Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DrWatsons Problem


  • Please log in to reply

#196
Pantrwrstl

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Not exactly the same problem since ive disabled drwatson, now if i right click on the desktop an explorer error pops up saying

Explorer.EXE Application Error
The instruction at '0x101302c8' referenced memory at "0x00000000". The memory could not be "written".
Click OK to trminate the program

sometimes the numbers are different, sometimes they're the same...

After I click OK the bar on the boton as well as all the desktop icon disapear for about 5 seconds then reappear and it goes back to normal

Edited by Pantrwrstl, 01 June 2005 - 07:03 PM.

  • 0

Advertisements


#197
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and Post a fresh HijackThis log and Let me have a look!

I see we are both here at the same time.....how long you online for today?
  • 0

#198
Pantrwrstl

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
i just kept this page open all night so i would remember to look first thing in the morning, ill be here til about 4est


Logfile of HijackThis v1.99.1
Scan saved at 1:48:29 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Documents and Settings\All Users\Desktop\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite\clean.kmd" /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownloa...n/myv3/myv3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101264785109
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4940B58-3477-435E-9902-34E9FF328239}: NameServer = 209.47.15.118,64.157.143.38,
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

#199
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK....do this for me please!

First....find out what your exact public IP address should be,I need you to get as much specific info as possible!

Next,I want you to use the 30 free free scanner service from SRN Micro and scan the system with that!

http://www.srnmicro....ate/TrySolo.exe

This is a real lite AV Scanner and doesnt take much time to scan!

Under the Options Tab,Select the box to save a report!

Then do a Scan&Delete and see what it finds!

Finally...update me with any relevant information you can think of!

W32/Sdbot.DNP.worm<<< That was the latest new I got and how you got that is what is puzzling me!

Let me know your thoughts!!! :tazz:
  • 0

#200
Pantrwrstl

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
How do i find out my exact IP address should be ... what kind of relevant info do you need, the only thing i can really think of that i havent mentioned is several months ago i did completely format my hard drive as opposed to doing the HP restore that i normally did. With the HP system restore it brought me back to factory settings, the way i got it when i bought it, since ive formatted I can't restore back to that point. I believe ive only had this problem since i formatted. I dont know whtat that does for you but its the only thing i can think of right now
  • 0

#201
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Ahhhh.....When you Re Formatted,I imagine you deleted all Partitions of the Drive!

One Partition is the Recovery Drive!

You would have to call HP to have them walk you through that step!

If you are still getting reinfected or showing signs of Infections,then somehow something has opened a Backdoor!

A true Hack or DNS Protocol Hijack are the 2 most common causes of this!

To determine if you have the Correct IP address for your PC and Location,Call the Internet Provider and have them determine it!

Even if its right,ask them to change it if its not a Static IP!

Have you tried the Scan yet?
  • 0

#202
Pantrwrstl

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
yes i did the scan...

Solo Virus Scanning Report
==========================
______________________________________________
File Name Virus Name Path
______________________________________________

A0004930.exe Trojan.Adware.IncrediSearch C:\System Volume Information\_restore{C2BE38F1-178C-4122-BA0C-AD9F9CE2161A}\RP54
A0004841.exe I-Worm/Fliz.A C:\System Volume Information\_restore{C2BE38F1-178C-4122-BA0C-AD9F9CE2161A}\RP44
A0004840.exe I-Worm/Fliz.A C:\System Volume Information\_restore{C2BE38F1-178C-4122-BA0C-AD9F9CE2161A}\RP44
IF_Remover.exe Trojan.Adware.IncrediSearch C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp
______________________________________________
  • 0

#203
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I-Worm/Fliz.A is a AIM Worm and the one you listed before is from a similar varient,I am wondering if AIM files were saved or transfered when you refromatted?

Or if AIM itself has somehow become Infected!

Is the Computer still real Unstable?
  • 0

#204
Pantrwrstl

Pantrwrstl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
I wouldnt say its unstable, it seems to work fine just the occasional crash if i right click in any folder or the desktop or try to copy and paste onto the desktop
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP