TheTechGuide Forum

Simple Machines Forum

News:

SMF - Just Installed!

TheTechGuide Forum »
General Category »
Tech Clinic (Moderators: Josetann, Dexter, guestolo) »
Porn and error messages?

« previous next »

Print

Pages: [1] 2

Author Topic: Porn and error messages? (Read 3045 times)

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« on: April 24, 2008, 01:07:27 AM »

Hi,

I think there's something wrong with my laptop cos when i connect to the internet i get a warning icon in my tool bar saying error message or something like that and it asks me to click on it to read the message. When i click it, it says i got porn and other stuff on my laptop and asks me whether i want to run a scan to find and delete all the porn and things ( I dont have any of those stuff on my laptop). If i choose not to run the scan then it displays some porn web page.

Another problem is, after i run my computer for about 2 to 3 hours or so, i get the error message window saying that there was a error in win32 and then my internet connection shuts down and i have to restart my computer.

Here's my log file. Plz help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:14 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {CAC3D8A5-F0E4-49FF-A731-ED4356CE0446} - C:\WINDOWS\system32\comctl3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5638 bytes

Logged

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #1 on: April 24, 2008, 01:29:37 AM »

I managed to mark down the things on the error messages:

First when i clicked on the icon this appeared:

"Drive defender may find dangerous traces that need to be cleaned. Dont let ur privacy and reputation to be ruined by them. Making ur private information public can cause problems with ur boss, family or friends. Click ok to start drivedefender scanner to remove compromising traces and setup controls to protect ur privacy by cleaning or removing dangerous information"

When i rejected to do the scan this page appeared:

http://drivedefender.com/privacy/index.php...656401501010b01

"The site cannot be opened.
Reason: content that requires immediate cleaning is detected on ur pc

Notice: u may continue to receive this notification on system failure which may cause:
internet browser crashes,
slow work of computer,
too high hard disk activity,
system freezes

The computer clean and optimization upgrade tool is not found in ur computer

It is recommended to download and install the software to continue ur usual work on pc and ur internet browsing"

Then when i closed that page it opened this porn thing which showed a scan like thing and said that i had porn:

http://advancedcleaner.com/.cleaner/?tmn=a...nfo=5442_0_5269

Then finally my antivirus detected 2 downloaders :in index[2].htm and INDEX_~2.HTM files

« Last Edit: April 24, 2008, 01:37:39 AM by wormit »

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #2 on: April 24, 2008, 08:24:29 AM »

Can you do the following

If you have an older version of ComboFix, delete it
Then, Download this file - Combofix.exe and save it ONLY to your desktop
Temporarily disable your AntiVirus software, so as it won't interfere with the running of combofix

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from ComboFix
as well as a fresh log from Hijackthis

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #3 on: April 24, 2008, 12:46:54 PM »

Combofix file:

ComboFix 08-04-22.5 - Acer 2008-04-25 1:36:49.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.131 [GMT 8:00]
Running from: C:\Documents and Settings\Acer\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\WINDOWS\system32\kavo.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 12:11 . 2004-08-04 06:56   88,064   --a------   C:\WINDOWS\system32\comctl3.dll
2008-04-23 03:21 . 2008-04-23 11:57   <DIR>   d--------   C:\Downloads
2008-04-23 03:17 . 2008-04-23 22:16   <DIR>   d--------   C:\Program Files\FlashGet
2008-04-16 19:12 . 2008-04-16 19:27   <DIR>   d--------   C:\Program Files\MyRosso
2008-04-16 19:12 . 2008-04-16 19:12   <DIR>   d--------   C:\Documents and Settings\Acer\Application Data\InstallShield
2008-04-16 19:12 . 2007-03-30 19:49   266,240   --a------   C:\WINDOWS\system32\MyRossoPlugin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:35   ---------   d-----w   C:\Program Files\Symantec AntiVirus
2008-04-24 17:25   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:53   0   ----a-w   C:\Program Files\temp01
2008-04-22 20:39   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-22 20:39   ---------   d-----w   C:\Documents and Settings\Acer\Application Data\PlayFirst
2008-04-16 11:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-07 01:04   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-03-16 08:30   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-09 11:39   ---------   d-----w   C:\Program Files\EA GAMES
2008-03-05 12:36   ---------   d-----w   C:\Program Files\Burger Shop
2007-09-16 05:51   20,464   ----a-w   C:\Documents and Settings\Acer\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_10.21.22.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-24 17:23:40   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2007-11-20 08:04:32   1,523,536   ----a-w   C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2000-08-31 00:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 12:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 00:00:00   73,728   ----a-w   C:\WINDOWS\fdsv.exe
+ 2000-08-31 00:00:00   80,412   ----a-w   C:\WINDOWS\grep.exe
+ 2007-07-17 08:16:38   2,560   ----a-r   C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-09-11 06:49:11   2,494   ----a-r   C:\WINDOWS\Installer\{EE48D800-A3B5-43E3-B846-1CC556B8170D}\NewShortcut1_DB8CEC4230B14F49BD069393EB81CCF7.exe
+ 2008-02-24 10:51:26   472,576   ----a-w   C:\WINDOWS\Jane's Hotel\uninstall.exe
- 2000-08-31 00:00:00   51,200   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 00:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2007-07-17 08:03:18   2,112   ----a-w   C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 00:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
+ 2000-08-31 00:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 00:00:00   136,704   ----a-w   C:\WINDOWS\swsc.exe
+ 2000-08-31 00:00:00   212,480   ----a-w   C:\WINDOWS\swxcacls.exe
+ 2001-08-23 11:00:00   2,000   ----a-w   C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 11:00:00   73,376   ----a-w   C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-23 11:00:00   25,264   ----a-w   C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-23 11:00:00   28,160   ----a-w   C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-23 11:00:00   2,032   ----a-w   C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 11:00:00   1,744   ----a-w   C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 11:00:00   3,360   ----a-w   C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-23 11:00:00   4,048   ----a-w   C:\WINDOWS\system\TIMER.DRV
+ 2001-08-23 11:00:00   2,176   ----a-w   C:\WINDOWS\system\VGA.DRV
+ 2001-08-23 11:00:00   13,600   ----a-w   C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-03 22:56:58   146,432   ----a-w   C:\WINDOWS\system\WINSPOOL.DRV
+ 2008-03-19 11:23:20   114,688   ----a-w   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 11:36:22   202,168   ----a-w   C:\WINDOWS\system32\Adobe\Director\swdir.dll
+ 2008-03-19 11:36:40   67,000   ----a-w   C:\WINDOWS\system32\Adobe\Director\SwDnld.exe
+ 2008-03-19 11:24:02   487,424   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 10:46:26   1,798,144   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 11:24:04   9,216   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 10:36:14   754,688   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 10:36:16   1,145,896   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 10:36:14   52,288   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 10:42:42   892,928   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 11:22:34   249,856   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 11:25:36   442,368   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 11:36:06   439,736   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 11:26:20   110,592   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 11:22:22   94,208   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 10:36:14   50,808   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 02:55:30   149,504   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2001-08-23 11:00:00   10,544   ----a-w   C:\WINDOWS\system32\comm.drv
+ 2004-08-03 23:07:22   1,788   ----a-w   C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 17:37:58   2,944   -c--a-w   C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-23 11:00:00   2,000   -c--a-w   C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-23 11:00:00   2,560   -c--a-w   C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 11:00:00   73,376   -c--a-w   C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-23 11:00:00   25,264   -c--a-w   C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-23 11:00:00   28,160   -c--a-w   C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-23 11:00:00   2,032   -c--a-w   C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-23 11:00:00   2,944   -c--a-w   C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-23 11:00:00   1,744   -c--a-w   C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-23 11:00:00   3,360   -c--a-w   C:\WINDOWS\system32\dllcache\system.drv
+ 2001-08-23 11:00:00   4,048   -c--a-w   C:\WINDOWS\system32\dllcache\timer.drv
+ 2001-08-23 11:00:00   2,176   -c--a-w   C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-03 19:26:58   23,552   -c--a-w   C:\WINDOWS\system32\dllcache\wdmaud.drv
+ 2001-08-23 11:00:00   13,600   -c--a-w   C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-23 11:00:00   2,864   -c--a-w   C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-03 22:56:58   146,432   -c--a-w   C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-23 11:00:00   2,112   -c--a-w   C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-23 11:00:00   2,736   -c--a-w   C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 17:37:58   2,944   ----a-w   C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-23 11:00:00   2,944   ----a-w   C:\WINDOWS\system32\drivers\null.sys
+ 2001-08-23 11:00:00   2,000   ----a-w   C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 11:00:00   221,600   ----a-w   C:\WINDOWS\system32\lanman.drv
+ 2001-08-23 11:00:00   2,560   ----a-w   C:\WINDOWS\system32\lz32.dll
+ 2008-01-03 10:22:04   53,248   ------w   C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
- 2008-01-22 07:47:30   74,137   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-03-28 13:33:21   74,649   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-23 11:00:00   73,376   ----a-w   C:\WINDOWS\system32\mciavi.drv
+ 2001-08-23 11:00:00   25,264   ----a-w   C:\WINDOWS\system32\mciseq.drv
+ 2001-08-23 11:00:00   28,160   ----a-w   C:\WINDOWS\system32\mciwave.drv
+ 2001-08-23 11:00:00   2,032   ----a-w   C:\WINDOWS\system32\mouse.drv
+ 2001-08-23 11:00:00   20,480   ----a-w   C:\WINDOWS\system32\msacm32.drv
+ 2004-08-03 22:56:58   188,416   ----a-w   C:\WINDOWS\system32\msh261.drv
+ 2004-08-03 23:05:44   294,912   ----a-w   C:\WINDOWS\system32\msh263.drv
+ 2001-08-23 11:00:00   2,656   ----a-w   C:\WINDOWS\system32\netware.drv
+ 2001-08-23 11:00:00   1,744   ----a-w   C:\WINDOWS\system32\sound.drv
+ 2001-08-23 11:00:00   3,360   ----a-w   C:\WINDOWS\system32\system.drv
+ 2001-08-23 11:00:00   4,048   ----a-w   C:\WINDOWS\system32\timer.drv
+ 2001-08-23 11:00:00   2,176   ----a-w   C:\WINDOWS\system32\vga.drv
+ 2004-08-03 19:26:58   23,552   ----a-w   C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-23 11:00:00   13,600   ----a-w   C:\WINDOWS\system32\wfwnet.drv
+ 2001-08-23 11:00:00   2,864   ----a-w   C:\WINDOWS\system32\winsock.dll
+ 2004-08-03 22:56:58   146,432   ----a-w   C:\WINDOWS\system32\winspool.drv
+ 2001-08-23 11:00:00   2,112   ----a-w   C:\WINDOWS\system32\winspool.exe
+ 2001-08-23 11:00:00   2,736   ----a-w   C:\WINDOWS\system32\wowdeb.exe
+ 2000-08-31 00:00:00   49,152   ----a-w   C:\WINDOWS\VFind.exe
+ 2000-08-31 00:00:00   68,096   ----a-w   C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAC3D8A5-F0E4-49FF-A731-ED4356CE0446}]
2004-08-04 06:56   88064   --a------   C:\WINDOWS\system32\comctl3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:24 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:20 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 20:05 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 16:27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 16:23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 23:50 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 11:51 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 21:57 85696]
"AdslTaskBar"="stmctrl.dll" [2004-07-27 15:58 155648 C:\WINDOWS\system32\stmctrl.dll]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-16 13:15 4376328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-08 15:11 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"D:\\torrant\\utorrent.exe"=

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;Prolink ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 17:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecbd50f8-4101-11dc-9318-000fb0f39c4b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe kernel32.dll.vbs

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 01:39:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-25 1:42:02
ComboFix-quarantined-files.txt 2008-04-24 17:41:48
ComboFix2.txt 2008-02-11 05:17:53
ComboFix3.txt 2008-01-29 08:47:26
ComboFix4.txt 2008-01-27 08:40:48
ComboFix5.txt 2008-01-27 07:42:48

Pre-Run: 13,870,833,664 bytes free
Post-Run: 14,059,266,048 bytes free

189

HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:52 AM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4246C120-7F3C-4E96-86C7-E0E13EFDA75B} - C:\WINDOWS\system32\comctl3.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {CAC3D8A5-F0E4-49FF-A731-ED4356CE0446} - C:\WINDOWS\system32\comctl3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5924 bytes

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #4 on: April 25, 2008, 07:33:55 PM »

Sorry for the delay, can you do the following please
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\system32\comctl3.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAC3D8A5-F0E4-49FF-A731-ED4356CE0446}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4246C120-7F3C-4E96-86C7-E0E13EFDA75B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}"=-
[/color]
Save this as txtfile on your desktop
name it:
CFScript

Temporarily disable your AntiVirus software again

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts

Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Take notice: Combofix may prompt that the computer needs to reboot, don't interupt it
Allow it too

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log

NOTE:
# Combofix will disconnect your machine from the Internet as soon as it starts
# Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
# If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Post back all the following:

1. Post the log from ComboFix
2. Post a fresh hijackthis log

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #5 on: April 25, 2008, 08:36:20 PM »

Combofix log file:

ComboFix 08-04-22.5 - Acer 2008-04-26 9:27:44.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT 8:00]
Running from: C:\Documents and Settings\Acer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Acer\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\comctl3.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comctl3.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-23 03:21 . 2008-04-23 11:57   <DIR>   d--------   C:\Downloads
2008-04-23 03:17 . 2008-04-23 22:16   <DIR>   d--------   C:\Program Files\FlashGet
2008-04-16 19:12 . 2008-04-16 19:27   <DIR>   d--------   C:\Program Files\MyRosso
2008-04-16 19:12 . 2008-04-16 19:12   <DIR>   d--------   C:\Documents and Settings\Acer\Application Data\InstallShield
2008-04-16 19:12 . 2007-03-30 19:49   266,240   --a------   C:\WINDOWS\system32\MyRossoPlugin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 01:26   ---------   d-----w   C:\Program Files\Symantec AntiVirus
2008-04-26 01:12   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:53   0   ----a-w   C:\Program Files\temp01
2008-04-22 20:39   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-22 20:39   ---------   d-----w   C:\Documents and Settings\Acer\Application Data\PlayFirst
2008-04-16 11:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-07 01:04   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-03-16 08:30   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-09 11:39   ---------   d-----w   C:\Program Files\EA GAMES
2008-03-05 12:36   ---------   d-----w   C:\Program Files\Burger Shop
2007-09-16 05:51   20,464   ----a-w   C:\Documents and Settings\Acer\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-04-25_ 1.41.37.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 17:23:40   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-26 01:11:15   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:24 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:20 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 20:05 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 16:27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 16:23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 23:50 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 11:51 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 21:57 85696]
"AdslTaskBar"="stmctrl.dll" [2004-07-27 15:58 155648 C:\WINDOWS\system32\stmctrl.dll]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-16 13:15 4376328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-08 15:11 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"D:\\torrant\\utorrent.exe"=

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;Prolink ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 17:16]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 09:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 9:32:54
ComboFix-quarantined-files.txt 2008-04-26 01:32:32
ComboFix2.txt 2008-04-24 17:42:03
ComboFix3.txt 2008-02-11 05:17:53
ComboFix4.txt 2008-01-29 08:47:26
ComboFix5.txt 2008-01-27 08:40:48

Pre-Run: 13,743,435,776 bytes free
Post-Run: 14,021,402,624 bytes free

93

HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:36 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5654 bytes

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #6 on: April 25, 2008, 08:43:01 PM »

How's everything running on your end now?
Any more popups?

Edit>>Could I also see the following log please
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

« Last Edit: April 25, 2008, 08:47:47 PM by guestolo »

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #7 on: April 25, 2008, 09:24:10 PM »

ACDSee 4.0
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Shockwave Player 11
Burger Shop
CleanUp!
Download Accelerator Plus (DAP)
Duke Nukem - Time To Kill
Duke Nukem Advance
HijackThis 2.0.2
HP Image Zone Express
Intel® Graphics Media Accelerator Driver for Mobile
LiveUpdate 2.6 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Nero Suite
Nostale(cn)
PowerDVD
Prolink H8600 ADSL Modem
QuickTime
Realtek AC'97 Audio
Soft Data Fax Modem with SmartCP
SPSS 15.0 for Windows Evaluation Version
Symantec AntiVirus
The Sims 2
The Sims 2 Open For Business
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

I didnt see the error message yet, i will let u know if i come across it again.
Any more things that needs to be changed?

Logged

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #8 on: April 26, 2008, 03:02:53 AM »

I didnt get the error message again. But i downloaded some mp3 files (songs) and suddenly when i started to play them the computer froze and there was like a motor like sound. I restarted the laptop and ran a scan and found a virus called Win32.Gammima.AG. Could u pls check the new HJT log file to see whether I need to be concerned about anything else. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:56 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5519 bytes

« Last Edit: April 26, 2008, 03:06:02 AM by wormit »

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #9 on: April 26, 2008, 03:49:37 AM »

Can you do one more scan for me please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #10 on: April 26, 2008, 01:04:36 PM »

After the scan it indicated that there weren't any malicious items. But while the scan was running, my antivirus showed that it had caught some viruses like trojan horse and W32.Gamimma.AG. About 4 to 5 times my antivirus caught these same viruses while the other scan was running.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Malwarebytes' Anti-Malware 1.11
Database version: 685

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 86415
Time elapsed: 1 hour(s), 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #11 on: April 26, 2008, 01:08:37 PM »

What folder is Norton's catching these files at?

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #12 on: April 26, 2008, 01:15:22 PM »

D:\system volume information, D:\, C:\progra~1, C:\Qoobox, C:\system volume information, C:\_OTMOV~1, D:\SPSSV1~1.0-L

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #13 on: April 26, 2008, 01:30:43 PM »

Do the following
You have CleanUP! installed, use it to clear temp files, etc....

Your old System Restore point are infected, nothing to worry about unless you restore to those points

Can you do the following
Right click on "MyComputer" icon
Select "Properties"
Select "System Restore" tab
CHECK "Turn off System Restore" or "Turn off System Restore on all drives"
When ready select Apply and ok

Afterwards
Go to START>>RUN>>Copy and paste the next bold entry

ComboFix /u
Hit OK
This will uninstall ComboFix and it's components
NOTE: If you type that command, ensure there is a single space after the x, and before the /

Enter Add and Remove programs and uninstall "Malwarebyte's AntiMalware"
Don't reboot afterwards if prompted

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

Save it to your desktop.
Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

Back in Windows
Go back and reactive System Restore
Right click on "MyComputer" icon
Select "Properties"
Select "System Restore" tab
UNCHECK "Turn off System Restore" or "Turn off System Restore on all drives"
When ready select Apply and ok

That should clear you up, you can run a scan with Norton's to ensure
Let me know if that helps

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #14 on: April 27, 2008, 08:00:51 PM »

Hi Guestolo,

Firstly I tried downloading the OTMoveit2 from the link that u gave but the link doesnt work so i used the OTMoveit2 i already had. Is that ok?
Secondly I ran the antivirus scan and norton didnt catch any viruses and i dont get any pop ups like i used to; having said that, when I am connected to the internet sometimes it suddenly shows the win32 error message saying there was a problem in win32 and the internet shuts down and i have to restart the computer to get the connection back. The error message would appear sometimes in 2 to 3 hours or even after 15 minutes (like today) after I connect to the internet.

I managed to write down the things on the error message:
Reporting details

This error report includes: information regarding the condition of Generic Host Process for Win32 Services when the problem occurred, the operating system version and computer hardware use, and the internet protocol (IP) address of ur computer.

Technical information about the error report:

C:\DOCUME~1\Acer\LOCALS~1\Temp\WER0e94.dir00\svchost.exe.mdmp
C:\DOCUME~1\Acer\LOCALS~1\Temp\WER0e94.dir00\appcompat.txt
My HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:48 AM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9C9EAC-17F0-4D34-B01C-053A9AF6F861}: NameServer = 203.115.0.46 203.115.0.47
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6263 bytes

What do u think is the problem?
Oh and i'm using adsl to get the internet

« Last Edit: April 27, 2008, 08:08:51 PM by wormit »

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #15 on: April 27, 2008, 08:11:42 PM »

I've seen this before with Windows Automatic updates
This has helped others, see what happens

Go into Windows Control Panel
Open Automatic Updates
What setting are you at? Automatic?

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #16 on: April 27, 2008, 08:17:23 PM »

Automatic updates are turned off

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #17 on: April 27, 2008, 08:31:22 PM »

Is this a legal version of XP?
Can you manually go to Windows updates and check for any High Priority updates
There may have been a fix for this issue
In Internet Explorer click on TOOLS>>Windows Updates

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

wormit

Full Member
Posts: 132
Karma: +0/-0

Porn and error messages?

« Reply #18 on: April 27, 2008, 08:58:57 PM »

I think my version is not legal, but i was able to download some updates. I didnt have this issue before though, only now i'm getting the win32 error

Logged

guestolo

Site Donator
Administrator
Hero Member
Posts: 16034
Karma: +1/-0

Porn and error messages?

« Reply #19 on: April 27, 2008, 09:07:48 PM »

You were able to go to Windows updates and install updates?
If you did, can you ensure you reboot the computer
Do you still get the errror?

« Last Edit: April 27, 2008, 09:08:16 PM by guestolo »

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Print

Pages: [1] 2

« previous next »

TheTechGuide Forum »
General Category »
Tech Clinic (Moderators: Josetann, Dexter, guestolo) »
Porn and error messages?

SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
XHTML
RSS
WAP2