Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackthis Log


  • Please log in to reply

#1
wildfire6299

wildfire6299

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

When my mom tries to open IE it says an unexpected error has occurred. The system info error log says "faulting application iexplore.exe, version 6.0.2900.2180, faulting module webband.dll, version 0.0.0, faul address 0x0000b70d.

She has a dell computer with windows xp. She wasn't up to date when problem started, but she is now has service pack 2 installed. Also, she had McAfee for her virus protection, but it expired. She had no antivirus for a few days. She now has Avast. Avast picked up a virus called win32:apropo (trj), which was delted.

I tried the winsockfix utility, but she still cannot access the internet (she has verizon DSL). Below is the hijackthis log.

Any help would be appreciated. Thank you.

Logfile of HijackThis v1.99.0

Scan saved at 7:03:26 PM, on 2/8/2005

Platform: windows XP sp2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 sp2 (6.00.2900.2180)

Running processes:

C:\WINDOWs\system32\smss.exe C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWs\system32\spoolsv.exe C:\WINDOWS\Explorer.ExE

c:\Program Files\Alwil software\Avast4\aswupdsv.exe c:\Program Files\Alwil software\Avast4\ashServ.exe

c:\Program Files\Microsoft Hardware\Mouse\point32.exe c:\Program Files\QuickTime\qttask.exe C:\PROGRA~l\VERIZO~l\SUPPOR~l\SMARTB~l\MotiveSB.exe C:\PROGRA~1\ALWILs~1\Avast4\ashDisp.exe

c:\program Files\verizon online\supportcenter\bin\mpbtn.exe c:\Program Files\Alwil software\Avast4\ashMaisv.exe C:\WINDOWs\system32\wuauclt.exe

c:\Program Files\HijackThis.exe


hijackthis


R1 - HKCU\software\Microsoft\Internet Explorer\Main,Default_page_uRL = http://smbusiness.dellnet.com/

R1 - HKCU\software\Microsoft\Internet Explorer\Main,search Bar = http://cgi.verizon.n....5&bm=ho_search RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://dslstart.verizon.net/

R1 - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = http://smbusiness.dellnet.com/

RO - HKLM\Software\Microsoft\Internet Explorer\Main,start page = http://smbusiness.dellnet.com/

R1 - HKCU\software\Microsoft\Internet Explorer\Main,start page_bak = http://www.robofind.... ... To Proceed

R1 - HKCU\software\Microsoft\Internet Explorer\Main,window Title = Microsoft Internet Explorer provided by verizon online

R1 - HKCU\software\Microsoft\windows\currentversion\Internet settings,proxyoverride = 127.0.0.1

01 - Hosts: 64.91.255.87 www.dcsresearch.com

02 - BHO: AcroIEHlprobj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3} - c:\program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

02 - BHO: whistleHlprobj class - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - c:\program files\whistlesoftware\wselservices\whistlehelper.dll

02 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\spybot - Search & Destroy\sDHelper.dll

03 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

03 - Toolbar: Try2Find Toolbar - {90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} - c:\program Files\Try2Find\Try2Find.dll

04 - HKLM\..\Run: [POINTER] point32.exe

04 - HKLM\..\Run: [QuickTime Task] "c:\Program Files\QuickTime\qttask.exe" -atboottime

04 - HKLM\..\Run: [Motive smartBridge] C:\PROGRA~l\VERIZO~l\SUPPOR~l\SMARTB~l\MotivesB.exe

04 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

04 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

04 - Global startup: verizon online support Center.lnk = c:\program Files\verizon online\supportcenter\bin\matcli.exe

08 - Extra context menu item: &Define - c:\program Files\common Files\Microsoft shared\Reference 2001\A\ERS-DEF.HTM

08 - Extra context menu item: Look up in &Encyclopedia - c:\Program Files\common

~
hijackthis

Files\Microsoft shared\Reference 2001\A\ERS_ENC.HTM

09 - Extra button: whistle - {220E39C3-B081-4719-ABLA-9A884DCBDOSC} - c:\Program

Files\whistlesoftware\wselservices\webband.dll

09 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\Program

Files\verizon online\verizon online Control Pad\verizoncontrolpad.Exe

09 - Extra 'Tools' menuitem: control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} ­

C:\Program Files\verizon online\verizon online Control pad\verizoncontrolpad.Exe

09 - Extra button: Encarta Encyclopedia - {2FDEF8S3-07S9-11D4-A92E-006097DBED37} ­c:\Program Files\common Files\Microsoft shared\Reference 2001\A\ERS_ENC.HTM

09 - Extra 'Tools' menuitem: Encarta Encyclopedia ­{2FDEF8S3-07S9-11D4-A92E-006097DBED37} - c:\Program Files\common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

09 - Extra button: Define - {SDA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program

Files\common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

09 - Extra 'Tools' menuitem: Define - {SDA9DE80-097A-11D4-A92E-006097DBED37} ­c:\Program Files\Common Files\Microsoft shared\Reference 2001\A\ERS_DEF.HTM

09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-OOCOF0318AFE} ­C:\WINDOWs\system32\shdocvw.dll

09 - Extra button: Messenger - {FBSF1910-F110-11d2-BB9E-OOC04F79S683} - c:\Program

Files\Messenger\msmsgs.exe

09 - Extra 'Tools' menuitem: windows Messenger ­

{FBSF1910-F110-11d2-BB9E-OOC04F79S683} - c:\Program Files\Messenger\msmsgs.exe

016 - DPF: {OE8D0700-7SDF-11D3-8B4A-0008C74S0C4A} (Djvuctl class) ­

http://www.lizardtec...DjvuControl.cab

016 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (patchInstaller.Installer) ­file://D:\content\include\xPpatchInstaller.CAB

016 - DPF: {4ED9DDFO-7479-4BBE-933S-SA1EDB1D8A21} ­

http://download.mcaf...76/mcinsctl.cab

016 - DPF: {8B1BC60S-CS93-486S-8FSB-OSS17FOCDOBB} (MssecurityAdvisorcD class) ­

file://D:\content\include\mssecucd.cab

016 - DPF: {BCCOFF27-31D9-4614-A68E-C18ELADA4389} ­

http://download.mcaf...mgr/en-us/1,0,0, 16/mcgdmgr.cab

023 - Service: avast! iAVS4 control service - unknown - c:\Program Files\Alwil

software\Avast4\aswupdsv.exe

023 - service: avast! Antivirus - unknown - c:\program Files\Alwil Software\Avast4\ashserv.exe

023 - service: avast! Mail Scanner - ALWIL Software - c:\program Files\Alwil

Software\Avast4\ashMaisv.exe
  • 0

Advertisements


#2
kento2k6

kento2k6

    New Member

  • Member
  • Pip
  • 3 posts
Logfile of HijackThis v1.99.0
Scan saved at 5:04:14 PM, on 2/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\netsd32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\sysge32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Documents and Settings\Owner.KENRO\Desktop\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ozsuo.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E7D5FFA-E7D9-4D84-7E3A-1AF27B3E7174} - C:\WINDOWS\appfv32.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [netsd32.exe] C:\WINDOWS\netsd32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileelimi... Eliminator.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...ae0f1/enter.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolba...les/coolbar.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.7.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\sysge32.exe

I am having a problem with dr watson >_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP