open For Business
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
I didnt see the error message yet, i will let u know if i come across it again.
Any more things that needs to be changed?
Post by: wormit on April 26, 2008, 03:02:53 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:56 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5519 bytes
Post by: guestolo on April 26, 2008, 03:49:37 AM
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Post by: wormit on April 26, 2008, 01:04:36 PM
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> /ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> Malwarebytes' Anti-Malware 1.11
Database version: 685
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 86415
Time elapsed: 1 hour(s), 3 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: guestolo on April 26, 2008, 01:08:37 PM
Post by: wormit on April 26, 2008, 01:15:22 PM
Post by: guestolo on April 26, 2008, 01:30:43 PM
You have CleanUP! installed, use it to clear temp files, etc....
Your old System Restore point are infected, nothing to worry about unless you restore to those points
Can you do the following
Right click on "MyComputer" icon
Select "Properties"
Select "System Restore" tab
CHECK "Turn off System Restore" or "Turn off System Restore on all drives"
When ready select Apply and ok
Afterwards
Go to START>>RUN>>Copy and paste the next bold entry
ComboFix /u
Hit OK
This will uninstall ComboFix and it's components
NOTE: If you type that command, ensure there is a single space after the x, and before the /
Enter Add and Remove programs and uninstall "Malwarebyte's AntiMalware"
Don't reboot afterwards if prompted
download the [color=\"red\"]OTMoveIt2 by OldTimer[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url].
- Save it to your desktop.
- Double-click OTMoveIt2.exe to run it.
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list - Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall - Select Yes to reboot Now
Back in Windows
Go back and reactive System Restore
Right click on "MyComputer" icon
Select "Properties"
Select "System Restore" tab
UNCHECK "Turn off System Restore" or "Turn off System Restore on all drives"
When ready select Apply and ok
That should clear you up, you can run a scan with Norton's to ensure
Let me know if that helps
Post by: wormit on April 27, 2008, 08:00:51 PM
Firstly I tried downloading the OTMoveit2 from the link that u gave but the link doesnt work so i used the OTMoveit2 i already had. Is that ok?
Secondly I ran the antivirus scan and norton didnt catch any viruses and i dont get any pop ups like i used to; having said that, when I am connected to the internet sometimes it suddenly shows the win32 error message saying there was a problem in win32 and the internet shuts down and i have to restart the computer to get the connection back. The error message would appear sometimes in 2 to 3 hours or even after 15 minutes (like today) after I connect to the internet.
I managed to write down the things on the error message:
Reporting details
This error report includes: information regarding the condition of Generic Host Process for Win32 Services when the problem occurred, the operating system version and computer hardware use, and the internet protocol (IP) address of ur computer.
Technical information about the error report:
C:\DOCUME~1\Acer\LOCALS~1\Temp\WER0e94.dir00\svchost.exe.mdmp
C:\DOCUME~1\Acer\LOCALS~1\Temp\WER0e94.dir00\appcompat.txt
My HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:48 AM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6263 bytes
What do u think is the problem?
Oh and i'm using adsl to get the internet
Post by: guestolo on April 27, 2008, 08:11:42 PM
This has helped others, see what happens
Go into Windows Control Panel
Open Automatic Updates
What setting are you at? Automatic?
Post by: wormit on April 27, 2008, 08:17:23 PM
Post by: guestolo on April 27, 2008, 08:31:22 PM
Can you manually go to Windows updates and check for any High Priority updates
There may have been a fix for this issue
In Internet Explorer click on TOOLS>>Windows Updates
Post by: wormit on April 27, 2008, 08:58:57 PM
Post by: guestolo on April 27, 2008, 09:07:48 PM
If you did, can you ensure you reboot the computer
Do you still get the errror?
Post by: wormit on April 29, 2008, 06:05:06 AM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Do u think i should do some registry fixing or something? I am not able to use even wireless internet connection after the error apears.I surfed the internet for some possible solutions, and found that someother people had the same problem, do u think i should follow the steps recommended in the link below?
http://www.sizlopedia.com/2007/01/28/fix-g...hostexe-errors/ (http://\"http://www.sizlopedia.com/2007/01/28/fix-generic-host-for-win32-process-or-faulting-svchostexe-errors/\")
Post by: guestolo on April 29, 2008, 08:59:35 AM
http://www.microsoft.com/downloads/details...;displaylang=en (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyId=A87B44B9-7A6A-49B6-BD89-AFAD4E049C48&amp;displaylang=en&displaylang=en\")
Reboot the computer after apply it
See if it helps
Post by: wormit on April 30, 2008, 05:30:18 AM
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Post by: guestolo on April 30, 2008, 07:29:05 PM
Go to START>>RUN>>type in cmd
Hit OK
In the command prompt, type, or copy>paste the following
netsh winsock reset catalog
Notice the single spaces
Hit ENTER on the keyboard
Exit afterwards and reboot the computer, any help?
Post by: wormit on May 02, 2008, 01:49:48 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Still no.. Should i like give up hope on this?
Post by: guestolo on May 03, 2008, 12:15:55 AM
This is just for troubleshooting purposes
Take a look at the following link to run a Clean boot on your machine
http://support.microsoft.com/kb/310353 (http://\"http://support.microsoft.com/kb/310353\")
Scroll down to the instructions:
Manual steps to perform a clean boot in Windows XP
Follow these steps
Quote
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box appears.
Step 2: Configure selective startup options
1. In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.
4. Click to clear the Load Startup Items check box.
5. Click the Services tab.
6. Click to select the Hide All Microsoft Services check box.
7. Click Disable All, and then click OK..
8. When you are prompted, click Restart to restart the computer.
Do you get any errors running IE?
If it runs better, we may be able to track down a problem
Afterwards:
Go back to msconfig and choose NORMAL STARTUP
Apply and close, reboot again
Post by: wormit on May 03, 2008, 04:51:27 AM
Did u want me to stay online to see whether i still get that error in clean boot?
Post by: guestolo on May 04, 2008, 11:45:35 AM
If you could, but only go to safe sites,
Also, can you try Firefox browser and let me know if you have any problems with it
http://www.mozilla.com/en-US/firefox/ (http://\"http://www.mozilla.com/en-US/firefox/\")
Post by: wormit on May 08, 2008, 10:48:34 PM
My newest HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:28 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209346489625 (http://\"http://www.update.microsoft.com/windowsupd...b?1209346489625\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6673 bytes
Post by: guestolo on May 10, 2008, 11:14:33 AM