Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

error 317 & win min


  • Please log in to reply

#1
muzza22au

muzza22au

    Member

  • Member
  • PipPip
  • 10 posts
I think my girlfriends mum's computer has a problem!

I have ran SpybotSD, Adaware SE, Micrpsoft AntiSpyware, Cleanup40 and TDS3!

I have just ran highjackthis and here is the log file!
Any help is appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 3:25:14 PM, on 26/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Services\{DBCFE644-3BD9-475A-9DD0-B5AFB8C53985}\SVCHOST.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Cecchi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://goodfind4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com...5&said=nicket_m
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://goodfind4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://goodfind4u.com/sp.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{DBCFE644-3BD9-475A-9DD0-B5AFB8C53985}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [urbhrot] c:\windows\hfipdsw.exe
O4 - Global Startup: LG Sync Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Cheers!!!
  • 0

Advertisements


#2
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Assuming this is the same Error 317 that says something like:

"Your Windows is corrupted with spyware virus.
You must patch your PC urgently to protect your system.
Private info is accessed by ports
8080
3128
You can patch your PC for free now and delete spyware viruses
Click OK to choose and download free spyware removal using AntiSpy"

If this is the case, then I might have a solution. Others online have posted on various sites saying that by deleting the param32.dll file that can be found in C:\Windows\System32.

I'd save a copy of the param32.dll file in case something goes wrong, just move it to a temporary directory, or maybe onto your desktop. If it causes no problems after moving it, you can delete it.
  • 0

#3
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Assuming this is the same Error 317 that says something like:

"Your Windows is corrupted with spyware virus.
You must patch your PC urgently to protect your system.
Private info is accessed by ports
8080
3128
You can patch your PC for free now and delete spyware viruses
Click OK to choose and download free spyware removal using AntiSpy"

If this is the case, then I might have a solution. Others online have posted on various sites saying that by deleting the param32.dll file that can be found in C:\Windows\System32.

I'd save a copy of the param32.dll file in case something goes wrong, just move it to a temporary directory, or maybe onto your desktop. If it causes no problems after moving it, you can delete it.

View Post


There was no "param32.dll" found under C:\Windows\System32. which I am guessing is a good thing! I have located and deleted "coolwebsearch.searchX" with microsoft AntiSpyware Beta1, and also removed a worm "Torvil" but am still having a problem when shutting down with "Win Min"...

Cheers
  • 0

#4
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Ahh, I see, Win Min is some sort of program...I searched for Error 317 in general and found some sort of Microsoft error, but I see this error is in regards to Win Min...

Could you look in the System32 folder again and tell me if you have either mshts3nb.exe or ipsekwks.dll?
  • 0

#5
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Ahh, I see, Win Min is some sort of program...I searched for Error 317 in general and found some sort of Microsoft error, but I see this error is in regards to Win Min...

Could you look in the System32 folder again and tell me if you have either mshts3nb.exe or ipsekwks.dll?

View Post


Nope niether are present in the System32 folder!

PS I removed this - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com...5&said=nicket_m - Bot it keeps trying to reset itself?

Edited by muzza22au, 26 May 2005 - 02:15 AM.

  • 0

#6
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Have your start page and/or your favorites list in Internet Explorer been altered?
  • 0

#7
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Have your start page and/or your favorites list in Internet Explorer been altered?

View Post


Yes!
  • 0

#8
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Aha, yes, that thing you removed was trying to edit your start page, which answers my question.

Well, this is what I was able to find on the internet:

You have a CoolWebSearch infection. Download CWShredder and save it in it's own folder. Run it and select 'Fix' as opposed to 'Scan only'. CWShredder will fix whatever it finds.

It suggests also running anti-virus software as well as Ad-Aware and SpyBot after using CWShredder.
  • 0

#9
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Found and removed CWS.IEEngine hope this fixes it!

Thanks
  • 0

#10
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
CWS...sounds like CoolWebSearch to me. :tazz:
Hope things are fine now.
  • 0

Advertisements


#11
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

CWS...sounds like CoolWebSearch to me.  :tazz:
Hope things are fine now.

View Post


Just restarted and this had to be ended aswell??? 20D58A7A-F772-4080-A8D8-10F23AEB6C9A any ideas what this is?
  • 0

#12
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Strange...no clue what that is. You'll have to run HiJackThis and look at the log to be able to tell what file/program the numbers 20D58A7A-F772-4080-A8D8-10F23AEB6C9A are referring to.
  • 0

#13
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This has just came back as the home page? "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://daosearch.com/index.php?id=585&said=nicket_m""]http://daosearch.com/index.php?id=585&said=nicket_m"[/url] after I have reset it? BUGGER!!!
  • 0

#14
blingin67

blingin67

    Member

  • Member
  • PipPip
  • 49 posts
Does anything like this show up?

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [qyhridj] c:\windows\nsrwnkk.exe
  • 0

#15
muzza22au

muzza22au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Does anything like this show up?

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [qyhridj] c:\windows\nsrwnkk.exe

View Post



I get this 04 - HKCU\..\Run: [hrfobhf] c:\windows\mkqirmy.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP