Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen bsod connection crash desktop drivers dvd email error excel excel 2003 firefox google hard drive hardware hdmi hijackthis internet itunes keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Just had some trojans etc.. (In Progress)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 2 of 4 1 2 34
 
Thread Tools
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
23-Nov-2008, 07:30 PM #16
How is everything running??
Register for free to hide this ad!
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
23-Nov-2008, 08:52 PM #17
Monday, November 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 23, 2008 23:24:08
Records in database: 1406366


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 65418
Threat name 5
Infected objects 6
Suspicious objects 0
Duration of the scan 01:28:44

File name Threat name Threats count
C:\Documents and Settings\Kemal2\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-49da1324 Infected: Exploit.Java.ByteVerify 1

C:\Documents and Settings\Kemal2\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-675d5cda Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

C:\Qoobox\Quarantine\C\WINDOWS\system\msconfig.exe.vir Infected: Trojan.Win32.VB.gyf 1

C:\Qoobox\Quarantine\C\WINDOWS\system\NtLanSec.exe.vir Infected: Trojan.Win32.VB.gyh 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\udp.exe.vir Infected: Trojan.Win32.VB.gyf 1
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
23-Nov-2008, 09:18 PM #18
Log looks good other than Mirc. Did you purposely install that program or not? Please let me know. Thanks
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 10:53 AM #19
I downloaded and installed it yes.
Are you confident I wont get the error? Before the kaspersky scan I had it again.
I dont have to delete the files the Kaspersky scanner found (not done by the scanner)?
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 11:19 AM #20
Unfortunately just had the error again, same old story....
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
24-Nov-2008, 01:19 PM #21
Can you explain the error message in more detail please. Thanks
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 03:12 PM #22
Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

szAppName : szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\Kemal2\LOCALS~1\Temp\WER5FD.tmp.dir00\svchost.exe.mdmp
C:\DOCUME~1\Kemal2\LOCALS~1\Temp\WER5FD.tmp.dir00\appcompat.txt
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
24-Nov-2008, 04:29 PM #23
Try this


Please download ATF Cleaner by Atribune.

This program is for XP, Windows 2000, and Vista
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know.
__________________
Microsoft Valuable Professional Consumer--Security 2007-2009
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 04:39 PM #24
Ok I've just run the cleaner, will let you know how it turns out.
I'm currently running the Housecall online scan.
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
24-Nov-2008, 04:57 PM #25
Okay

Is your computer behind a router or wireless router?
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 05:07 PM #26
I use a USB ADSL modem to connect to the internet if that's what you mean. (Not wireless)
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
24-Nov-2008, 06:02 PM #27
The housecall scanner only picked up on one of the java viruses (I think the byteverify one?) which it couldn't delete anyway.

The same viruses keep showing up on my scans which is worrying like tanspy which steals passwords (and i recently put in some credit card information :/) they dont seem to be getting removed....

What am i going to do...the error is still here (just had it)
Last edited by Spy Cookie : 24-Nov-2008 07:32 PM.
sjpritch25's Avatar
Computer Specs
Moderator with 8,658 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
24-Nov-2008, 08:10 PM #28
Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach the following report to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

Attach.txt
__________________
Microsoft Valuable Professional Consumer--Security 2007-2009
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
25-Nov-2008, 11:19 AM #29
DDS (Version 1.0) - NTFSx86
Run by Kemal2 at 16:14:13.21 on 25/11/2008
Microsoft Windows XP Home Edition 5.1.2600.1.1252.44.1033.18.511.286 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\AOL\1201998337\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
c:\program files\common files\aol\1201998337\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kemal2\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = about:blank
mWindow Title = Tiscali Internet Access
uInternet Connection Wizard,ShellNext = hxxp://rs334l32.rapidshare.com/files/87854403/40539/Kaspersky_Internet_Security_8.0.0.192_www.smforum.net.rar
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {8E718888-423F-11D2-876E-00A0C9082467} - c:\windows\system32\msdxm.ocx
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [CARPService] "c:\windows\system32\carpserv.exe"
mRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe"
mRun: [HostManager] "c:\program files\common files\aol\1201998337\ee\AOLSoftware.exe"
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoAddPrinter = 0 (0x0)
uPolicies-explorer: NoDeletePrinter = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: NoRecycleFiles = 0 (0x0)
uPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoFavoritesMenu = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: ForceStartMenuLogoff = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoExpandedNewMenu = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: EnforceShellExtensionSecurity = 0 (0x0)
uPolicies-explorer: NoRunasInstallPrompt = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoResolveSearch = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
dPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: NoChangeAnimation = 0 (0x0)
dPolicies-explorer: NoAddPrinter = 0 (0x0)
dPolicies-explorer: NoDeletePrinter = 0 (0x0)
dPolicies-explorer: RestrictCpl = 0 (0x0)
dPolicies-explorer: DisallowCpl = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: RestrictRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoRecycleFiles = 0 (0x0)
dPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
dPolicies-explorer: NoCustomizeWebView = 0 (0x0)
dPolicies-explorer: NoFileAssociate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoInstrumentation = 0 (0x0)
dPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
dPolicies-explorer: NoWebView = 0 (0x0)
dPolicies-explorer: DontShowSuperHidden = 0 (0x0)
dPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
dPolicies-explorer: NoPublishingWizard = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 0 (0x0)
dPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
dPolicies-explorer: NoFavoritesMenu = 0 (0x0)
dPolicies-explorer: NoHelp = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoStartMenuMorePrograms = 0 (0x0)
dPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
dPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: ForceStartMenuLogoff = 0 (0x0)
dPolicies-explorer: StartMenuLogoff = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-explorer: NoDisconnect = 0 (0x0)
dPolicies-explorer: NoNtSecurity = 0 (0x0)
dPolicies-explorer: NoSetFolders = 0 (0x0)
dPolicies-explorer: GreyMSIAds = 0 (0x0)
dPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoSMBalloonTips = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoTaskGrouping = 0 (0x0)
dPolicies-explorer: NoActiveDesktopChanges = 0 (0x0)
dPolicies-explorer: NoWebServices = 0 (0x0)
dPolicies-explorer: NoFileUrl = 0 (0x0)
dPolicies-explorer: NoToolbarCustomize = 0 (0x0)
dPolicies-explorer: NoExpandedNewMenu = 0 (0x0)
dPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
dPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
dPolicies-explorer: EnforceShellExtensionSecurity = 0 (0x0)
dPolicies-explorer: NoRunasInstallPrompt = 0 (0x0)
dPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoResolveSearch = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoThumbnailCache = 0 (0x0)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
dPolicies-system: NoVisualStyleChoice = 0 (0x0)
dPolicies-system: NoColorChoice = 0 (0x0)
dPolicies-system: NoSizeChoice = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - c:\windows\system32\msdxm.ocx
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-22 28544]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2003-11-13 89749]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-11-13 77056]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-5-7 26679]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2003-5-27 187392]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]
R3 lanusb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys [2008-2-2 138402]
R3 PPPoEWin;PPPoEWin Miniport;c:\windows\system32\drivers\PPPoEWin.SYS [2003-9-25 104375]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]

=============== Created Last 30 ================

2008-11-24 22:50 <DIR> --d----- c:\program files\MSXML 4.0
2008-11-24 22:44 8,192 ac------ c:\windows\system32\dllcache\comrepl.exe
2008-11-24 21:28 <DIR> --d----- c:\documents and settings\kemal2\.housecall6.6
2008-11-23 22:44 <DIR> --d----- c:\windows\Internet Logs
2008-11-23 21:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-23 21:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 21:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 21:33 <DIR> --d----- C:\Lop SD
2008-11-23 11:54 <DIR> --d----- C:\cmdcons
2008-11-23 11:52 161,792 a------- c:\windows\SWREG.exe
2008-11-23 11:52 98,816 a------- c:\windows\sed.exe
2008-11-23 02:12 <DIR> --d-h--- c:\windows\msdownld.tmp
2008-11-23 02:12 <DIR> --d----- c:\program files\Webroot
2008-11-23 02:12 <DIR> --d----- C:\Binaries
2008-11-22 22:55 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-11-22 22:55 <DIR> --d----- c:\program files\Panda Security
2008-11-22 00:44 33,588 a----r-- c:\windows\system32\drivers\wanatw4.sys
2008-11-16 12:32 <DIR> --d----- c:\program files\SpywareBlaster
2008-11-14 20:47 <DIR> --d----- c:\docume~1\kemal2\applic~1\Malwarebytes
2008-11-14 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-14 18:06 2,592 a------- c:\windows\system32\tmp.reg
2008-11-14 18:04 87,552 a------- c:\windows\system32\VACFix.exe
2008-11-14 18:04 82,944 a------- c:\windows\system32\o4Patch.exe
2008-11-14 18:04 82,944 a------- c:\windows\system32\IEDFix.exe
2008-11-14 18:04 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-14 18:04 82,432 a------- c:\windows\system32\404Fix.exe
2008-11-14 18:04 25,600 a------- c:\windows\system32\WS2Fix.exe
2008-11-14 18:04 289,144 a------- c:\windows\system32\VCCLSID.exe
2008-11-14 18:04 288,417 a------- c:\windows\system32\SrchSTS.exe
2008-11-14 18:04 51,200 a------- c:\windows\system32\dumphive.exe
2008-11-14 18:04 53,248 a------- c:\windows\system32\Process.exe
2008-11-13 21:13 <DIR> --d----- c:\program files\Trend Micro
2008-11-05 21:12 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-05 21:12 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2008-11-25 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2008-11-24 21:29 <DIR> --d----- c:\program files\AOL 9.0
2008-11-23 21:30 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2008-11-23 21:29 <DIR> --d----- c:\program files\RegistryFix
2008-11-23 02:12 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-22 15:41 <DIR> --d----- c:\program files\common files\aolshare
2008-11-13 21:08 <DIR> --d----- c:\program files\Windows Live Toolbar
2008-11-01 21:11 <DIR> --d----- c:\docume~1\kemal2\applic~1\mIRC
2008-11-01 20:46 <DIR> --d----- c:\program files\mIRC
2008-10-07 21:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI
2008-10-07 16:39 <DIR> --d----- c:\program files\ATI Technologies
2008-10-03 23:03 <DIR> --d----- c:\docume~1\kemal2\applic~1\Clickteam
2008-03-18 08:11 <DIR> --d----- c:\docume~1\kemal2\applic~1\MSN6
2008-03-04 21:02 <DIR> --d----- c:\docume~1\kemal2\applic~1\Autograph
2008-02-27 11:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Windows Live Toolbar
2008-02-20 16:54 <DIR> --d----- c:\docume~1\kemal2\applic~1\Viewpoint
2008-02-20 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-02-09 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-02-08 20:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2008-02-04 20:03 <DIR> --d----- c:\docume~1\kemal2\applic~1\LG Electronics
2008-02-03 12:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2008-02-03 02:06 <DIR> --d----- c:\docume~1\kemal2\applic~1\PC Tools
2008-02-03 00:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-02-03 00:12 <DIR> --d----- c:\docume~1\kemal2\applic~1\AOL
2008-02-03 00:12 <DIR> --d----- c:\docume~1\kemal2\applic~1\You've Got Pictures Screensaver

============= FINISH: 16:14:40.90 ===============


I also repeated the scan after I received the error and got this new entry in the Attach.txt log:
25/11/2008 16:27:27, error: Srv [2006] - The server received an incorrectly formatted request from \\92.10.230.10.
Probably not related but might as well.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
Last edited by Spy Cookie : 25-Nov-2008 11:51 AM.
Spy Cookie's Avatar
Member with 81 posts.
  
Join Date: Oct 2005
26-Nov-2008, 05:31 PM #30
Extra Information: after the rror message "svchost generated errors and will be cloed etc" the taskbar goes into windows classic mode (white, basic) for about 30 seconds before going back to blue.

I also tried a winsock fix which didn't work.

Apparently this is a way of fixing it which I am going to try...last resort now :

Solution:

Follow these simple steps and your Windows will be fully cured of this menace

Close Port 445:

1. Start Registry Editor (Regedit.exe) by clicking Start menu, and then click the Run icon.
2. In the small box that Opens, type: regedit then click the OK button. The Registry Editor will now have opened.
3. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters
In the right-hand side of the window find an option called TransportBindName.
Double click that value, and then delete the default value, thus giving it a blank value.

Close Port 135:

1. Then you must now navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
2. You will see there is a String Value called: EnableDCOM
Set the value to: N (it should currently be Y)
3. Close the Registry Editor. Shutdown and Restart your computer.

Well thats all but if you want you can disable NETbios.

Update: For whole those who are looking for an alternate solution to fix this error please consider my latest post to Fix Generic Host Error
Closed Thread Bookmark and Share
Page 2 of 4 1 2 34

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 03:46 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.