ClassWin32 error

Viruses and worms
1

Peer block is unable to start packeting filter driver here is a list of drivers! Peer Block application will not start provides win 32 class error stating problem with starting packeting filter error!

2

hey I’m no expert on those hijack scan so hope someone else could help you look that through and see if it is any problem with it.

i so in the log that you have online armor firewall installed have you aloud peerguard to be run on the computer or? it could be the online armor that is blocking it to not be able to run.

have you have any broblem before with this setup of your avast+ online armor when running peerguard? or is it just now you have got the problem that you sayed in your post?

3

Your system hase been infected with malware known as Winsock LSP.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully.

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix:
    http://www.bleepingcomputer.com/forums/topic114351.html

Remember to re-enable them afterwards.

  1. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

4

Ok I will run Combo Fix but I hope your not referring to

O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll

That is a known program that speeds up my dial up called traffic compressor. Are you I can safely run sure Combo Fix? Combo Fix is a powerful tool if any rootkits are present it could ruin my machine, I would have to do a reinstall!

5
Combo Fix is a powerful tool if any rootkits are present it could ruin my machine, I would have to do a reinstall!
Drivers are installed in two modes. Kernel and User (userland) mode. A rootkit is a program / dll / sys / driver, which intercepts calls to the kernel mode functions of drivers. Userland rootkits are usually DLL files that are injected into every running process on a computer. dll file usually goes along with the .exe file. Kernel mode rootkit is a driver (sys file), and he is not adhering to the processes / programs, but to the very kernel mode.

You need to run ComboFix to get list of present
service/driver and also list of registry keys, sturtup program files are present and everything else.
HijackThis is a software that is not developed for many years and stayed in place
wile the malware found new ways to install the system.Now do you realize why hijackthis program is not good enough for malwareanalysis.

ComboFix will also mop up the LSP chain if there is a needand to reset the settings.
Legitimate programs will not touch.

6

Here is the combo fix log file

7

Open notepad and copy/paste the text present inside the code box below:


SkipFix::

DirLook::
C:\7guest

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Save this as CFScript.

http://img213.imageshack.us/img213/1218/cfscript1.gif

Close all browser windows and refering to the picture above.
Drag CFScript.txt into Combofix.exe. ComboFix will re-run.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run. When finished, it will produce a log for you.
Copy/paste the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

8

Why is the reduced function file larger?

9

c:\windows[b]Setup1.exe[/b]

Find the file and upload it to VirusTotal for scanning.
http://www.virustotal.com/

If some AntiVirus detects file as malware,delete file manual.

The CF log seems clean and there is no traces of malware. Your PC is clean.

It is necessary to uninstall Combofix

Start >> Run

Combofix /Uninstall

Enter. Then do the following

Open Notepad and Copy/Paste everything from the Code box into Notepad:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="\"C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe\" /nogui"

* Go to[b] File > Save As[/b]
* Save File name as [b]nogui.reg[/b]
* Change Save as Type to [b]All Files[/b] and save the file to your [b]Desktop[/b]
* double-click [b]nogui.reg[/b] on your Desktop
* When it asks if you want to merge the info to the registry, hit YES/OK
  Reboot computer
10

It wont allow me to update the registry! It says the specified file is not a registry script! You can only import binary registry files from within the registry editor!

11

I don’t know why you would need to run this registry file, unless there is a problem with the original or you have no avast tray icon present (see image).

You could also check (search) the registry to see if this entry is already present ?