unknown publisher

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Operating Systems > Windows XP Home and Professional

3 Pages

< 1 2 3 >

unknown publisher, Unknown Publisher

Options

Grinler View Member Profile	Mar 13 2005, 07:56 PM Post #16
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Remove the activex controls and the next time you visit a site that requires them, they will automatically reinstall -------------------- Lawrence

ghorfa91 View Member Profile	Mar 14 2005, 04:46 AM Post #17
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	Grinler, how do i go about removing Active X Controls please. Alan

Grinler View Member Profile	Mar 14 2005, 02:30 PM Post #18
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	If you download and run hijackthis.exe you can fix any of the O16 entries. That will remove the activex controls, but make sure you do it why IE is closed. -------------------- Lawrence

ghorfa91 View Member Profile	Mar 24 2005, 04:12 AM Post #19
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	hi grinler, my computer is not letting me run hijackthis.exe. The program opens and it closes immediately. Urgent help needed.

Grinler View Member Profile	Mar 24 2005, 10:05 AM Post #20
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	rename hijackthis.exe to hjt.exe and try again -------------------- Lawrence

Windows... View Member Profile	Mar 27 2005, 03:38 PM Post #21
New Member Group: Members Posts: 14 Joined: 9-March 05 Member No.: 14,012	where would i download the hjt.exe?

Grinler View Member Profile	Mar 27 2005, 04:09 PM Post #22
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	http://www.bleepingcomputer.com/files/hijackthis.php -------------------- Lawrence

ghorfa91 View Member Profile	Mar 28 2005, 01:34 AM Post #23
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	Grinler, it worked. Here is the log file. Logfile of HijackThis v1.99.1 Scan saved at 08:34:05, on 28/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\CMEII\CMESys.exe C:\WINDOWS\addins\explorer\csrss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\GMT\GMT.exe C:\WINDOWS\System32\wisptis.exe C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\hijackthis\Hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsbc.com.mt/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [ SystemDriver] C:\WINDOWS\addins\explorer\csrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.2.4\InstallStub.exe -a O4 - HKCU\..\Run: [_SystemDriver] C:\WINDOWS\addins\explorer\csrss.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C7E7CB61-8381-4FC5-93CB-21103B22B6B5}: NameServer = 212.56.128.132,212.56.128.196 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks for your assistance.

Grinler View Member Profile	Mar 28 2005, 09:09 AM Post #24
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Print out these instructions and then close all windows including Internet Explorer. Reboot your computer into Safe Mode Then I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button: O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [ SystemDriver] C:\WINDOWS\addins\explorer\csrss.exe O4 - HKCU\..\Run: [_SystemDriver] C:\WINDOWS\addins\explorer\csrss.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - Then delete these files or directories (Do not be concerned if they do not exist) C:\Program Files\Common Files\CMEII\ C:\WINDOWS\addins\explorer\csrss.exe C:\Program Files\Common Files\GMT\ Reboot your computer to go back to normal mode and post a new log. -------------------- Lawrence

ghorfa91 View Member Profile	Mar 28 2005, 09:49 AM Post #25
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	Grinler, new hijackthis log file attached. Logfile of HijackThis v1.99.1 Scan saved at 16:47:19, on 28/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Plaxo\2.2.2.4\InstallStub.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\Hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsbc.com.mt/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.2.4\InstallStub.exe -a O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C7E7CB61-8381-4FC5-93CB-21103B22B6B5}: NameServer = 212.56.128.132,212.56.128.196 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Grinler View Member Profile	Mar 28 2005, 05:11 PM Post #26
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Looks good..how does it feel to you? -------------------- Lawrence

ghorfa91 View Member Profile	Mar 29 2005, 01:12 AM Post #27
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	it seems that there is still the altnet points manager running. it is listed in the last log i forwarded. Is that ok?

Grinler View Member Profile	Mar 29 2005, 09:29 AM Post #28
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Altnets is fine. You can disable it when you want, and start when your need to , but its not a bad file. You thin your fixed? -------------------- Lawrence

ghorfa91 View Member Profile	Mar 29 2005, 10:50 AM Post #29
Member Group: Members Posts: 50 Joined: 11-February 05 Member No.: 11,825	THANK YOU.

Grinler View Member Profile	Mar 29 2005, 12:40 PM Post #30
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Log looks clean...great job! Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Next, This process will clean out your Temp files and your Temporary Internet Files. Please do both steps: Step 1:Delete Temp Files To clean out your temp files, click on Start and then run, and type %temp% and press the ok button. This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files. Step 2: Delete Temporary Internet Files Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet Glad I was able to help. -------------------- Lawrence

« Next Oldest · Windows XP Home and Professional · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 06:36 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides