Page 1 of 10 123 ... LastLast
Results 1 to 10 of 94
  1. #1
    Member
    Join Date
    Jan 2006
    Posts
    57
    Points
    0

    Default 'win32:trojan-gen need help!!!!!!

    I have a c:\windows\frnmi.dll contains a sample of 'win32:trojan-gen on my computer I have Ran housecall and panda virus scanners as well as several other programs to try to remove this. Nothing finds it, but everytime I load up a browser explorer, msn and even sbc yaoo browser this trojan keeps coming up on avast. Below you will find my current hijack this log in hopes that you guys might beable to help me figure this out. Any and all help would be much appreciated. Other then re installing windows or formatting my hard drive I don't know what else to do!

    Logfile of HijackThis v1.99.1
    Scan saved at 9:56:44 PM, on 1/28/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\javaok.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\netmb.exe
    C:\Program Files\RamBooster\Rambooster.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frnmi.dll/sp.html#69589%resultposition.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yp3my3ln.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yp3my3ln.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {0ADCC8E9-4252-E68E-8255-A418B8E89A02} - C:\WINDOWS\system32\ntaf32.dll
    O2 - BHO: Class - {1A9DBC61-B7F1-035F-9058-EB31A24F38B0} - C:\WINDOWS\crbf32.dll
    O2 - BHO: Class - {3736852A-C061-2B1E-B2A9-D84481A22C49} - C:\WINDOWS\apitg32.dll
    O2 - BHO: Class - {4129401E-E0CC-8390-738E-DCC2CDEFBA2B} - C:\WINDOWS\system32\sdknk.dll
    O2 - BHO: Class - {4A7EFE21-0DA2-210A-D61C-5B30C3F53702} - C:\WINDOWS\system32\netts.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Class - {AD01EC40-33AC-5AE8-5930-E89ABACA2397} - C:\WINDOWS\system32\appew.dll
    O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
    O2 - BHO: Class - {D7C172AD-A449-0850-B29F-9D9B30B1EA0E} - C:\WINDOWS\system32\ntwb.dll
    O2 - BHO: Class - {E97E5AE0-29D6-7DFA-7E92-29CC5D770DA3} - C:\WINDOWS\ipkw32.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apidb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [netmb.exe] C:\WINDOWS\netmb.exe
    O4 - HKLM\..\Run: [javaox32.exe] C:\WINDOWS\javaox32.exe
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\CA\eTrust PestPatrol\core\ppclean.exe" "clean" "smartfinder" "2"
    O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxmk277YYUS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?baf33fde15b14e4bab59b138ce8e2d88
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?baf33fde15b14e4bab59b138ce8e2d88
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
    O9 - Extra button: SBC Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: SBC &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Casino\Carnival Casino\casino.exe
    O9 - Extra 'Tools' menuitem: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Casino\Carnival Casino\casino.exe
    O9 - Extra button: EasySearchBar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: EasySearchBar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Animal Ark by pogo - http://playweb07.pogo.com/applet-6.0...-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0....-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://game5.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-6.0.2....-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-6.0...-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://game4.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-6.1.0....-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.31/...-ob-assets.cab
    O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-6.0.2.29...-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.2...-ob-assets.cab
    O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game4.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: Spades by pogo - http://game3.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: Tank Hunter by pogo - http://playweb17.pogo.com/applet-6.1...-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: The Sims Pinball by pogo - http://game4.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2....-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3....-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0....-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.2.3...-ob-assets.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1120866729500
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180s...bridge-c24.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A6B10B85-49AB-4FD7-AD2F-2F02C188896C} (DataUpload Class) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ed/install.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab36107.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab35645.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb08.pogo.com/game/delux...ploader_v6.cab
    O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binarie...SS_1055_XP.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...lv32_EN_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5915614-544C-4C80-8ED0-D905F353B6CF}: NameServer = 85.255.116.75,85.255.112.177
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaok.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Why are you still running only SP1 for XP and IE. SP2 has been out for 1 year now

    Please Download the Aboutbuster zip, by RubbeR DuckY, from one of these locations :-

    http://www.besttechie.net/tools/AboutBuster.zip
    http://www.malwarebytes.org/AboutBuster.zip

    1. Unzip the zip file to a new folder.

    2. Reboot the PC in the Safe Mode

    SAFE MODE:

    safe mode<<< Click Here for instructions
    click Yes

    6. Click OK on the "scan completed" popup

    7. click the Exit button

    8. Click OK to the "Logfile Created" popup

    9. Now open the folder which has the AboutBuster.exe file in it & you will see another file AB Logfile.txt

    10. doubleclick the text file and you should see something like this (if your computer is clean) :-

    AboutBuster 6.0
    Scan started on [27/12/2005] at [20:32:31]
    -------------------------------------------------------------
    Internet Explorer Instances Terminated!
    HomeSearch Service stopped if present
    -------------------------------------------------------------
    No Ads Found!
    -------------------------------------------------------------
    No Files Found!
    -------------------------------------------------------------
    Scan was COMPLETED SUCCESSFULLY at 20:35:00


    11. If the log shows Anything was found ... run AboutBuster again ... exactly the same proceedure, then post the AB Logfile.txt in the forum thread you are being advised in.

    Reboot back to normal mode and post a new hijackthis log + the aboutbuster logs...

  3. #3
    Member
    Join Date
    Jan 2006
    Posts
    57
    Points
    0

    Default

    Every time I download SP2 my computer Crashes
    I will do this download as you instructed A run the programs as instructed and repost logs here.

  4. #4
    Member
    Join Date
    Jan 2006
    Posts
    57
    Points
    0

    Default

    I done every thing as you stated to do and when I run the scan it comes up with this "Run Time Error 6 over flow" then when you click the OK button it closes out the whole program! Any ideas as to what to do now?

  5. #5
    Member drakcore's Avatar
    Join Date
    Mar 2004
    Location
    Oklahoma
    Posts
    61
    Points
    1

    Default

    My brother-in-laws computer crashes every time he loads SP2 all so. He's tried several times and his computer goes all hay wire. Must be a picky upgrade for windows XP. I've heard some people don't have a bit of trouble and others have nothing but trouble with it!

  6. #6
    Member drakcore's Avatar
    Join Date
    Mar 2004
    Location
    Oklahoma
    Posts
    61
    Points
    1

    Default

    I'm guessing you all ready tried system restore in safe mode?

  7. #7
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    paul2002

    Do you still require help ?

    BG

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    paul2002

    Sounds like you got a corrupt download...

    Delete the Aboutbuster you have and re-download it :wink:

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Jan 2006
    Posts
    57
    Points
    0

    Default

    I trided A dirty install of windows XP and that did not help eather.

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Quote Originally Posted by paul2002
    I trided A dirty install of windows XP and that did not help eather.
    What made you think it would paul ?

    All that would do is replace missing or corrupt system files, which is not your problem ... the malware you have would be untouched...

    If you've tried a new download of Aboutbuster and it still doesn't work ... post a new hijackthis log and we'll try something different.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

Page 1 of 10 123 ... LastLast