View Full Version : [LOGS] Help!!
ok its a bit long an boring but here goes.
i installed a CCNA Network Training simulator.
i relised it was crap and i didnt need it.
To uninstall it i went to control panel but the program was not there.
so i went to the directory were the sikmulator was and i delted the folder.
Now everytime i try to open certain programs the CCNA installer openup adn trys to install the program. and stops half way through and then says plz locate the CCAN network simulator.msi
how can i stop this?
ive tried using the foloowing:
Spybot &
http://www.aplusfreeware.com/categories/LFWV/jv16Powertools.html
but no luck!!
also am i allowed to delete the registry called:
Root : HKEY_USERS
Key : S-1-5-21-3484875262-2367799232-3835205148-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache
Entry : C:\WINDOWS\Downloaded Program
Value : WinSoftware InstallerFiles\UWFX6_0001_N68M2301NetInstaller.exe
Root : HKEY_CURRENT_USER
Key : Software\Microsoft\Windows\ShellNoRoam\MUICache
Entry : C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe
Value : WinSoftware Installer
Hi there.
Please provide a log.
Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.
Cheers. :)
--- Search result list ---
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB905915
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52848
MD5: 8500d5c1affd58e1c0a076689f8aa573
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: 07e2751e246bff288c76a86f9ecd9ac0
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 77ed13fd3196ebc7311ccd6899c7488c
Located: HK_LM:RunServices, Media Player
command: wmplayer.exe
file:
Located: HK_LM:RunServices, Microsoft Features
command: ms32cfg.exe
file:
Located: HK_LM:RunServices, msupdates
command: msupdt.exe
file:
Located: HK_LM:RunServices, Print Spooler
command: spools.exe
file:
Located: HK_LM:RunServices, System Uptime Server
command: sysentry32.exe
file:
Located: HK_LM:RunServices, Win32 Configuration
command: videosd32.exe
file:
Located: HK_LM:RunServices, Win32 USB2 Driver
command: winupdate.exe
file:
Located: HK_LM:RunServices, WSSAConfiguration
command: wmmon32.exe
file:
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: Startup (disabled), Adobe Gamma (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 81920
MD5: 97918093dd905f51b2985ea597160b9e
Located: Startup (disabled), PowerReg Scheduler V3 (DISABLED)
command:
file:
Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (disabled), AOL 8.0 Tray Icon (DISABLED)
command: C:\PROGRA~1\AOL8~1.0\aoltray.exe -check
file: C:\PROGRA~1\AOL8~1.0\aoltray.exe
size: 36937
MD5: 0e002fd5def0d2034c584e46838a3f1e
Located: Startup (disabled), Digital Line Detect (DISABLED)
command: C:\PROGRA~1\DIGITA~1\DLG.exe
file: C:\PROGRA~1\DIGITA~1\DLG.exe
size: 24576
MD5: b66e56733e2cd6a10fda5919625fbf46
Located: Startup (disabled), dlbcserv (DISABLED)
command: C:\PROGRA~1\DELLPH~1\dlbcserv.exe
file: C:\PROGRA~1\DELLPH~1\dlbcserv.exe
size: 315392
MD5: d0d1b7429881a2f0465d73e1403b513d
Located: Startup (disabled), GetRight - Tray Icon (DISABLED)
command: C:\PROGRA~1\GetRight\getright.exe
file: C:\PROGRA~1\GetRight\getright.exe
size: 2183168
MD5: f0b26ede7423f3e178d5e3624c415bd1
Located: Startup (disabled), MiniEYE-MiniREAD Launch (DISABLED)
command:
file:
Located: Startup (disabled), palstart (DISABLED)
command:
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, jkhfc
command: C:\WINDOWS\System32\jkhfc.dll
file: C:\WINDOWS\System32\jkhfc.dll
size: 544820
MD5: 5ee4257234bc20f9bbb0abed3f7c8f7d
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 00:47:54
Date (last access): 19/02/2006 13:50:48
Date (last write): 15/05/2003 00:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: C:\Program Files\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 27/11/2004 19:28:32
Date (last access): 19/02/2006 13:50:48
Date (last write): 06/10/2004 10:18:32
Filesize: 233472
Attributes: archive
MD5: 632C1C0A17018A33E5A2D690C51D5B11
CRC32: FBAA0F7D
Version: 5.2.0.0
{502C3BA4-2C3E-4317-BC29-C0445E82B1F9} (PaltalkWebLogin)
BHO name:
CLSID name: PaltalkWebLogin
Path: C:\Program Files\Common Files\Paltalk\
Long name: PaltalkWebLogin.dll
Short name: PALTAL~1.DLL
Date (created): 24/01/2006 15:52:24
Date (last access): 19/02/2006 13:50:48
Date (last write): 26/01/2006 16:15:10
Filesize: 102400
Attributes: archive
MD5: 67A5C26A4B0B958F85592E7A32237F94
CRC32: 4088086E
Version: 1.0.0.1
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 17/02/2006 21:04:54
Date (last access): 19/02/2006 13:50:48
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
BHO name:
CLSID name: PCTools Site Guard
Path: C:\PROGRA~1\SPYWAR~1\tools\
Long name: iesdsg.dll
Short name:
Date (created): 10/01/2006 03:26:14
Date (last access): 19/02/2006 13:47:06
Date (last write): 22/09/2005 15:44:06
Filesize: 622280
Attributes: archive
MD5: 4E2EED24214FCE3DB6D79C0EB14323FA
CRC32: E02DDAE3
Version: 3.0.0.58
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 20/12/2005 22:17:54
Date (last access): 19/02/2006 13:45:40
Date (last write): 08/12/2005 01:21:48
Filesize: 140960
Attributes: archive
MD5: 410562F68C7ECBDD5604D13E7D396862
CRC32: DDE2E05F
Version: 12.1.0.20
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 18/12/2005 22:11:34
Date (last access): 19/02/2006 13:50:48
Date (last write): 08/11/2005 18:43:56
Filesize: 1164800
Attributes: readonly archive
MD5: 238E278572C5CF68BA02FCE1CC26E10E
CRC32: 0FDA8451
Version: 3.0.128.1
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 01:03:46
Date (last access): 19/02/2006 13:50:48
Date (last write): 15/05/2003 01:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
{B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
BHO name:
CLSID name: PCTools Browser Monitor
Path: C:\PROGRA~1\SPYWAR~1\tools\
Long name: iesdpb.dll
Short name:
Date (created): 10/01/2006 03:26:14
Date (last access): 19/02/2006 13:47:04
Date (last write): 04/10/2005 09:43:08
Filesize: 682296
Attributes: archive
MD5: B4D37DD94ED534852E7186DF06F245F7
CRC32: FB4D051F
Version: 3.0.0.265
{CE70731D-F28D-4D81-9D61-C8EE60378401} (MSEvents Object)
BHO name:
CLSID name: MSEvents Object
Path: C:\WINDOWS\System32\
Long name: jkhfc.dll
Short name:
Date (created): 18/11/2005 12:45:00
Date (last access): 19/02/2006 13:44:28
Date (last write): 18/11/2005 12:45:04
Filesize: 544820
Attributes: hidden sysfile
MD5: 5EE4257234BC20F9BBB0ABED3F7C8F7D
CRC32: DC82516B
--- ActiveX list ---
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer:
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 20/12/2005 15:29:26
Date (last access): 10/02/2006 08:22:58
Date (last write): 20/12/2005 15:29:26
Filesize: 409600
Attributes: archive
MD5: D2B462A22F89C8A74B02EDDA130AF616
CRC32: 99C4835D
Version: 7.0.3.50
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer:
Codebase: http://housecall60.trendmicro.com/housecall/xscan60.cab
description:
classification: Legitimate
known filename: xscan60.ocx
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer:
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/12/2004 00:17:14
Date (last access): 18/02/2006 14:42:36
Date (last write): 09/09/2004 14:49:12
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 10.1.0.11
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer:
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 29/08/2005 13:27:12
Date (last access): 19/02/2006 01:09:50
Date (last write): 29/08/2005 13:27:12
Filesize: 520968
Attributes: archive
MD5: 679088DD42AFB105A6DA3F5E876D69B6
CRC32: 80D21320
Version: 1.3.272.0
{1B3E3251-658E-4F03-8881-68302FE3CE9E} ()
DPF name:
CLSID name:
Installer:
Codebase: http://www.winsey.co.uk/friend/Winsey-light.xms
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 26/09/2005 00:03:48
Date (last access): 10/02/2006 08:27:42
Date (last write): 07/11/2004 15:29:46
Filesize: 173168
Attributes: archive
MD5: 4C0658E518FA9D08E884DB717A7087AE
CRC32: FFDA1549
Version: 2004.11.7.1
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer:
Codebase: http://office.microsoft.com/officeupdate/content/opuc2.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 22/03/2005 14:56:36
Date (last access): 19/02/2006 14:02:50
Date (last write): 22/03/2005 14:56:36
Filesize: 326656
Attributes: archive
MD5: 2FED0CFF258E433DF51265F3C2492517
CRC32: 934A46AC
Version: 11.0.6551.0
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer:
Codebase: http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer:
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120672751343
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 03:19:32
Date (last access): 19/02/2006 01:09:16
Date (last write): 26/05/2005 03:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer:
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class)
DPF name:
CLSID name: Install Class
Installer:
Codebase: http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
description:
classification: Open for discussion
known filename: pinstall.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer:
Codebase: http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path:
Long name: blank
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19/11/2003 16:48:18
Date (last access): 18/02/2006 01:16:54
Date (last write): 19/11/2003 16:48:12
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://www.crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer:
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class)
DPF name:
CLSID name: YAddBook Class
Installer: C:\Program Files\Yahoo!\Common\yaddbook.dll
Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
description: Yahoo! Address book
classification: Legitimate
known filename: %ProgramFiles%\Yahoo!\Common\yaddbook.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yaddbook.dll
Short name:
Date (created): 26/01/2004 18:07:58
Date (last access): 10/02/2006 08:27:42
Date (last write): 26/01/2004 18:07:58
Filesize: 212992
Attributes: archive
MD5: FC6C56B920F523FFFD554F10AC50B9B6
CRC32: F209817F
Version: 2004.1.26.1
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element)
DPF name:
CLSID name: ASquaredScanForm Element
Installer:
Codebase: http://www.windowsecurity.com/trojanscan/axscan.cab
Path:
Long name: blank
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19/11/2003 16:48:18
Date (last access): 19/02/2006 14:09:42
Date (last write): 19/11/2003 16:48:12
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 19/02/2006 13:51:04
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{DB893839-10F0-4AF9-92FA-B23528F530AF} ()
DPF name:
CLSID name:
Installer:
Codebase: http://deposito.hostance.net/dialer/604485.exe
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} ()
DPF name:
CLSID name:
Installer:
Codebase: http://download.abacast.com/download/files/abasetup156.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer:
Codebase: http://chat.msn.com/bin/msnchat45.cab
description:
classification: Open for discussion
known filename: MSNChat45.ocx
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
description:
classification: Legitimate
known filename: solitaireshowdown.dll
info link:
info source: Safer Networking Ltd.
Path:
Long name: blank
{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} ()
DPF name:
CLSID name:
Installer:
Codebase: http://66.117.37.13/gbn298.exe
--- Process list ---
PID: 0 ( 0) [System]
PID: 380 ( 4) \SystemRoot\System32\smss.exe
PID: 608 ( 380) \??\C:\WINDOWS\system32\csrss.exe
PID: 632 ( 380) \??\C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 676 ( 632) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 688 ( 632) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 860 ( 676) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 928 ( 676) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 968 ( 676) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1056 ( 676) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1128 ( 676) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1256 ( 676) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: D83658E21A184515CCAD79EEC6EEB05B
PID: 1292 ( 676) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1340 (1256) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: FB6E8BED981B3D2307A874D7001E9FA9
PID: 1456 ( 676) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169584
MD5: 436F416AECA76315EFBB6BCFEA374DEF
PID: 1504 ( 676) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 139936
MD5: 75CDB1A969324A9C121C5586F20CB706
PID: 1536 ( 676) C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
size: 46752
MD5: 3B9526139661337D538FF55D52ADBEAB
PID: 1596 ( 676) C:\Program Files\Spyware Doctor\sdhelp.exe
size: 700928
MD5: 1CE67C541CE77C0A23C0C5F8695103F0
PID: 1672 ( 676) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 214672
MD5: D09CFA6D5866ACBDD75AA3888225DFBA
PID: 1688 ( 676) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160800
MD5: 780DE647691972907D86194577F58C43
PID: 1716 ( 676) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1728 ( 676) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1119888
MD5: 2DCEF866D958573DE3D9960CD72E9A0C
PID: 1792 ( 676) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1840 ( 676) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: 909F2DC0DA7F57D229A05EE90647B2C3
PID: 1956 ( 676) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192112
MD5: 937EB691B1F69936FD6F124B49821E83
PID: 424 (2024) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1180 ( 424) C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: 07E2751E246BFF288C76A86F9ECD9AC0
PID: 1224 ( 424) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52848
MD5: 8500D5C1AFFD58E1C0A076689F8AA573
PID: 1884 ( 424) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 77ED13FD3196EBC7311CCD6899C7488C
PID: 2068 ( 424) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2744 ( 676) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2988 ( 676) C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
size: 749744
MD5: 1CCC0033B886946CB6C1CB8BDC44D322
PID: 3336 ( 676) C:\WINDOWS\System32\msiexec.exe
size: 78848
MD5: F5F0146580E7023ADB963879840777F8
PID: 3388 ( 424) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4024 ( 424) C:\Program Files\Spybot Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3868 ( 860) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19/02/2006 14:09:42
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.euro.dell.com/countries/uk/enu/gen/default.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.euro.dell.com/countries/uk/enu/gen/default.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.euro.dell.com/countries/uk/enu/gen/default.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/en-us/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/en-us/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3732625-84DD-4372-9A74-B2FDDE07CDFE}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3732625-84DD-4372-9A74-B2FDDE07CDFE}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DBA73F6-C8E1-41E9-8A9B-94C802052B08}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DBA73F6-C8E1-41E9-8A9B-94C802052B08}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E775A572-B310-4855-A492-3F2468299251}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E775A572-B310-4855-A492-3F2468299251}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
here is the report zipped as it was too big to attch
Hello.
I am moving your topic to the malware removal forum.
See here for instructions on posting a hjt log:
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)
Copy paste the hjt log into this thread, do not start a new topic.
Someone will assist you as soon as available.
Cheers. :)
now instead of trying to locate the CCAN network simulator.msi, i am gettin the following error
interbal error 2718
{18486b93313E-4319A83F-06F50F91A9C4}
it means that teh installer cant find the program files But how to i stop the installer comin up cos i cant see thr installer for CCNA in the registery?
the hjt log is comin ....sori for delay
ok ive run the online virus scan BUT i cant delete the items found.?
wat do i do....do i carry on with the process of pasting the hjt log?
Here the scan results for HJT log
---
Logfile of HijackThis v1.99.1
Scan saved at 02:36:56, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AntiSpyWare\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\System32\jkhfc.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {039036AA-7710-11D7-ACDA-00B0D094B576} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.winsey.co.uk/friend/Winsey-light.xms
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120672751343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn298.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\System32\jkhfc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
LonnyRJones
2006-02-20, 05:24
Hi
The windows installer is a small issue, we can get back to that later.
Where did these items go ?
Located: HK_LM:RunServices, Media Player
command: wmplayer.exe
file:
Located: HK_LM:RunServices, Microsoft Features
command: ms32cfg.exe
file:
Located: HK_LM:RunServices, msupdates
command: msupdt.exe
file:
Located: HK_LM:RunServices, Print Spooler
command: spools.exe
file:
Located: HK_LM:RunServices, System Uptime Server
command: sysentry32.exe
file:
Located: HK_LM:RunServices, Win32 Configuration
command: videosd32.exe
file:
Located: HK_LM:RunServices, Win32 USB2 Driver
command: winupdate.exe
file:
Located: HK_LM:RunServices, WSSAConfiguration
command: wmmon32.exe
============================
This O2 - BHO: MSEvents Object
Is a sign of an infection called Vundo
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4)
to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two minutes then Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
i counld not complete the online scan be fore goin the hjt scan.:scratch:
---
Logfile of HijackThis v1.99.1
Scan saved at 07:28:05, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\AntiSpyWare\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {039036AA-7710-11D7-ACDA-00B0D094B576} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.winsey.co.uk/friend/Winsey-light.xms
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120672751343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn298.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Here is the VundoFix log
--------
VundoFix V4.2.26
Scan started at 07:08:05 20/02/2006
Listing files found while scanning....
C:\WINDOWS\System32\jkhfc.dll
C:\WINDOWS\System32\cfhkj.ini
C:\WINDOWS\System32\cfhkj.bak2
C:\WINDOWS\System32\cfhkj.ini2
C:\WINDOWS\System32\cfhkj.tmp
C:\WINDOWS\SYSTEM32\cfhkj.ini2
C:\WINDOWS\SYSTEM32\cfhkj.bak2
C:\WINDOWS\SYSTEM32\cfhkj.tmp
C:\WINDOWS\SYSTEM32\cfhkj.ini
C:\WINDOWS\SYSTEM32\cfhkj.ini2
C:\WINDOWS\SYSTEM32\jkhfc.dll
Attempting to delete C:\WINDOWS\System32\jkhfc.dll
C:\WINDOWS\System32\jkhfc.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\cfhkj.ini
C:\WINDOWS\System32\cfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\cfhkj.bak2
C:\WINDOWS\System32\cfhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\cfhkj.ini2
C:\WINDOWS\System32\cfhkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\cfhkj.tmp
C:\WINDOWS\System32\cfhkj.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Hi
Where did these items go ?
i dont no where they went:confused:
LonnyRJones
2006-02-20, 09:35
Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
O3 - Toolbar: (no name) - {039036AA-7710-11D7-ACDA-00B0D094B576} - (no file)
O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn298.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
use your PC for a few hours online, then >
Post a fresh hijackthis log please, be sure to mention any current problems.
For that windows installer prompts and program, CCNA Network Training simulator.
try reinstalling it then if its not in addremove programs to uninstall start the installer again and choose uninstall.
For that windows installer prompts and program, CCNA Network Training simulator.
try reinstalling it then if its not in addremove programs to uninstall start the installer again and choose uninstall.
i will do the about the problem is hat the CCNA does not have an uninstall button or optioni will try to install it agin and check for uninstall but i dont think it has one.
the file
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
is there but the name is slightly diferent it says
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
do i delete it?
LonnyRJones
2006-02-20, 19:17
Yes
I dont see it on any lists as bad but have watched experts recommending it be fixed for quite awhile.
Do post another hijackthis log and mention any problems, even if they do not seam related to spyware..
LonnyRJones u r a dimond, it worked i found the uninstall program and uninstalled it.
i also deleted the other files u asked me to. i had one problem an error came up sayin
"iexplore.exe application error
the intrustion at "0x01s1221c" refernces memory at "0x01d1221c" memory couldnot be read
clcik ok to terminate program"
how ever this only happened once.
Here is the hjt log But i could not finish the online scan it found one ot 2 malware/geyware but could not delete it.
Logfile of HijackThis v1.99.1
Scan saved at 21:00:42, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\AntiSpyWare\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.winsey.co.uk/friend/Winsey-light.xms
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120672751343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
i now hava problem with winfixer problem
Also another problem is my download limits i use to reach is DOWN. i use to get 104kbps downlaods but now i get 40 max
LonnyRJones
2006-02-21, 05:04
With witch online did you have problems ? try an altrenative, panda is a good idea becouse you can save the report afterwards, Kaspersky also
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.
"I now hava problem with winfixer problem"
Explain in more detail please
The winfixer prolem i have is every now and then a message comes up and says somthing like "if ur computer freezes that means u hava irus plese down load winfixer" and then winfixer page comes up. other pops up like aduilt finder also somtimes comes up.
Kaspersky scan results
---------
Scan Statistics
Total number of scanned objects 121016
Number of viruses found 9
Number of infected objects 93
Number of suspicious objects 0
Duration of the scan process 01:59:04
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Admin\.housecall\Quarantine\ie0601a.jar-2d1f1058-18d9c4b0.zip.bac_a01736/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped
C:\Documents and Settings\Admin\.housecall\Quarantine\ie0601a.jar-2d1f1058-18d9c4b0.zip.bac_a01736 ZIP: infected - 1 skipped
C:\Documents and Settings\Admin\.housecall\Quarantine\ie0601a.jar-2d1f1058-18d9c4b0.zip.bac_a01736 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A9E4EDF.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A9E4EDF.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A9E4EDF.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C1D3796.dll Infected: Trojan-Notifier.Win32.OptixPager.SE.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3B3175.EXE Infected: Trojan-Notifier.Win32.OptixPager.SE.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D502244.exe Infected: Backdoor.Win32.Optix.04.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12623F96.cab/UWFX5_0001_N57M2112NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12623F96.cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12623F96.cab CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E1C4D3E.tmp/ATT01.zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E1C4D3E.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E1C4D3E.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC32A87.tmp/New Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC32A87.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC32A87.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED05278.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED05278.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED05278.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EDA506E.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE34E63.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF07654.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF07654.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF07654.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F014842.tmp/New Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F014842.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F014842.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F0E7034.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F0E7034.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F0E7034.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F186E29.tmp/Attachments[001],B64 Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F186E29.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F186E29.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F25161B.tmp/SeX,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F25161B.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F25161B.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F2B6A14.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F2B6A14.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F2B6A14.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F356809.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F356809.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F356809.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F3F65FE.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B5A2A19.tmp/SeX,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B5A2A19.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B5A2A19.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9B71D1.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9B71D1.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9B71D1.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAB43BF.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAB43BF.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAB43BF.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C115950.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C115950.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C115950.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C1E0142.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C1E0142.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C1E0142.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C24553A.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C24553A.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C24553A.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C317D2C.tmp/SeX,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C317D2C.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C317D2C.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448E2367.tmp/ATT01.zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448E2367.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448E2367.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B51083E.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B51083E.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B51083E.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BBD71C8.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BBD71C8.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BBD71C8.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BC76FBD.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BC76FBD.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BC76FBD.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BD16DB2.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BD16DB2.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BD16DB2.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50CE4558.tmp/Attachments[001],B64 Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50CE4558.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50CE4558.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FF3B22.tmp/Attachments,zip Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FF3B22.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FF3B22.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F557EE5.tmp/New Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F557EE5.tmp Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F557EE5.tmp CryptFF: infected - 1 skipped
C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.c skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP455\A0097797.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.v skipped
C:\WINDOWS\SYSTEM32\ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
Scan process completed.
Hijack this Report
------
Logfile of HijackThis v1.99.1
Scan saved at 11:56:36, on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AntiSpyWare\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Eliminator\ee.exe /m
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp\Cleanup.exe /WindowsRestart
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - blank (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.winsey.co.uk/friend/Winsey-light.xms
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120672751343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A91F9DF-1FB1-42EB-B6B6-33E90BF62595}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
LonnyRJones
2006-02-21, 19:52
We can use the option to delete on reboot in hijackthis
Run it click >"config" then "misc tools" >"delete file on reboot"
(exact spelling counts!!! so dont browse)
Copy/Paste th bolded line below into the File name box then click Open,
C:\WINDOWS\SYSTEM32\ddccd.dll
Click yes to the reboot prompt
After the pc has restarted
Post a report from this tool if any files show
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them.....legitimate files can be listed.
02/21/06 20:16:02 [Info]: BlackLight Engine 1.0.32 initialized
02/21/06 20:16:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/21/06 20:16:02 [Note]: 7019 4
02/21/06 20:16:02 [Note]: 7005 0
02/21/06 20:16:14 [Note]: 7006 0
02/21/06 20:16:14 [Note]: 7011 1396
02/21/06 20:16:14 [Note]: FSRAW library version 1.7.1015
02/21/06 20:19:15 [Note]: 7007 0
once i deleted the C:\WINDOWS\SYSTEM32\ddccd.dll no som feaures of my msn 7.5 dont work:
the nudges dont shke the screen and there is no alert when the contcts sign in. where as in the options i have checked those options.
LonnyRJones
2006-02-22, 02:14
Hi
I'm not to familiar with msn software, Vundo as far as i know wouldn't effect it. If the program still having problems after a day or two try starting its uninstaller (via addremove programs) and see if it has an option to repair, if it does not, uninstall it reboot and reinstall
Aprt from the Msn the comptuer is running well......but somtimes my downlaods are slow but aprt from that everything is working fine
thank you very very very very very MUCH:bigthumb:
LonnyRJones
2006-02-23, 06:27
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.
Take care of that PC, :)