run-time error 53

[Paffke]

first of all i'm sorry bout this: http://forums.windrivers.com/showthr...4&page=2&pp=15
i didn't knew.

everytime i start up my PC, i get this run-time error 53 on Sex

i have learned where this evil tis coming from, a friend of mine had gave me a program, to recover my password cause my PC had crashed and i didn't write all my passwords down.

while i was installing this i noticed that something bout it wasn't very legal so i aborted the installation, and began searching for all the filez of that program on that date, on that time, and deleted them.

know i thing everything has been deleted but i still got this run-time error.

so what did i further do:
1. scan with a fully updated ad-aware and spysweeper
2. scan with my fully updated norton antivirus 2003 (license hasn't expired yet)
3. did that housecall scan

they all returned negative on that run-time stuff, i don't have any virus or spyware/malware on my pc

then i got this HijackThis program and scaned my PC, and with the help of google i searched what those .exe things were.
but you can't remove them with that program.

normaly i solve this by checking my registry's but i can't seem to enter my regedit nor regedt32 nor regedit.exe nor regedit.com
even msconfig doens't work anymore.

lets say i'm a bit hopeless now.


this is the fully HijackThis log

Logfile of HijackThis v1.97.7
Scan saved at 8:57:56, on 15/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe
C:\WINDOWS\System32\ASYSMGR.EXE
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Winamp\winamp.exe
D:\Downs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44E050E1-35CF-7A60-4F94-EC20C05B87BE} - C:\PROGRA~1\TimeLess\Sign bolt.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: flap safe plus - {E0327AD8-F546-C7B3-9538-955F54AC7071} - C:\PROGRA~1\TimeLess\Sign bolt.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Application Mgr driver] ASYSMGR.EXE
O4 - HKLM\..\Run: [Pile settings] C:\PROGRA~1\DRIVES~1\Debug live wave.exe
O4 - HKLM\..\Run: [chwin] c:\winnt\hiddenrun.exe chwin.exe
O4 - HKLM\..\Run: [NTSrv] c:\winnt\hiddenrun.exe NTSrv.exe
O4 - HKCU\..\RunOnce: [Application Mgr driver] ASYSMGR.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...ctor/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/bi.../GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...911.1160069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE7CB858-57AC-4181-833B-5C3758697A18}: NameServer = 195.238.2.22 195.238.2.21


i know that crypserv and smss aren't good
according to this

Smss.exe definition

Description:
File smss.exe is related to adware ConfigSys. File smss.exe is related to keylogger Employee Watcher. File smss.exe is related to keylogger ICE Remote Spy. File smss.exe is related to keylogger Is My Mate Cheating Online. File smss.exe is related to keylogger Key Logger Buddy Pro. File smss.exe is related to keylogger KidWatcher. File smss.exe is related to keylogger Spy Software 4 Parents.

found on http://www.2-spyware.com/file-smss-exe.html


do you have any suggestions?

X-cuses me if my english isn't that wel

[NooNoo]

Your english is fine and its no problem about the other post. Just gets confusing when mixed with similar problems.

There are some very interesting things in your log.

smss

I have no details on bolt dll so I suggest you have hijack fix the two entries that mention bolt.dll

ASYSMGR.EXE - assuming you cut and paste then its not a typo and you have another trojan.

O4 - HKLM\..\Run: [chwin] c:\winnt\hiddenrun.exe chwin.exe
O4 - HKLM\..\Run: [NTSrv] c:\winnt\hiddenrun.exe NTSrv.exe

These two are trojans

O17 - HKLM\System\CCS\Services\Tcpip\..\{FE7CB858-57AC-4181-833B-5C3758697A18}: NameServer = 195.238.2.22 195.238.2.21 << have hijack this fix this.

You will need to use repair console to remove some of these files I think... are you on ntfs or fat32?

Oh and remove that friend of yours from your christmas card list.

[Paffke]

OK

HijackThis has fixed: 2 bolt.dll and this
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE7CB858-57AC-4181-833B-5C3758697A18}: NameServer = 195.238.2.22 195.238.2.21


i ran ad-aware and spy-sweeper and norton over the folder c:/winnt and they came out nothing
should i deleted this by hand?
O4 - HKLM\..\Run: [chwin] c:\winnt\hiddenrun.exe chwin.exe
O4 - HKLM\..\Run: [NTSrv] c:\winnt\hiddenrun.exe NTSrv.exe

i checked the folder and this is what's in of files:
bnc > config file
mirc > config file
MISC > config file
remote > config file
xscancon > config file

batch > batch file
batch 2 > batch file

regdel > setup info

administrator > txt
blah > txt

config > exe
config 1 > exe
firedeamon > exe
hiddenrun > exe

cygwin1.dll
moo.dll
rand.dll
msdtc.xiso

so probably i should deleted the hiddenrun.exe?

ASYSMGR.EXE wasn't reconized as an trojan either: so just delete?

i'm not sure, i don't know the difference between ntfs and fat32, on hardware i know jack (i know lot bout software) and google is offline so i can't search for what it is.

i already kicked my friends a** for that stupid prgram


/edit by me: i think i have ntfs, cause it's an win xp computer, right??

[NooNoo]

Two reasons why Norton is happy:

a VIRUS checker does not as a rule check for TROJANS That is why I gave you links about the trojans.

NAV is probably not working since the first thing a trojan and a virus does is protect itself from attack.

So short answer, yes, you need to remove this stuff by hand AND make sure the registry entries are removed too.

[Paffke]

Suddenly i had an idea of installing an old program i used to use:

ace utilities v2.1.0

it came up and said there were trojans, where they were.

it cleaned my registry's, and with the start up manager, i unchecked the trojan, and deleted them later

so it's all fixed:

no runtime error
no trojan

thx a lot mate

greetz

(i will be checking this forum a lot, maybe i can help people in the software section.)

[NooNoo]

[TripleRLtd]

Suddenly i had an idea of installing an old program i used to use:

ace utilities v2.1.0

it came up and said there were trojans, where they were.

it cleaned my registry's, and with the start up manager, i unchecked the trojan, and deleted them later

I am interested about this utility you used. It looks like a password cracker of some sort? But, I didn't go too far with google, so, if you would please provide a link and some info on this tool.

[Paffke]

it's no password cracker of some sort. one day i bought a PC-magazin on how to clean and speed up your PC. that was about 2 years ago, i didn't knew much bout computers back then.

with the magazine was a cd-rom with programs, one of the programs was ace utilities v2.1.0


what it does: i got this from this download site: http://www.freedownloadscenter.com/U...Utilities.html

Ace Utilities is a collection of tools to optimize your system performance and to remove unneeded files and internet tracks. It allows you to find and remove invalid registry entries, delete your application and internet history (plug-in support for 75+ external programs), manage your cookies and more. You can also see what programs start automatically with windows and optionally disable selected items. Furthermore, Ace Utilities includes options to find duplicate files, fix or remove broken shortcuts and to uninstall software. Other features include secure file deletion, disk space analysis, tweaking of hidden settings, an Empty Folder finder and more.


i'm doing a lot of clean up in computer of my family and i always use it. (unfortunatly i didn't think soner bout it for myself)

if you want to i can get the installation file of the cd-rom and mail/send by msn/irc to you. you can use it for 30 days, but....you know.

greetz
and thx again




http://www.freedownloads.be/downloaddetail/174
Ace Utilities is a Collection of System Maintenance Utilities to keep your system in good shape:- Unneeded File Remover - Regain valuable disk space. Registry Cleaner - Faster Windows, like never before ! Startup Organizer - Prevent (spy) applications from running behind your back. History Eraser - Ensure your privacy. Duplicate File Finder - Find and remove TRUE duplicate files. Dead Shortcut Fixer - Fix /remove shortcut/start menu errors. Uninstaller Plus - Uninstall applications correctly Tweak Plus - Customize hidden windows settings Disk Analysis - Analyse your hard disk Delete Forever - Delete files permanently Cookie Manager - Manage cookies Plugin Manager - Erase History of over 75 applications Much much more... All you'll ever need. Your computer will boot faster, and run applications smoothly. It helps you delete internet cache,cookies,temp files, visited page history, and all other recent document info. It is safe,easy ,fast and POWERFUL


interesting to: http://www.dvhardware.net/software/38

[janxaras]

i got problem where when i running internet explorer within 5 minutes there were n error dump physycal memory.any suggestion?

[NooNoo]

Welcome to Windrivers janxaras

Does the machine start again or does it display a blue screen with details about the error on it?
If it restarts, you need to turn off the automatically restart in control panel> system> advanced tab>startup and recovery settings.
Then when it does the physical memory dump, there will be text on the blue screen. Please post everything that is written on the blue screen.

You will then have to turn off and restart your computer