Copy the results of the ActiveScan along with a new HiJackThis log.
My Messy Log
#16
Posted 17 March 2006 - 08:47 AM
Copy the results of the ActiveScan along with a new HiJackThis log.
Register to Remove
#17
Posted 18 March 2006 - 05:41 AM
Here is my latest HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:30:39 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpyCatcher 2006\Protector.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Documents and Settings\A\My Documents\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_0/home.html"); (C:\Documents and Settings\A\Application Data\Mozilla\Profiles\default\r9wo24w2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\A\Application Data\Mozilla\Profiles\default\r9wo24w2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {4D2222B2-AE9B-490B-AACB-D8BCD6D6C58D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126990430550
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - http://www.gamespot....ownload/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AE2F13-8896-4A5E-961E-129F51DAA1A9}: NameServer = 63.93.96.20 63.93.96.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AE2F13-8896-4A5E-961E-129F51DAA1A9}: NameServer = 63.93.96.20 63.93.96.21
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
#18
Posted 18 March 2006 - 10:46 AM
You dont have IE?Cannot run ActiveScan. It requires Internet Explorer and does not work with other browsers.
#19
Posted 18 March 2006 - 03:07 PM
Your response : "You don't have IE?"
I still have the same computer problems i have been mentioning all along.
The subject line in my original post mentions Runtime Error and loss of Internet Explorer as a primary problem. I have mentioned how i can no longer do anything where IE is involved in the process or access files that i had saved in IE... always the Runtime Error message.
The following paragraphs are copied from my previous posts:
The frequent explorer-related error message is "Microsoft Visual C++ Runtime Library X Runtime Error! Program:C:\Program Files\Internet Explorer\iexplore.exe The application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information."
Any ideas as to how to regain use of internet explorer? Not only for web browsing; the runtime error message comes up whenever i try to open saved documents, email photos and several other actions where it is involved by default. So that is my priority now.
Your response: http://support.micro...123120121120120
My response: Tried the obvious (to me) things long before i found my way to this forum. The microsoft pages do not address my particular problem. Uninstalling and reinstalling INTERNET EXPLORER does not help, and it does not help to reinstall Sp2. There are entries on google with my specific RUNTIME ERROR message, but none of them i found had the same situation or system... anyway nothing applicable has come up.
***Spybot still gets :"!Error During Check! BackOrifice.B [Datei C:\WINDOWS\wininit.ini kann nicht geoffnet werden." that it cannot access because this phantom file is supposedly in use.
when i press F8 for advanced starting options it just pauses startup.
No advanced start options and that is the only way i know how to get into Safe Mode.
when i go to a new page and click on it , instead the url addresses drop down, until i click on page several times.
Some features of touchpad still disabled, since i got message that computer had detected another device.
Upon startup, it takes a long time for icons to appear on blank desktop.But pages load faster since i ran all those anti-spy programs.
run Ad-Aware, per the forum tutorial instructions. It froze up during every Deep Scan, always stopped at a benign folder of text documents - basic letters written by me in a folder titiled KONG. So i did a Smart Scan, quarantining 1 trojan downloader agent and 67 lesser threats. Then i attempted Deep Scan again but same result of unresponsive computer.
The following paragraphs are from my attempt to use scannow:
When running scannow, Windows file protection demanded i insert the XP cd, which i don't have, just the 3 Compaq QuickRestore disks.
i tried suggestions at updatexp.com . Explored the Restore cds but none of the folder or file names meant anything to me, no folder named 1386.
There is a folder in my computer called C:\1386.
In regedit i went to HKEY_LOCAL.MACHINR\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup and the source path was C:. Changed it to C:\ per the advice at update.com. No difference when i ran scannow again.
Wondered about some registry entries: .dl_ folder and PersistantHandler subfolder in both .dl_ and .dll folders.
#20
Posted 18 March 2006 - 04:40 PM
Let try this one
http://www.trendmicr...tro/default.asp
Important Notes about HouseCall 6.5
HouseCall 6.5 has two independent Core Engines to choose from:
1. The ActiveX Core Engine: to use this engine, please adjust here the IE browser’s Security level to Medium at least and be sure that signed ActiveX objects are enabled.
2. The Java VM Core Engine- to use this engine, please install the Java VM from www.java.com.
#21
Posted 19 March 2006 - 05:47 PM
Edited by nonlinear, 19 March 2006 - 05:50 PM.
#22
#23
Posted 20 March 2006 - 03:46 PM
#24
Posted 20 March 2006 - 07:33 PM
Ensure all the options are unchecked except, include system information in report.
Click view report
Export it to you desktop
Attach or copy paste the log into this topic.
#25
Posted 21 March 2006 - 01:44 AM
Register to Remove
#26
Posted 21 March 2006 - 07:56 AM
#27
Posted 21 March 2006 - 02:10 PM
#28
Posted 21 March 2006 - 10:10 PM
#29
Posted 22 March 2006 - 05:10 AM
#30
Posted 22 March 2006 - 09:08 AM
Note when you try to run
sfc*/purgecache <<<< there is a space where * is
Edited by little eagle, 22 March 2006 - 09:11 AM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users