View Full Version : Empty device manager
Hi guys, got a solution to this?
Backround: Few days ago i was going to watch a clip on the internet, a player window opened and said that i needed to dl a required codec, so i did.
After that the problems started, slow computer, popups and everytime i started IE i came to www.safetyhomepage.com/. I also lost my sound.
So i started to fight back with, kaspersky, Ewido, S&D, aproposfix.exe, BitDefender and a some other programs.
A run a program that found something wrong in the registry, (i cant remember the path) but i was something called service.exe that corrupt. So stupid me removed it without any backup... hate myself for that now aftewards. Since i have no backup or any restore points i cant use that.
After a while i gave up and thought, what the hell ill just reinstall it all and make a fresh start.
However when i put in my xp cd i only came to the first meny, (reinstall or repair). When i hit Enter i says that i have no harddrive and after that xp rebooted.
Im no expert as you probably figured out by now, but when i check my hijcak log i found something that probably cause the problem.
O23 - Service: Plug and Play (PlugPlay) - Padus, Inc. - (no file)
That might be the file that i removed right?
At the moment i dont get anymore popups, the problem is that i got a empty device manager and no sound. Computer is also slow.
PANDA SCAN:
Incident Status Location
Adware:adware/cws.yexe Not disinfected c:\messanger.ini
Adware:adware/dollarrevenue Not disinfected c:\windows\enewsletterpro1.dat
Adware:adware/cws.searchmeup Not disinfected c:\windows\uniq
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Na\Cookies\na@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Na\Cookies\na@ad.yieldmanager[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Na\Cookies\na@adserver.filefront[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Na\Cookies\na@adtech[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Na\Cookies\na@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Na\Cookies\na@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Na\Cookies\na@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Na\Cookies\na@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Na\Cookies\na@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Na\Cookies\na@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Na\Cookies\na@burstnet[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Na\Cookies\na@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Na\Cookies\na@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Na\Cookies\na@cgi-bin[5].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Na\Cookies\na@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Na\Cookies\na@dist.belnk[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Na\Cookies\na@gammae[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Na\Cookies\na@go[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Na\Cookies\na@landing.domainsponsor[1].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Na\Cookies\na@malwarewipe[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Na\Cookies\na@maxserving[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Na\Cookies\na@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Na\Cookies\na@outster[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Na\Cookies\na@realmedia[1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Na\Cookies\na@research-int[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Na\Cookies\na@searchportal.information[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Na\Cookies\na@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Na\Cookies\na@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Na\Cookies\na@tribalfusion[1].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Na\Cookies\na@versiontracker[1].txt
Spyware:Cookie/Safetyhomepage Not disinfected C:\Documents and Settings\Na\Cookies\na@www.safetyhomepage[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Na\Cookies\na@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Na\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Na\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Na\Local Settings\Temp\Cookies\na@adtech[1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Na\Local Settings\Temp\Cookies\na@research-int[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Na\Local Settings\Temp\Cookies\na@tradedoubler[1].txt
________________________________________________________
S&D didnt find anything.
________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 09:08:40, on 2006-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~2\OESpamTest.ExE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jiahus] C:\windows\system32\svchqs.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://onoff.vsfl.se/photos/upload/PictureChooser.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131438087848
O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://onoff.vsfl.se/photos/upload/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136264311593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F9C5CB-DB73-4D88-81D8-A88FFBE49AEC}: NameServer = 217.10.96.65,217.10.96.44
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Plug and Play (PlugPlay) - Padus, Inc. - (no file)
Thanks in advance
/Brokk
LonnyRJones
2006-08-19, 10:14
Hi
A run a program that found something wrong in the registry, (i cant remember the path) but i was something called service.exe that corrupt What program was that ?
Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [jiahus] C:\windows\system32\svchqs.exe
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\windows\System32\shdocvw.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post a fresh hijackthis log, be sure to mention any current problems.
Logfile of HijackThis v1.99.1
Scan saved at 05:10:18, on 2006-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system32\Rundll32.exe
C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~2\OESpamTest.ExE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Na\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~2\OESpamTest.ExE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://onoff.vsfl.se/photos/upload/PictureChooser.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131438087848
O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://onoff.vsfl.se/photos/upload/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136264311593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F9C5CB-DB73-4D88-81D8-A88FFBE49AEC}: NameServer = 217.10.96.65,217.10.96.44
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Plug and Play (PlugPlay) - Padus, Inc. - (no file)
Followed the instructions, here is the new log.
Problem: when i type in a url in IE it takes a very long time to get to that page.
LonnyRJones
2006-08-21, 06:52
Hi
Can you asnwer the question, it might help.
Also is device manager still empty ?
I cant remeber what program i used :/
And devicemanager is still empty.
LonnyRJones
2006-08-22, 04:26
Try Kelly's advice here (an MVP)
http://groups.google.com/group/microsoft.public.windowsxp.general/browse_thread/thread/8b8c9bf3c37cd7bf/be3be97675f92a76?lnk=st&q=device+manager+%2B+empty&rnum=1#be3be97675f92a76
If the Device Manager is empty:
Go the Start/Administrative Tools/Services. Scroll down to Plug and Play
Service and stop and restart it. Once done the Device Manager will populate
again.
=======
O23 - Service: Plug and Play (PlugPlay) - Padus, Inc. - (no file)
I assume you had that program installed at one time ?
http://www.padus.com/
I tried to restart the pnp service but get an error message. "The system cant find the path specified"
I cant remeber that i have installed that, but im not sure. I haven´t installed it recently atleast"
LonnyRJones
2006-08-23, 04:57
Do a file search for file services.exe
example >
C:\WINDOWS\$NtServicePackUninstall$\services.exe (99 KB, 3/31/2003 5:00:00 AM)
C:\WINDOWS\ServicePackFiles\i386\services.exe (106 KB, 8/4/2004 1:56:56 AM)
C:\WINDOWS\system32\services.exe (106 KB, 8/4/2004 1:56:56 AM)
===========
Post back your results
Also:
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
alternate download
http://www.geekstogo.com/modules.php?modid=5&action=download&id=80
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log
IMPORTANT: Do NOT run any other options until you are asked to do so!
c:\windows\system32\services.exe 106kb
c:\windows\servicepackfiles\i386\services.exe 106kb
I didn´t get any report.txt in c:\
But i copied the text from program window
____________________________________________
SmitFraudFix v2.81
Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.
Process.exe file missing !
Unzip all the archive in a folder.
Press any key to continue . . .
LonnyRJones
2006-08-23, 11:44
Hi
Go the Start/Administrative Tools/Services. Scroll down to Plug and Play
double click plug and play to bring up the properties page, what does it say in the path to executable field ? what does it say in the startup type field ?
Some antivirus program can inadvertently block smithfraudfix from extracting all the files it needs, reboot into safe mode (not safe mode with networking)and try again please.
Pnp startup type =automatic
And the path is completly empty :confused:
SmitFraudFix v2.81
Scan done at 19:01:32,59, 2006-08-23
Run from C:\Documents and Settings\Na\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Na\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Na\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Brokk
http://forums.spywareinfo.com/index.php?showtopic=83053&st=0&gopid=454155&
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)
Multi forum posters waste valuable volunteer resources, so please don't.
Apart from the fact that taking advice from different people at the same time is not advantageous to your computer; while you are receiving assistance from two helpers at two sites we have other members who are waiting patiently here for advice. :(
Im sorry for that.
I have a kinda unique problem so i thought that i had a better chance of getting the problem solved if others helped also.
Nope, our helpers assist at many sites and confer with others at those sites if need be.
Please decide where you wish to continue to receive assistance for this problem.
Thank you.
I have choosen to continue here.
Ok I will inform Lonny when he returns, but you need to let jurgenv know please.
yea, i have said goodbye to jurgenv in their forum.
LonnyRJones
2006-08-24, 07:56
Are you still seeing safetyhomepage.com, being misdirected when searching or are there more than normal popups any longer ? any other problems ?
delete smithfraudfix,zip and its folder
Download then Install pservcpl
http://p-nand-q.com/e/pserv.html
it will create shortcut in Start (Menu) > Programs > Accessories
called "services and devices", start the program, scroll down to
"Plug and play" right click properties, in the image path field put
C:\WINDOWS\system32\services.exe
click ok, exit pserve and restart your pc.
check device manager and let us know of any problems
Finally it works!
Device manager up and working. Everything is back to normal
Thanks alot guys, very kind of you.
:bigthumb:
LonnyRJones
2006-08-24, 14:43
Good
Post back in a few days to let us know how that pc is, in the meantime keep an eye out for problems.
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.