Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
Pancake

[*] posted on 27-4-2008 at 23:05
No HJT or Combofix yet..????
Katzy

[*] posted on 27-4-2008 at 12:31
With all those references to Sony, my radar's bleeping "Rootkit"!

I might be well-wrong, though.
LSemmens

[*] posted on 27-4-2008 at 11:55
Hi, tonydimo, welcome to Karls place please post your question in a new thread. If you've read my previous replies to RAA further up this thread you'll see the reasoning.
tonydimo

[*] posted on 27-4-2008 at 11:20
I am having the exact same problem with my pc. Can anyone help me.

thanks

Tony;)
tonydimo

[*] posted on 27-4-2008 at 11:19
Quote:
Originally posted by crj17
I am wickedly infected and do not know what to do. I am receiving a number of pop ups and desk try icons asking me to click the baloon (their spelling) to fix the various problems.

Here are some of the errors I am receiving:


Your computer might be at risk
*Latest software updates not installed
*Incorrect files association
*System appears to hang
*Firewall has errors

Click balloon to fix the problem

-----------------------------------------------------------
Tracking process is activated
**ADDRESS: 0x10A3007B
Can’t deactivate spyware program.

Click baloon to fix the problem

-----------------------------------------------

Your system is unstable.

A problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer, Kernel32x.SYS – Address 0xA73C20AE, error code Co2100, DateStamp 56b836A3, Kernel Debugger on port: COM3 (Port 0x19f, Baud rate 9201)

---------------------------------------------------------------------

I am also frequently receiving these error message types as well:

Iexplore.exe – application error
The instruction at “0x66fe1082” referenced memory at “0x0672d80”. The memory could not be “read”. Click ok to terminate the program.

AND:

SysFader: IE7EXPLORER.EXE – Application Fatal Error
The instruction at 0x01cf34739 referenced memory at 0x02df2e50. The memory could not be read.

And:

SysGuard: spyware process is found
Hidden malicious code is found at 0x3cf3439 address. Data interception can not be stopped.

But perhaps the most insidious of these menaces is the one which suddenly pops up and re-starts my pc.

-------------------------------------------------------------
This system is shutting down.
Please save all work in progress and log off.
Any unsaved changes will be lost.
This shutdown was initiated by My initials / my name

Time before shutdown: (a clock starting at 60 seconds)

Critical System Error. Process: lsass.exe,
Module: kernel 321.dll at address 0x78221981.
Instruction is referenced memerogy at 0x0000000.
Null pointer exception

--------------------------------------------------------------------


Can someone please help me out with this? I'm trying to finish a major paper and this stuff is killing my productivity and my patience.


Thanks,
CJ

LSemmens

[*] posted on 7-4-2008 at 10:41
The reason why I suggest it is to eliminate confusion, your problems may have the same symptoms, but the causes may be quite different. No two computers are configured exactly the same once they leave the factory. If you like, I'll split your thread off so that you don't have to re-type everything.
TooCute4Words

[*] posted on 4-4-2008 at 22:58
Quote:
Originally posted by LSemmens

Hi RAA, welcome to the madhouse, most of us are harmless.


Except some of the smileys hiding Here ;);)
Pancake

[*] posted on 4-4-2008 at 22:51
I will need to see the Combofix log....
Katzy

[*] posted on 4-4-2008 at 20:13
One thing worth trying...

Click "Start" and select "Run". In the box that opens, type "services.msc" and you'll get a new window named "Services".

Scroll down to "Remote procedure Call (RPC)" and double-click on it.

Click the "Recovery" tab.

Make sure all the "failure" entries are set to "Do nothing".

Do the same for "Remote procedure Call (RPC) Locator".
LSemmens

[*] posted on 4-4-2008 at 13:34
Hi RAA, welcome to the madhouse, most of us are harmless. Have a read of the first few topics stickied at the top of this forum, they'll give you some ideas regarding system security and the hows, and whys.

Now, to your problem, please start a new thread in this forum giving us as much detail as you possibly can. A HijackThis log would also assist, too.
Daz

[*] posted on 25-3-2008 at 10:17
Just to get you prepared, while you're waiting for Pancake...

I think Pancake will also ask you to run ComboFix...

Quote:
Originally posted by Pancake

Download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this http://www.bleepingcomputer.com/combofix/how-to-use-combofix Information Page

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst


There's nothing jumping out at me in your HJT log, but I'm no expert, so wait for Pancake to advise further... (He might say don't run ComboFix, you never know...!)

Agree with Leigh though, your log looks strange with so many AV references, and anti spyware products.
LSemmens

[*] posted on 25-3-2008 at 10:03
What security are you running on your computer? I see references to Norton, AVG, Kaspersky and others. The combinations may actually be causing more grief than protecting you. Wait for Pancake, our resident expert, to help you though. Meantime, he will want to know exactly what security you are running are are updates turned on?

Welcome to KF, too.
crj17

[*] posted on 25-3-2008 at 05:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:12 AM, on 03/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\CLIFFO~1\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161970726406
O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll
O20 - Winlogon Notify: hskrqvgf - hskrqvgf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 10658 bytes
Dreamweaver

[*] posted on 25-3-2008 at 02:18
Thank you xx have moved to virus help.
Daz

[*] posted on 25-3-2008 at 01:38
Download Hijack This, FROM HERE, and post the logs for our resident expert to check for you... Read here for advice on how to use HJT
crj17

[*] posted on 24-3-2008 at 20:46
I am wickedly infected and do not know what to do. I am receiving a number of pop ups and desk try icons asking me to click the baloon (their spelling) to fix the various problems.

Here are some of the errors I am receiving:


Your computer might be at risk
*Latest software updates not installed
*Incorrect files association
*System appears to hang
*Firewall has errors

Click balloon to fix the problem

-----------------------------------------------------------
Tracking process is activated
**ADDRESS: 0x10A3007B
Can’t deactivate spyware program.

Click baloon to fix the problem

-----------------------------------------------

Your system is unstable.

A problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer, Kernel32x.SYS – Address 0xA73C20AE, error code Co2100, DateStamp 56b836A3, Kernel Debugger on port: COM3 (Port 0x19f, Baud rate 9201)

---------------------------------------------------------------------

I am also frequently receiving these error message types as well:

Iexplore.exe – application error
The instruction at “0x66fe1082” referenced memory at “0x0672d80”. The memory could not be “read”. Click ok to terminate the program.

AND:

SysFader: IE7EXPLORER.EXE – Application Fatal Error
The instruction at 0x01cf34739 referenced memory at 0x02df2e50. The memory could not be read.

And:

SysGuard: spyware process is found
Hidden malicious code is found at 0x3cf3439 address. Data interception can not be stopped.

But perhaps the most insidious of these menaces is the one which suddenly pops up and re-starts my pc.

-------------------------------------------------------------
This system is shutting down.
Please save all work in progress and log off.
Any unsaved changes will be lost.
This shutdown was initiated by My initials / my name

Time before shutdown: (a clock starting at 60 seconds)

Critical System Error. Process: lsass.exe,
Module: kernel 321.dll at address 0x78221981.
Instruction is referenced memerogy at 0x0000000.
Null pointer exception

--------------------------------------------------------------------


Can someone please help me out with this? I'm trying to finish a major paper and this stuff is killing my productivity and my patience.


Thanks,
CJ