Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE6 Upgrade on Windows 2000


  • Please log in to reply
6 replies to this topic

#1 BeyondMad

BeyondMad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 02 March 2005 - 06:45 PM

Hello Everybody,

Symptoms:

-Microsoft outlook will not open when I click on email links on web pages when I click on them (using IE5 and components).
-When I try to upgrade to IE6 it does not open any web pages.

I really need to get this sorted out and earn some Bleeping Money!

Cheers,

G. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 23:10:43, on

02/03/2005
Platform: Windows 2000 SP4 (WinNT

5.00.2195)
MSIE: Internet Explorer v5.00 SP4

(5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet

Security\Norton

AntiVirus\navapsvc.exe
c:\winnt\system32\drivers\dll\1\svho

st.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common

Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common

Files\Symantec Shared\ccApp.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program

Files\QuickTime\qttask.exe
C:\Program Files\Private Mail

Reader\PrivateMailReader.exe
C:\Program Files\Instant

Buzz\IBDaemon.exe
C:\WINNT\system32\internat.exe
C:\Program

Files\Yahoo!\Messenger\ypager.exe
C:\Program

Files\LIUtilities\SpeedUpMyPC\speedu

pmypc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
E:\ProgramFiles\Ken Ward's

Zipper\zip4.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Hijac

kThis.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Hijac

kThis.exe

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/c

ustomize/ie/defaults/sp/ymsgr6/uk/*h

ttp://www.yahoo.co.uk
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.co.uk/
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://uk.red.clientapps.yahoo.com/c

ustomize/ie/defaults/su/ymsgr6/uk/*h

ttp://www.yahoo.co.uk
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/c

ustomize/ie/defaults/sb/ymsgr6/uk/*h

ttp://uk.docs.yahoo.com/info/bt_side

.html
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/c

ustomize/ie/defaults/sp/ymsgr6/uk/*h

ttp://www.yahoo.co.uk
R1 -

HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://uk.red.clientapps.yahoo.com/c

ustomize/ie/defaults/su/ymsgr6/uk/*h

ttp://www.yahoo.co.uk
R1 -

HKCU\Software\Microsoft\Internet

Explorer\SearchURL,SearchURL =

http://all-find.net/sp.html
F2 - REG:system.ini:

UserInit=C:\WINNT\system32\Userinit.

exe
O2 - BHO: Yahoo! Companion BHO -

{02478D38-C3F9-4efb-9B51-7695ECA0567

0} -

C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS

\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484

F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BL Class -

{7FE49EAE-AA38-4044-9D10-09DAB477051

F} -

C:\SearchPortal\20040830\popup_bl.dl

l (file missing)
O2 - BHO: (no name) -

{90C95909-E316-46E6-A74A-7373D632C33

9} -

C:\PROGRA~1\PRIVAT~1\BYPASS~1.DLL
O2 - BHO: (no name) -

{B8D60EBB-5565-4392-957B-7164BA087AD

4} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D

6} - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion -

{EF99BD32-C1FB-11D2-892F-0090271D4F8

8} -

C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS

\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Instant Bu&zz -

{7475D3FD-5D85-49DB-8B9B-6968467B2D8

0} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: IEbar Class -

{C4AE573B-8CDB-43F2-892B-3EC2D34C4E6

C} -

C:\SearchPortal\20040830\DimIEbar.dl

l (file missing)
O4 - HKLM\..\Run: [Synchronization

Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [F-StopW]

C:\Program

Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Microsoft Windows

GUI] Windowz.exe
O4 - HKLM\..\Run: [hpfsched]

C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [FRISK

FP-Scheduler] C:\Program

Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv]

E:\PROGRA~1\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp]

"C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe]

C:\Program Files\Norton Internet

Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt]

C:\Program Files\Common

Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec

NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper]

E:\ProgramFiles\iTunesHelper.exe
O4 - HKLM\..\Run:

[PrivateMailReader.exe] C:\Program

Files\Private Mail

Reader\PrivateMailReader.exe -m
O4 - HKLM\..\Run: [Instant Buzz

Daemon] C:\Program Files\Instant

Buzz\IBDaemon.exe
O4 - HKLM\..\RunServices: [Microsoft

Windows GUI] Windowz.exe
O4 - HKCU\..\Run: [Evidence

Eliminator] C:\Program

Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [internat.exe]

internat.exe
O4 - HKCU\..\Run: [MsnMsgr]

"C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access]

rundll32.exe

p2esocks_1025.dll,InstantAccess
O4 - HKCU\..\Run: [Yahoo! Pager]

C:\Program

Files\Yahoo!\Messenger\ypager.exe

-quiet
O4 - Startup: DataKeeper.lnk =

E:\ProgramFiles\DataKeeper.exe
O4 - Global Startup: Microsoft

Office.lnk = C:\Program

Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk

= C:\Program

Files\LIUtilities\SpeedUpMyPC\speedu

pmypc.exe
O8 - Extra context menu item:

&Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Write

a Review... -

http://client.alexa.com/holiday/scri

pt/actions/review.htm
O8 - Extra context menu item: Yahoo!

&Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Instant Buzz -

{066040F0-5018-4E15-8AA0-81D36136D98

9} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0A

D} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0527.

dll
O9 - Extra 'Tools' menuitem: Yahoo!

Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0A

D} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0527.

dll
O9 - Extra button: Related -

{c95fe080-8f5d-11d2-a20b-00aa003c157

a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show

&Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157

a} - C:\WINNT\web\related.htm
O16 - DPF: v2cab -
O16 - DPF: Yahoo! Chat -

http://us.chat1.yimg.com/us.yimg.com

/i/chat/applet/c381/chat.cab
O16 - DPF:

{0594AF7E-573B-40DF-8165-E47AB2EAEFE

8} -

http://akamai.downloadv3.com/binarie

s/P2EClient/EGAUTH_1025_EN.cab
O16 - DPF:

{14B87622-7E19-4EA8-93B3-97215F77A6B

C} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary

/MessengerStatsPAClient.cab28578.cab
O16 - DPF:

{4C39376E-FA9D-4349-BACC-D305C1750EF

3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/acti

vex/EPUWALControl_v1-0-3-18.cab
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162EEEC

5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/S

haredContent/common/bin/cabsa.cab
O16 - DPF:

{74D05D43-3236-11D4-BDCD-00C04F9A3B6

1} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2

004061001/housecall.trendmicro.com/h

ousecall/xscan53.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-22031317559

2} (ZoneIntro Class) -

http://messenger.zone.msn.com/binary

/ZIntro.cab28578.cab
O16 - DPF:

{B9191F79-5613-4C76-AA2A-398534BB899

9} (YAddBook Class) -

http://us.dl1.yimg.com/download.yaho

o.com/dl/installs/suite/autocomplete

.cab
O16 - DPF:

{CE28D5D2-60CF-4C7D-9FE8-0F47A330807

8} (ActiveDataInfo Class) -

https://www-secure.symantec.com/tech

supp/activedata/SymAData.cab
O16 - DPF:

{E77C0D62-882A-456F-AD8F-7C6C9569B8C

7} (ActiveDataObj Class) -

https://www-secure.symantec.com/tech

supp/activedata/ActiveData.cab
O16 - DPF:

{F54C1137-5E34-4B95-95A5-BA56D4D8D74

3} (Secure Delivery) -

http://www.gamespot.com/KDX/zd/kdx.c

ab
O16 - DPF:

{FFFF0003-0001-101A-A3C9-08002B23E0C

C} -

http://direct.data-line.us/gbn842.ex

e
O16 - DPF:

{FFFF0003-0001-101A-A3C9-08002B23E0C

D} -

http://direct.data-line.us/gba208.ex

e
O23 - Service: Symantec Event

Manager (ccEvtMgr) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network

Proxy (ccProxy) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager

Administrative Service (dmadmin) -

VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Management

Adapter (gyat) - Unknown owner -

C:\WINNT\system32\gyat.exe (file

missing)
O23 - Service: Norton AntiVirus Auto

Protect Service (navapsvc) -

Symantec Corporation - C:\Program

Files\Norton Internet

Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: NbtHlp NbtBrigge

(NbtHlp) - Unknown owner -

c:\winnt\system32\drivers\dll\1\svho

st.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program

Files\Norton Internet

Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking

Service (SBService) - Symantec

Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT

~1\SBServ.exe
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec Corporation -

C:\Program Files\Common

Files\Symantec Shared\Security

Center\SymWSC.exe


Mod Edit: This will be moved to a more appropriate Forum.

Edited by scarlett, 03 March 2005 - 01:10 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 PM

Posted 03 March 2005 - 12:45 PM

Can you please post this again, but this time maximize your notepad windows and turn off wordwrap

#3 BeyondMad

BeyondMad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 06 March 2005 - 11:42 AM

Hello,

The Symptoms are:

When computer boots it comes up with the error message "error loading p2esocks_1025.dll-The specified module could not be found."

Yet this has occured after I started having problems upgrading to IE6 several months ago.

IE5:

-Outlook Express will not open when I click on email links on web pages when I click on them (when browsing with IE5).

"Outlook Express could not be started. The application was unable to open the outlook express message store. Your computer maybe out of memory or the disk is full". (this shouldn't be the case perhaps some component is missing?)

IE6

When I try to upgrade to IE6 it does not open any web pages and displays the result: "res://c:WINNT/system32/shdoclc.dll/dnserror.htm"

This started after I had trouble some months ago with the "Iwantsearch" malware hijacking my home page etc.

I hope you will be able to tell what is stopping IE6 from working from this log. Could you please help. I really need to get this sorted out and start to earn some Bleeping Money!

Thank you,

G.

Logfile of HijackThis v1.99.1
Scan saved at 16:41:02, on 06/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\winnt\system32\drivers\dll\1\svhost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Private Mail Reader\PrivateMailReader.exe
C:\Program Files\Instant Buzz\IBDaemon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\ProgramFiles\Ken Ward's Zipper\zip4.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://all-find.net/sp.html
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BL Class - {7FE49EAE-AA38-4044-9D10-09DAB477051F} - C:\SearchPortal\20040830\popup_bl.dll (file missing)
O2 - BHO: (no name) - {90C95909-E316-46E6-A74A-7373D632C339} - C:\PROGRA~1\PRIVAT~1\BYPASS~1.DLL
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: IEbar Class - {C4AE573B-8CDB-43F2-892B-3EC2D34C4E6C} - C:\SearchPortal\20040830\DimIEbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Microsoft Windows GUI] Windowz.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\ProgramFiles\iTunesHelper.exe
O4 - HKLM\..\Run: [PrivateMailReader.exe] C:\Program Files\Private Mail Reader\PrivateMailReader.exe -m
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\RunServices: [Microsoft Windows GUI] Windowz.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1025.dll,InstantAccess
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: DataKeeper.lnk = E:\ProgramFiles\DataKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O16 - DPF: v2cab -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC...UTH_1025_EN.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn842.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gba208.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Management Adapter (gyat) - Unknown owner - C:\WINNT\system32\gyat.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NbtHlp NbtBrigge (NbtHlp) - Unknown owner - c:\winnt\system32\drivers\dll\1\svhost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:04:53 PM

Posted 06 March 2005 - 03:53 PM

When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

I merged your topics.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 PM

Posted 06 March 2005 - 05:46 PM

Do you know what these are?

O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - Startup: DataKeeper.lnk = E:\ProgramFiles\DataKeeper.exe


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://all-find.net/sp.html
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: BL Class - {7FE49EAE-AA38-4044-9D10-09DAB477051F} - C:\SearchPortal\20040830\popup_bl.dll (file missing)
O2 - BHO: (no name) - {90C95909-E316-46E6-A74A-7373D632C339} - C:\PROGRA~1\PRIVAT~1\BYPASS~1.DLL
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: IEbar Class - {C4AE573B-8CDB-43F2-892B-3EC2D34C4E6C} - C:\SearchPortal\20040830\DimIEbar.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Windows GUI] Windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Windows GUI] Windowz.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1025.dll,InstantAccess
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O16 - DPF: v2cab -
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC...UTH_1025_EN.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn842.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gba208.exe
O23 - Service: Windows Management Adapter (gyat) - Unknown owner - C:\WINNT\system32\gyat.exe (file missing)
O23 - Service: NbtHlp NbtBrigge (NbtHlp) - Unknown owner - c:\winnt\system32\drivers\dll\1\svhost.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\SearchPortal\
c:\windows\system32\Windowz.exe
c:\windows\system32\p2esocks_1025.dll
C:\WINNT\system32\gyat.exe
c:\winnt\system32\drivers\dll\1\svhost.exe

Reboot your computer to go back to normal mode and post a new log.

#6 BeyondMad

BeyondMad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 12 March 2005 - 12:51 PM

I did what you said.

In response to your post, I do know IBDaemon.exe is a legitmate reciprical advertsising toolbar and Datakeeper.exe was part of Partition Magic software I used previously. Never the less I still deleted all the checked items. I can always load these programs up again.

Cheers.

Guy


Logfile of HijackThis v1.99.1
Scan saved at 17:43:01, on 12/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Private Mail Reader\PrivateMailReader.exe
C:\Program Files\Instant Buzz\IBDaemon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
E:\ProgramFiles\Ken Ward's Zipper\zip4.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\ProgramFiles\iTunesHelper.exe
O4 - HKLM\..\Run: [PrivateMailReader.exe] C:\Program Files\Private Mail Reader\PrivateMailReader.exe -m
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: DataKeeper.lnk = E:\ProgramFiles\DataKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Management Adapter (gyat) - Unknown owner - C:\WINNT\system32\gyat.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NbtHlp NbtBrigge (NbtHlp) - Unknown owner - c:\winnt\system32\drivers\dll\1\svhost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 PM

Posted 12 March 2005 - 04:12 PM

What do you mean:

a legitmate reciprical advertsising toolbar


Looks ok to me...are your problems gone now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users